当前位置: 首页>>代码示例>>Python>>正文


Python Memory.getMemory方法代码示例

本文整理汇总了Python中Memory.getMemory方法的典型用法代码示例。如果您正苦于以下问题:Python Memory.getMemory方法的具体用法?Python Memory.getMemory怎么用?Python Memory.getMemory使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Memory的用法示例。


在下文中一共展示了Memory.getMemory方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
	state = ()
	handle2 = handle = -1
	if call == 'socketcall':
	    if args[0] > sockettable_num:
		raise 'Trying to do invalid socketcall?'
	    subcall, pattern = sockettable[args[0]]
	    nargs = len(pattern)
	    if debug: print 'Doing ', subcall, ' with ', nargs, ' parameters', 
	    params = Memory.getMemory(pid).peek(args[1], nargs*4)
	    params = list(params)

	    curfd = -1
	    addrlen = -1

	    for i in range(len(pattern)):
		if pattern[i] == 'l':
		    if debug: print 'Getint returned ', getint(params, i*4)
		    addrlen = getint(params, i*4)
# Note: this is not true for unix domain sockets
#		    assert getint(params, i*4) == 16, '== %s' % getint(params, i*4)

	    for i in range(len(pattern)):
		if pattern[i] == 'f':
		    curfd = getint(params, i*4)
		    if debug: print '(fd = ', curfd, ')',

		if pattern[i] == 'A':
		    paddr = getint(params, i*4)
#		    print 'Call = ', subcall
		    address = Memory.getMemory(pid).peek(paddr, addrlen)
		    #address = list(address) # WHY?
		    if not self.checkaddress(self.fdmap[pid][curfd], address, addrlen, call):
			return (None, -errno.EPERM, None, None)
		    if debug: print 'Address is ', address
		    handle2, addr2 = scratch.alloc_bytes(address, addrlen)
		    if debug: print 'Addr = %x' % addr2
		    setint(params, i*4, addr2)
		    if addr2 != getint(params, i*4):
			raise 'addr2 not equal to getint'

	    handle, addr = scratch.alloc_bytes(params, nargs*4)
	    if subcall == 'socket':
		state = ( getint(params, 0), getint(params, 4), getint(params, 8) )

	    if subcall == 'connect':
#	        assert 0
		pass

	    if subcall == 'bind':
		print 'Trying to bind'
		return (None, -errno.EPERM, None, None)

	    if subcall == 'invalid_call':
		raise 'Invalid socket call'

	    if debug: print state, '... copied them to ',
	    if debug: print '%x' % addr
	return ((subcall, handle, handle2, state), None, None, (args[0], addr))
开发者ID:pombredanne,项目名称:subterfugue,代码行数:61,代码来源:NetTrick.py

示例2: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
        sign = _callaccess[call]
        if not isinstance(sign, types.TupleType):
            if not call == 'socketcall' or not self._net:
                if not self._quiet:
                    print '%s denied' % call
                return (None, -errno.EPERM, None, None)
            return

        if (call == 'open'
            and args[1] & FCNTL.O_ACCMODE == FCNTL.O_RDONLY):
            sign = ('r',)

        getarg = Memory.getMemory(pid).get_string

        for i in range(len(sign)):
            if sign[i]:
                s = sign[i][0]
                assert s == 'r' or s == 'w'
                if s == 'r':
                    a = self._read
                    op = 'read'
                else:
                    a = self._write
                    op = 'write'
                followlink = len(sign[i]) < 2
                assert followlink or sign[i][1] == 'l'
                p = getarg(args[i])
                r = _access(pid, p, followlink, a)
                if r == -1:
                    if not self._quiet:
                        print '%s deny (%s): %s' % (op, call, repr(p))
                    return (None, -errno.EACCES, None, None)
                elif r != 0:
                    return (None, -r, None, None)
开发者ID:pombredanne,项目名称:subterfugue,代码行数:37,代码来源:SimplePathSandboxTrick.py

示例3: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
        '''
        Entry point for the trick.
        @return: None
        '''
        m = Memory.getMemory(pid)
        arg_mem_addr_path = args[0]
        arg_flags = args[1]
        arg_mode = args[2]
        
        try:
            filename = m.get_string( arg_mem_addr_path )
        except:
            pass
        else:
        
            if not self._is_library( filename ):
            
                local_filename = self._download_file( filename )

                area, area_size = m.areas()[0]
                m.poke(area, local_filename + '\0')
        
                return (None, None, None, (area, arg_flags, arg_mode) )
        
        return None
开发者ID:andresriancho,项目名称:w3af-misc,代码行数:28,代码来源:RemoteOpenTrick.py

示例4: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
 def callbefore(self, pid, call, args):
     if call == 'open':
         getarg = Memory.getMemory(pid).get_string
         if getarg(args[0]) == "/dev/tty":
             assert self.ttyfd == None, "tried to open /dev/tty twice"
             return (1, None, None, None)
     elif call == 'close':
         if self.ttyfd == args[0]:
             self.ttyfd = None
     elif call == 'read':
         if args[0] == self.ttyfd:
             buf = args[1]
             count = args[2]
             count = min(count, len(self.guess))
             if not count:
                 sys.exit("ran out of guess")
             m = Memory.getMemory(pid)
             m.poke(buf, self.guess[:count])
             self.guess = self.guess[count:]
             return (None, count, None, None)
开发者ID:pombredanne,项目名称:subterfugue,代码行数:22,代码来源:GuessPasswordTrick.py

示例5: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
	if call == 'mmap':
	    params = Memory.getMemory(pid).peek(args[0], 24)
	    params = list(params)
	    start = getint(params, 0)
	    len = getint(params, 4)
	    if self.check(start, len) != (1, None, None, None):
		return (None, -errno.EPERM, None, None)
	    # Notice >>12 in expression below. Ouch. mmap and mmap2 have subtly different parameters!
	    return (1, None, 'mmap2', (start, len, getint(params, 8), getint(params, 12), getint(params, 16), getint(params, 20)>>12) )
#	    return (1, None, None, None)
	    
	if call == 'munmap' or call == 'mremap' or call == 'mmap2':
	    return self.check(args[0], args[1])
	raise 'Unknown syscall?'
开发者ID:pombredanne,项目名称:subterfugue,代码行数:17,代码来源:NoMunmapTrick.py

示例6: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
	global nchildren, lastpid, lastbrk, grace
	if call == 'mmap2':
	    assert 0, 'mmap2 -- what is that?'
	if call == 'fork' or call == 'vfork' or call == 'clone':
	    nchildren = nchildren + 1
	    print 'SANDBOX NUMPROC ', nchildren
	    if nchildren > self.maxproc:
		raise 'Too much processes'
	    return (1, None, None, None)
	if call == '_exit':
	    nchildren = nchildren - 1
	    print 'SANDBOX NUMPROC ', nchildren
	    return (1, None, None, None)

	# We allow real number to be one meg too low
	if (call == 'brk'):
	    if (pid == lastpid) and ((args[0]-lastbrk)<grace):
#	    print 'short path'
	    	return (0, None, None, None)
	    else:
	        lastbrk = args[0]
	        return (1, None, None, None)

	if (call == 'munmap'):
	    return (0, None, None, None)

	if (call == 'mmap2'):
	    return self.mmap(pid, args[1])

	if (call == 'mmap'):
	    params = Memory.getMemory(pid).peek(args[0], 8)
	    params = list(params)
# People can actually play races on us at this point.
# But as this is only Denial of Service protection, and as race succeeds
# only very seldom, it is probably not important.
# If you want to avoid races, use another trick to convert mmap into mmap2
	    return self.mmap(pid, getint(params, 4))

	raise 'Impossible: unknown syscall in DoStrick'
开发者ID:pombredanne,项目名称:subterfugue,代码行数:42,代码来源:DoSTrick.py

示例7: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
        sign = self.callaccess[call]
	tofree = [-1] * 6
        if not isinstance(sign, types.TupleType):
	    return (tofree, None, None, None)

        mem = Memory.getMemory(pid)
        getarg = mem.get_string
	cargs = args[:]
        for i in range(len(sign)):
            followlink = len(sign[i]) < 2
            assert followlink or sign[i][1] == 'l'
            p = getarg(args[i])
	    p = self.mappath(p) # This is still not quite good -- user could pass /home////johanka and bypass this
	    p = tricklib.canonical_path(pid, p, followlink) # Resolve to FQN
	    if not isinstance(p, types.StringType):
#		print 'Panic: what to do when canonical path fails:', p, '(', getarg(args[i]), ')'
# FIXME: We need to kill it in order to prevent bad races. But killing it means problems for creat!
		return (tofree, -p, None, None)
	    p = self.mappath(p)
	    tofree[i], cargs[i] = scratch.alloc_str(p)
 
        # don't mess with creation of relative symlinks
        if call=='symlink':
            if mem.get_string(args[0])[0] != '/':
                cargs[0] = args[0]

	if call=='open':
# FIXME:
# if we allow user to do ln -s a b without permissions for a, and
# user tries to access /tmp/b/local/bin...
#	    cargs[1] = cargs[1] | os.O_NOFOLLOW
	    cargs[1] = cargs[1] | 0400000	# Not supported by python, yet. This is true for 386

	if call=='creat':
	    print "Creat disabled, should be modified to open"
	    return (tofree, -errno.EFAULT, None, None)	# Creat should be rewritten to open()
	return (tofree, None, None, cargs)
开发者ID:pombredanne,项目名称:subterfugue,代码行数:40,代码来源:ArgTrick.py

示例8: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
 def callbefore(self, pid, call, args):
     assert call == 'access'
     if Memory.getMemory(pid).get_string(args[0]) == '/dev/dsp':
         #sys.stderr.write('blocking access to /dev/dsp')
         return (None, -errno.EACCES, None, None)
开发者ID:pombredanne,项目名称:subterfugue,代码行数:7,代码来源:FixFlashTrick.py

示例9: callbefore

# 需要导入模块: import Memory [as 别名]
# 或者: from Memory import getMemory [as 别名]
    def callbefore(self, pid, call, args):
	"""Semantics of protection:

	Protection is based (unlike unix) on absolute pathnames, and
	(also unlike unix) allow read/write works applies to whole
	subtree. If process may write to something, right to read from
	it is granted automagically. [FIXME: either fix code so that
	we can deny read but allow write, or make reads allowed
	explicitly]

	allow * applies to whole patch components. That means that
	allow read /a does not grant rights to /amaya. [Other matching
	methods could be introduced, like regular expressions, if they
	seem handy].

	For operations like unlink, write access is needed for object
	being unlinked (unlike unix, where no access is needed to
	object and write access is needed to its directory).

	For hardlink operation, write access is required for source
	(unlike unix, where no access is needed). This is because
	attacker could link file somewhere it has write access and
	because permissions apply to subtrees, he could write to it
	under new name.

	It does not make sense to make rules like allow write /foo,
	deny write /foo/bar/baz, because attacker could mv bar haha,
	and write to /foo/haha/baz. (Allow write /foo, deny write
	/foobar should be safe, though). Generally, once you granted
	write access to subtree, do not try to use deny (anything
	inside tree).
	"""

        sign = self.callaccess[call]
        if not isinstance(sign, types.TupleType):
            if not call == 'socketcall' or not self._net:
                if not self._quiet:
                    print '%s denied' % call
                return (None, -errno.EPERM, None, None)
            return

        if (call == 'open'
            and args[1] & FCNTL.O_ACCMODE == FCNTL.O_RDONLY):
            sign = ('r',)

        getarg = Memory.getMemory(pid).get_string

        for i in range(len(sign)):
            if sign[i]:
                s = sign[i][0]
		if s == 'n': continue
                assert s == 'r' or s == 'w'
                if s == 'r':
                    a = self._read
                    op = 'read'
                else:
                    a = self._write
                    op = 'write'
                followlink = len(sign[i]) < 2
                assert followlink or sign[i][1] == 'l'
                p = getarg(args[i])
                r = self.access(pid, p, call, op, followlink, a)

		res = self.onaccess(pid, call, r, op, p)
		if res != 'cont':
		    return res;
开发者ID:pombredanne,项目名称:subterfugue,代码行数:68,代码来源:BoxTrick.py


注:本文中的Memory.getMemory方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。