bridgeythegeek · May 9, 2016 16:07
diff --git a/mml.py b/mml.py
 import argparse
 import cmd
 import os
 import sys

 class MML(cmd.Cmd):
    """Handy lookup for Volatility's memmap output"""

    def __init__(self, map_file):
        cmd.Cmd.__init__(self)
        self._map_file = map_file
        self._map = list()
        self._read_map()

    def _read_map(self):
        with open(self._map_file, 'rb') as f:
            lines = f.readlines()
        if not 'pid:' in lines[0]:
            sys.stderr.write('"pid:" exepected in line 1 - missing')
            sys.exit(1)
        proc_name, pid = [x.strip() for x in lines[0].split('pid:')]
        self.prompt = '{}[{}]> '.format(proc_name, pid)
        for line in lines[3:]:
            entry = [x.strip() for x in line.split(' ') if len(x) > 1]
            self._map.append([int(x, 16) for x in entry])

    def do_EOF(self, line):
        return True

    def do_map(self, line):
        print self._map_file

    def help_map(self):
        print 'Prints the name of the loaded memmap file.'

    def do_d(self, row):
        i = int(row)
        print 'Row {:<5}: {}'.format(i, self._map[i])

    def help_d(self):
        print "Usage: d i\ni: row offset\nPrints decimal values for row i from the map."

    def do_x(self, row):
        i = int(row)
        print 'Row {:<5}: {}'.format(i, [hex(x) for x in self._map[i]])

    def help_x(self):
        print "Usage: x i\ni: row offset\nPrints hex values for row i from the map."

    def do_l(self, i):
        offset = int(i, 16) if i.startswith('0x') else int(i)
        for x in xrange(0, len(self._map)):
            if self._map[x][3] > offset:
                self.do_x(x-1)
                e = self._map[x-1]
                print 'Hex: {:#x}'.format(e[0] + (offset - e[3]))
                print 'Dec: {:}'.format(e[0] + (offset - e[3]))
                break

    def help_l(self):
        print "Usage: l file-offset\nfile-offset (decimal or hex): dump file offset\nLookup the virtual address from the dump file offset."

 if __name__ == '__main__':

    argparser = argparse.ArgumentParser();
    argparser.add_argument('map')
    args = argparser.parse_args()

    if not os.path.isfile(args.map):
        sys.stderr.write('file not found: {}\n'.format(args.map))
        sys.exit(1)

    MML(args.map).cmdloop()
	import argparse
	import cmd
	import os
	import sys

	class MML(cmd.Cmd):
	"""Handy lookup for Volatility's memmap output"""

	def __init__(self, map_file):
	cmd.Cmd.__init__(self)
	self._map_file = map_file
	self._map = list()
	self._read_map()

	def _read_map(self):
	with open(self._map_file, 'rb') as f:
	lines = f.readlines()
	if not 'pid:' in lines[0]:
	sys.stderr.write('"pid:" exepected in line 1 - missing')
	sys.exit(1)
	proc_name, pid = [x.strip() for x in lines[0].split('pid:')]
	self.prompt = '{}[{}]> '.format(proc_name, pid)
	for line in lines[3:]:
	entry = [x.strip() for x in line.split(' ') if len(x) > 1]
	self._map.append([int(x, 16) for x in entry])

	def do_EOF(self, line):
	return True

	def do_map(self, line):
	print self._map_file

	def help_map(self):
	print 'Prints the name of the loaded memmap file.'

	def do_d(self, row):
	i = int(row)
	print 'Row {:<5}: {}'.format(i, self._map[i])

	def help_d(self):
	print "Usage: d i\ni: row offset\nPrints decimal values for row i from the map."

	def do_x(self, row):
	i = int(row)
	print 'Row {:<5}: {}'.format(i, [hex(x) for x in self._map[i]])

	def help_x(self):
	print "Usage: x i\ni: row offset\nPrints hex values for row i from the map."

	def do_l(self, i):
	offset = int(i, 16) if i.startswith('0x') else int(i)
	for x in xrange(0, len(self._map)):
	if self._map[x][3] > offset:
	self.do_x(x-1)
	e = self._map[x-1]
	print 'Hex: {:#x}'.format(e[0] + (offset - e[3]))
	print 'Dec: {:}'.format(e[0] + (offset - e[3]))
	break

	def help_l(self):
	print "Usage: l file-offset\nfile-offset (decimal or hex): dump file offset\nLookup the virtual address from the dump file offset."

	if __name__ == '__main__':

	argparser = argparse.ArgumentParser();
	argparser.add_argument('map')
	args = argparser.parse_args()

	if not os.path.isfile(args.map):
	sys.stderr.write('file not found: {}\n'.format(args.map))
	sys.exit(1)

	MML(args.map).cmdloop()