| Re: [fusil] [PATCH] python-ptrace: following a byte string across a program's execution |
[ Thread Index |
Date Index
| More lists.tuxfamily.org/fusil Archives
]
Hi,
> attached you will find a small patch that allows one to "follow" a
> sequence of bytes (a regular string or a byte string) across the
> execution of a program.
I commited your patch and added your name to the AUTHORS list.
I changed MemoryMapping.search() to reuse process.readBytes() instead of
opening directly /proc/pid/mem: process.readBytes() works on any OS
supporting ptrace and has optimized versions for Linux and FreeBSD.
> At any point during the debugging of the program, one can use the
> "xray" command to inspect the memory of all debugged processes
> for instances of the "followed" terms:
>
> (gdb) xray
> (...)
I also noticed that MemoryMapping.search() reads the whole mapping into
memory! It's ok if the mapping is smaller than 100 MB, but if it's bigger it
may causes a MemoryError!
> The "pointers: " clause, shows the addresses of possible pointers
> pointing to a "followed" term.
--
> It seems that python-ptrace has some serious potential in the field
> of taint analysis :-)
Well, I commited your patch but I don't need today.
It would be nice to have "search a byte string in memory mappings" and "search
a pointer to address ... in memory mappings" commands (functions already
implemented for xray). Eg. "search bytes 'pattern'" and "search pointer
0x8f0cfd0a". If these functions exist in gdb, it would nice (for
interoperability) to reuse the same names.
--
Victor Stinner aka haypo
http://www.haypocalc.com/blog/