Class: Metasm::WindowsRemoteString

Inherits:

VirtualString

Object
VirtualString
Metasm::WindowsRemoteString

show all

Defined in:: lib/metasm/os/windows.rb

Instance Attribute Summary collapse

#handle ⇒ Object

Returns the value of attribute handle.

Attributes inherited from VirtualString

#addr_start, #length, #pagecache, #pagecache_len

Class Method Summary collapse

.open_pid(pid, access = nil) ⇒ Object

Instance Method Summary collapse

#dup(addr = @addr_start, len = @length) ⇒ Object
#get_page(addr, len = @pagelength) ⇒ Object
#initialize(handle, addr_start = 0, length = nil) ⇒ WindowsRemoteString constructor

returns a virtual string proxying the specified process memory range reads are cached (4096 aligned bytes read at once) writes are done directly (if handle has appropriate privileges).
#rewrite_at(addr, data) ⇒ Object

Methods inherited from VirtualString

#=~, #[], #[]=, #cache_get_page, #empty?, #index, #invalidate, #method_missing, #page_invalid?, #read_range, #realstring, #to_str, #write_range

Constructor Details

#initialize(handle, addr_start = 0, length = nil) ⇒ `WindowsRemoteString`

returns a virtual string proxying the specified process memory range reads are cached (4096 aligned bytes read at once) writes are done directly (if handle has appropriate privileges)

# File 'lib/metasm/os/windows.rb', line 1676

def initialize(handle, addr_start=0, length=nil)
  @handle = handle
  length ||= 1 << (WinOS.open_process_handle(@handle).addrsz rescue 32)
  super(addr_start, length)
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Metasm::VirtualString

Instance Attribute Details

#handle ⇒ `Object`

Returns the value of attribute handle.



1671
1672
1673

# File 'lib/metasm/os/windows.rb', line 1671

def handle
  @handle
end

Class Method Details

.open_pid(pid, access = nil) ⇒ `Object`

# File 'lib/metasm/os/windows.rb', line 1656

def self.open_pid(pid, access = nil)
  if access
    handle = WinAPI.openprocess(access, 0, pid)
  else
    handle = WinAPI.openprocess(WinAPI::PROCESS_ALL_ACCESS, 0, pid)
    if not handle
      puts "cannot openprocess ALL_ACCESS pid #{pid}, try ro" if $VERBOSE
      handle = WinAPI.openprocess(WinAPI::PROCESS_VM_READ, 0, pid)
    end
  end
  raise "OpenProcess(#{pid}): #{WinAPI.last_error_msg}" if not handle

  new(handle)
end

Instance Method Details

#dup(addr = @addr_start, len = @length) ⇒ `Object`



1682
1683
1684

# File 'lib/metasm/os/windows.rb', line 1682

def dup(addr = @addr_start, len = @length)
  self.class.new(@handle, addr, len)
end

#get_page(addr, len = @pagelength) ⇒ `Object`

# File 'lib/metasm/os/windows.rb', line 1690

def get_page(addr, len=@pagelength)
  page = [0].pack('C')*len
  return if WinAPI.readprocessmemory(@handle, addr, page, len, 0) == 0
  page
end

#rewrite_at(addr, data) ⇒ `Object`



1686
1687
1688

# File 'lib/metasm/os/windows.rb', line 1686

def rewrite_at(addr, data)
  WinAPI.writeprocessmemory(@handle, addr, data, data.length, nil)
end