-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathispelunk.py
79 lines (68 loc) · 2.33 KB
/
ispelunk.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import socket
import struct
import io
class ISpelunkClient:
def __init__(self, host = "localhost", port = 31337):
self._host = host
self._port = port
try:
self._sock = socket.socket()
self._sock.connect((self._host, self._port))
data = self._sock.recv(16)
self._kernelBase, self._kaslr = struct.unpack("QQ", data)
except socket.error as err:
print("Cannot connect to server: %s" % (err))
raise err
except struct.error as err:
print("Could not decode hello cmd arguments: %s" % (err))
raise err
def close(self):
self._sock.close()
def hexDump(self, data, address, fmt):
FormatData = {
'b': (16, 'B', '%02x', 1),
'w': (16, '<H', '%04x', 2),
'd': (8, '<I', '%08x', 4),
'q': (4, '<Q', '%016x', 8)
}
dataview = io.BytesIO(data)
datalen = len(data)
while dataview.tell() != datalen:
toget = FormatData[fmt][0]
line = "%016x: " % address
address += toget*FormatData[fmt][3]
dump = list()
for i in range(toget):
x = dataview.read(FormatData[fmt][3])
if len(x) > 0:
x = struct.unpack(FormatData[fmt][1], x)
dump.append(FormatData[fmt][2] % x)
if len(dump) > 0:
line += ' '.join(dump)
print(line)
def readMemory(self, address, length):
msg = struct.pack("<BQI", ord('r'), address, length)
self._sock.sendall(msg)
stream = io.BytesIO()
bytesWritten = 0
while bytesWritten < length:
bytesWritten += stream.write(self._sock.recv(4096))
return stream.getvalue()
def writeMemory(self, address, data):
length = len(data)
msg = struct.pack("<BQI%ds" % length, ord('w'), address, length, data)
self._sock.sendall(msg)
@property
def port(self):
return self._port
@property
def host(self):
return self._host
@property
def kernelBase(self):
return self._kernelBase
@property
def kaslr(self):
return self._kaslr
def __repr__(self):
return "kernelBase: 0x%16x - kaslr: 0x%08x" % (self._kernelBase, self._kaslr)