Created
January 2, 2019 01:13
-
-
Save joaoescribano/e9a0ca7c82b6ab3a442ed598a6752970 to your computer and use it in GitHub Desktop.
Find data inside a PID memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os, sys, re, time | |
| from bitstring import ConstBitStream | |
| def getPid(program): | |
| os.system('(pidof ' + program + ') > .tmp') | |
| pid = open('.tmp', 'r').read() | |
| return pid.strip() | |
| def seekData(pid, lookForStr): | |
| maps_file = open("/proc/"+str(pid)+"/maps", 'r') | |
| mem_file = open("/proc/"+str(pid)+"/mem", 'rb') | |
| for line in maps_file.readlines(): | |
| m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line) | |
| if m.group(3) == 'r': | |
| start = int(m.group(1), 16) | |
| end = int(m.group(2), 16) | |
| try: | |
| mem_file.seek(start) | |
| chunk = mem_file.read(end - start) | |
| treta = ConstBitStream(chunk) | |
| bytesArr = bytearray(lookForStr, 'utf-8') | |
| found = treta.find(bytesArr, bytealigned=True) | |
| if found: | |
| print("Found data start offset at byte %d." % found[0]) | |
| s0f0, length, bitdepth, height, width = treta.readlist('hex:16, uint:16, uint:8, 2*uint:16') | |
| print("Width %d, Height %d" % (width, height)) | |
| file = open("mem/mem_dat_" + str(start) + "-" + str(end) + ".dat","w") | |
| treta.pos = found[0] | |
| data = [] | |
| while treta.pos <= (found[0] + 256): | |
| tmp = treta.read(8).uint | |
| data.append(chr(tmp)) | |
| file.write(''.join(data)) | |
| file.close() | |
| except: | |
| print("Data could not be read at the momemnt, skiping") | |
| maps_file.close() | |
| mem_file.close() | |
| pid = getPid('Tibia/client') | |
| seekData(pid, "Character Name") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment