本文整理汇总了Python中winappdbg.Process.strings方法的典型用法代码示例。如果您正苦于以下问题:Python Process.strings方法的具体用法?Python Process.strings怎么用?Python Process.strings使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.Process的用法示例。
在下文中一共展示了Process.strings方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: strings
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import strings [as 别名]
def strings( pid ):
# Instance a Process object.
process = Process( pid )
# For each ASCII string found in the process memory...
for address, size, data in process.strings():
# Print the string and the memory address where it was found.
print "%s: %s" % ( HexDump.address(address), data )示例2: find_meterpreter_trace
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import strings [as 别名]
def find_meterpreter_trace(pid,rateLimit):
if (System.arch == 'i386' and System.bits==32):
try:
meterpreter_trace_keywords = [['stdapi_railgun_api',False],
['stdapi_railgun_api_multi',False],
['stdapi_railgun_memread',False],
['stdapi_railgun_memwrite',False]
]
process = psutil.Process(pid)
if (process.is_running() and process.name()=='java.exe'):
meterpreter_trace_keywords = [['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_fs_file',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_tcp_client',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_tcp_server',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_udp_client',False]
]
except Exception,e:
pass #suppress no process name
#print "Searching in",pid
foundIndex = 0
process = Process(pid)
line = 0
#For each ASCII string found in the process memory...
for address, size, data in process.strings():
#print "%s: %s" % (HexDump.address(address),data)
data = data.strip()
if (data.find(meterpreter_trace_keywords[foundIndex][0]) >= 0):
meterpreter_trace_keywords[foundIndex][1] = True
mdlog.print_console(mdlog.SUCCESS_LEVEL,(meterpreter_trace_keywords[foundIndex][0]))
foundIndex += 1
if foundIndex > len(meterpreter_trace_keywords)-1:
break
line += 1
if (line > rateLimit):
return False
if foundIndex < 3:
#print "Found: %d" , foundIndex
return False
else:
found = True
for trace in meterpreter_trace_keywords:
found = found and trace[1]
return found示例3: System
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import strings [as 别名]
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p, n in pl:
print "\t%s: %s" % (p.get_pid(), n)
return
pid = pl[0][0].get_pid()
s.clear()
del s
p = Process(pid)
for address, size, data in p.strings():
if data.endswith("\0"):
data = data[:-1]
print "%s: %r" % (HexDump.address(address), data)
if __name__ == "__main__":
try:
import psyco
psyco.bind(main)
except ImportError:
pass
main()