Skip to content

Instantly share code, notes, and snippets.

@dutc

dutc/image_write.py

Created August 22, 2017 00:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save dutc/2cc5de0d2f8877b8f463b86e8bd5231d to your computer and use it in GitHub Desktop.
Save dutc/2cc5de0d2f8877b8f463b86e8bd5231d to your computer and use it in GitHub Desktop.
Download ZIP
/proc/self/mem allows arbitrary access to image virtual memory
Raw
image_write.py
from os.path import realpath
from sys import executable
from re import compile
from logging import getLogger, basicConfig, INFO
logger = getLogger(__name__)
basicConfig(level=INFO)
#4f2616000-4f2618000 r-xp 00000000 fe:02 3467051 /usr/bin/python3.6
PATTERN = compile('^([0-9a-f]+)-([0-9a-f]+).+$')
def main():
x = b'==sentinel value=='
y = b'==xxxxxxxxxxxxxx=='
logger.info(f'BEFORE: x = {x!r}')
logger.info(f'BEFORE: y = {y!r}')
memory_ranges = []
with open('/proc/self/maps') as f:
for line in f:
from_addr, to_addr = PATTERN.search(line).groups()
from_addr, to_addr = int(from_addr, 16), int(to_addr, 16)
memory_ranges.append((from_addr, to_addr))
memory_offsets = []
with open('/proc/self/mem', 'rb') as f:
for from_addr, to_addr in memory_ranges:
try:
f.seek(from_addr)
buf = f.read(to_addr - from_addr)
offset = from_addr + buf.index(x)
memory_offsets.append(offset)
except Exception as e:
pass
with open('/proc/self/mem', 'wb') as f:
for offset in memory_offsets:
try:
f.seek(offset)
f.write(y)
logger.debug(f'wrote {y} at {offset}')
except Exception as e:
pass
logger.info(f'AFTER: x = {x!r}')
logger.info(f'AFTER: y = {y!r}')
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment