From de305c003e15bad254e92054d17a0655215bdfb8 Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Fri, 27 Apr 2018 16:22:34 +0430 Subject: relicensed everything excluding safercpp to GPL-3.0. fixes #31. now there is ramdump. i just need to write a luawrapper. --- bruiser/ramdump.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 bruiser/ramdump.c (limited to 'bruiser/ramdump.c') diff --git a/bruiser/ramdump.c b/bruiser/ramdump.c new file mode 100644 index 0000000..e481583 --- /dev/null +++ b/bruiser/ramdump.c @@ -0,0 +1,87 @@ + +/***************************************************Project Mutator****************************************************/ +/*first line intentionally left blank.*/ +/*bruiser's ram dump module*/ +/*Copyright (C) 2018 Farzad Sadeghi + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 3 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +/***********************************************************************************************************/ +#include +#include +#include +#include +#include +#include +#include +#include +/***********************************************************************************************************/ +FILE* dump_memory_region(FILE* pMemFile, uint64_t start_address, uint64_t length) { + FILE* out_file; + uint64_t address; + int pageLength = 4096; + unsigned char page[pageLength]; + fseeko(pMemFile, start_address, SEEK_SET); + + for (address=start_address; address < start_address + length; address += pageLength) { + fread(&page, 1, pageLength, pMemFile); + fwrite(&page, 1, pageLength, out_file); + } +} + +FILE* dump_ram(unsigned int pid) { + long ptraceResult = ptrace(PTRACE_ATTACH, pid, NULL, NULL); + if (ptraceResult < 0) { + printf("ramdump: unable to attach to the pid specified\n"); + return NULL; + } + wait(NULL); + + char mapsFilename[1024]; + char proc_str[6]; + sprintf(proc_str, "%d", pid); + sprintf(mapsFilename, "/proc/%s/maps", proc_str); + FILE* pMapsFile = fopen(mapsFilename, "r"); + char memFilename[1024]; + sprintf(memFilename, "/proc/%s/mem", proc_str); + FILE* pMemFile = fopen(memFilename, "r"); + char line[256]; + FILE* out_file; + while (fgets(line, 256, pMapsFile) != NULL) { + uint64_t start_address; + uint64_t end_address; + sscanf(line, "%08lx-%08lx\n", &start_address, &end_address); + dump_memory_region(pMemFile, start_address, end_address - start_address); + } + + fclose(pMapsFile); + fclose(pMemFile); + + ptrace(PTRACE_CONT, pid, NULL, NULL); + ptrace(PTRACE_DETACH, pid, NULL, NULL); + return out_file; +} + +#pragma weak main +int main(int argc, char **argv) { + if (argc != 2) { + printf("you were supposed to type in the int value"); + return 1; + } + int pid = atoi(argv[1]); + FILE* out_file = dump_ram(pid); +} +/***********************************************************************************************************/ +/*last line is intentionally left blank*/ + -- cgit v1.2.3