From 682a524a53de2dc4e70c27ddf7f166bf5f36727e Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Sat, 24 Mar 2018 17:40:53 +0430 Subject: update --- compile_commands.json | 6 +-- main.c | 88 -------------------------------------- makefile | 12 ++---- ramdump.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 123 insertions(+), 99 deletions(-) delete mode 100644 main.c create mode 100644 ramdump.c diff --git a/compile_commands.json b/compile_commands.json index e0edd02..a1cf60f 100644 --- a/compile_commands.json +++ b/compile_commands.json @@ -1,7 +1,7 @@ [ { - "command": "cc -c -o main.o main.c", - "directory": "/home/bloodstalker/devi/abbatoir/hole68", - "file": "/home/bloodstalker/devi/abbatoir/hole68/main.c" + "command": "cc -c -o ramdump.o ramdump.c", + "directory": "/home/bloodstalker/extra/MemDump", + "file": "/home/bloodstalker/extra/MemDump/ramdump.c" } ] \ No newline at end of file diff --git a/main.c b/main.c deleted file mode 100644 index 8bdd992..0000000 --- a/main.c +++ /dev/null @@ -1,88 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -void dump_memory_region(FILE* pMemFile, unsigned long start_address, long length, int serverSocket) { - unsigned long address; - int pageLength = 4096; - unsigned char page[pageLength]; - fseeko(pMemFile, start_address, SEEK_SET); - - for (address=start_address; address < start_address + length; address += pageLength) { - fread(&page, 1, pageLength, pMemFile); - if (serverSocket == -1) { - fwrite(&page, 1, pageLength, stdout); - } else { - send(serverSocket, &page, pageLength, 0); - } - } -} - -int main(int argc, char **argv) { - if (argc == 2 || argc == 4) { - int pid = atoi(argv[1]); - long ptraceResult = ptrace(PTRACE_ATTACH, pid, NULL, NULL); - if (ptraceResult < 0) { - printf("Unable to attach to the pid specified\n"); - return 1; - } - wait(NULL); - - char mapsFilename[1024]; - sprintf(mapsFilename, "/proc/%s/maps", argv[1]); - FILE* pMapsFile = fopen(mapsFilename, "r"); - char memFilename[1024]; - sprintf(memFilename, "/proc/%s/mem", argv[1]); - FILE* pMemFile = fopen(memFilename, "r"); - int serverSocket = -1; - if (argc == 4) { - unsigned int port; - int count = sscanf(argv[3], "%d", &port); - if (count == 0) { - printf("Invalid port specified\n"); - return 2; - } - - serverSocket = socket(AF_INET, SOCK_STREAM, 0); - if (serverSocket == -1) { - printf("Could not create socket\n"); - return 3; - } - - struct sockaddr_in serverSocketAddress; - serverSocketAddress.sin_addr.s_addr = inet_addr(argv[2]); - serverSocketAddress.sin_family = AF_INET; - serverSocketAddress.sin_port = htons(port); - if (connect(serverSocket, (struct sockaddr *) &serverSocketAddress, sizeof(serverSocketAddress)) < 0) { - printf("Could not connect to server\n"); - return 4; - } - } - char line[256]; - while (fgets(line, 256, pMapsFile) != NULL) { - unsigned long start_address; - unsigned long end_address; - sscanf(line, "%08lx-%08lx\n", &start_address, &end_address); - dump_memory_region(pMemFile, start_address, end_address - start_address, serverSocket); - } - - fclose(pMapsFile); - fclose(pMemFile); - - if (serverSocket != -1) { - close(serverSocket); - } - - ptrace(PTRACE_CONT, pid, NULL, NULL); - ptrace(PTRACE_DETACH, pid, NULL, NULL); - } else { - printf("%s \n", argv[0]); - printf("%s \n", argv[0]); - exit(0); - } -} diff --git a/makefile b/makefile index 9d04274..814a88c 100644 --- a/makefile +++ b/makefile @@ -1,4 +1,4 @@ -TARGET=main +TARGET=ramdump CC=clang CC?=clang CC_FLAGS= @@ -7,13 +7,9 @@ CC_FLAGS+=$(CC_EXTRA) .DEFAULT:all clean -.PHONY:all clean $(TARGET) help dirs +.PHONY:all clean help dirs -all: dirs $(TARGET) - -dirs: - if [[ ! -d obj ]]; then mkdir obj;fi - if [[ ! -d libs ]]; then mkdir libs;fi +all: $(TARGET) .c.o: $(CC) $(CC_FLAGS) -c $< -o $@ @@ -22,7 +18,7 @@ android: export NDK_PROJECT_PATH=`pwd` ndk-build -$(TARGET): main.o +$(TARGET): $(TARGET).o $(CC) $^ $(LD_FLAGS) -o $@ clean: diff --git a/ramdump.c b/ramdump.c new file mode 100644 index 0000000..6e6dc08 --- /dev/null +++ b/ramdump.c @@ -0,0 +1,116 @@ + +/*first line is intentionally left blank*/ +/***********************************************************************************************************/ +#include +#include +#include +#include +#include +#include +#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__) +#include +#include +#include +#endif +#if defined(__linux__) || defined(__ANDROID__) +#include +#include +#include +#endif +/***********************************************************************************************************/ +#if defined(_WIN32) || defined(_WIN64) || defined(__CYGWIN__) +DWORD access = PRCOESS_VM_READ | PROCESS_QUERY_INFORMATION | PRCOESS_VM_WRITE | PRCOESS_VM_OPERATION; +HANDLE proc = OpenProcess(access, FALSE, pid); +void dump_memory_region() { + void* addr; + size_t written; + ReadProcessMemory(proc, addr, &value, sizeof(value), &written); +} + +void write_memory_region(proc, addr, &value, sizeof(value), &written) {} +#endif + +#if defined(__linux__) || defined(__ANDROID__) +void dump_memory_region(FILE* pMemFile, unsigned long start_address, long length, int serverSocket) { + unsigned long address; + int pageLength = 4096; + unsigned char page[pageLength]; + fseeko(pMemFile, start_address, SEEK_SET); + + for (address=start_address; address < start_address + length; address += pageLength) { + fread(&page, 1, pageLength, pMemFile); + if (serverSocket == -1) { + fwrite(&page, 1, pageLength, stdout); + } else { + send(serverSocket, &page, pageLength, 0); + } + } +} +#endif + +int main(int argc, char **argv) { + if (argc == 2 || argc == 4) { + int pid = atoi(argv[1]); + long ptraceResult = ptrace(PTRACE_ATTACH, pid, NULL, NULL); + if (ptraceResult < 0) { + printf("Unable to attach to the pid specified\n"); + return 1; + } + wait(NULL); + + char mapsFilename[1024]; + sprintf(mapsFilename, "/proc/%s/maps", argv[1]); + FILE* pMapsFile = fopen(mapsFilename, "r"); + char memFilename[1024]; + sprintf(memFilename, "/proc/%s/mem", argv[1]); + FILE* pMemFile = fopen(memFilename, "r"); + int serverSocket = -1; + if (argc == 4) { + unsigned int port; + int count = sscanf(argv[3], "%d", &port); + if (count == 0) { + printf("Invalid port specified\n"); + return 2; + } + + serverSocket = socket(AF_INET, SOCK_STREAM, 0); + if (serverSocket == -1) { + printf("Could not create socket\n"); + return 3; + } + + struct sockaddr_in serverSocketAddress; + serverSocketAddress.sin_addr.s_addr = inet_addr(argv[2]); + serverSocketAddress.sin_family = AF_INET; + serverSocketAddress.sin_port = htons(port); + if (connect(serverSocket, (struct sockaddr *) &serverSocketAddress, sizeof(serverSocketAddress)) < 0) { + printf("Could not connect to server\n"); + return 4; + } + } + char line[256]; + while (fgets(line, 256, pMapsFile) != NULL) { + unsigned long start_address; + unsigned long end_address; + sscanf(line, "%08lx-%08lx\n", &start_address, &end_address); + dump_memory_region(pMemFile, start_address, end_address - start_address, serverSocket); + } + + fclose(pMapsFile); + fclose(pMemFile); + + if (serverSocket != -1) { + close(serverSocket); + } + + ptrace(PTRACE_CONT, pid, NULL, NULL); + ptrace(PTRACE_DETACH, pid, NULL, NULL); + } else { + printf("%s \n", argv[0]); + printf("%s \n", argv[0]); + exit(0); + } +} +/***********************************************************************************************************/ +/*last line is intentionally left blank*/ + -- cgit v1.2.3