d4gh0s7 · April 10, 2019 18:36
diff --git a/trace_proc_mem.py b/trace_proc_mem.py
 #!/usr/bin/env python
 # """
 # Here is a tool to access the memory of a given pid.
 # far from being perfect, you cam adjust it to your environment.
 # Validate the args before using this chunk in real life.
 # d4gh0s7
 # """
 import ctypes, re, sys
 import argparse

 # construct the argument parse and parse the arguments
 ap = argparse.ArgumentParser()
 ap.add_argument("-p", "--pid", required=True,
                help="process id to dump")
 args = vars(ap.parse_args())

 ## Partial interface to ptrace(2), only for PTRACE_ATTACH and PTRACE_DETACH.
 c_ptrace = ctypes.CDLL("libc.so.6").ptrace
 c_pid_t = ctypes.c_int32 # This assumes pid_t is int32_t
 c_ptrace.argtypes = [ctypes.c_int, c_pid_t, ctypes.c_void_p, ctypes.c_void_p]
 def ptrace(attach, pid):
    op = ctypes.c_int(16 if attach else 17) #PTRACE_ATTACH or PTRACE_DETACH
    c_pid = c_pid_t(pid)
    null = ctypes.c_void_p()
    err = c_ptrace(op, c_pid, null, null)
    if err != 0:
        assert isinstance(err, object)
        print(err)

 pid = args["pid"]

 ptrace(True, int(pid))
 maps_file = open("/proc/"+pid+"/maps", 'r')
 mem_file = open("/proc/"+pid+"/mem", 'r', 0)
 for line in maps_file.readlines():  # for each mapped region
    m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
    if m.group(3) == 'r':  # if this is a readable region
        start = int(m.group(1), 16)
        end = int(m.group(2), 16)
        mem_file.seek(start)  # seek to region start
        chunk = mem_file.read(end - start)  # read region contents
        print(chunk),  # dump contents to standard output
 maps_file.close()
 mem_file.close()
 ptrace(False, int(pid))
	#!/usr/bin/env python
	# """
	# Here is a tool to access the memory of a given pid.
	# far from being perfect, you cam adjust it to your environment.
	# Validate the args before using this chunk in real life.
	# d4gh0s7
	# """
	import ctypes, re, sys
	import argparse

	# construct the argument parse and parse the arguments
	ap = argparse.ArgumentParser()
	ap.add_argument("-p", "--pid", required=True,
	help="process id to dump")
	args = vars(ap.parse_args())

	## Partial interface to ptrace(2), only for PTRACE_ATTACH and PTRACE_DETACH.
	c_ptrace = ctypes.CDLL("libc.so.6").ptrace
	c_pid_t = ctypes.c_int32 # This assumes pid_t is int32_t
	c_ptrace.argtypes = [ctypes.c_int, c_pid_t, ctypes.c_void_p, ctypes.c_void_p]
	def ptrace(attach, pid):
	op = ctypes.c_int(16 if attach else 17) #PTRACE_ATTACH or PTRACE_DETACH
	c_pid = c_pid_t(pid)
	null = ctypes.c_void_p()
	err = c_ptrace(op, c_pid, null, null)
	if err != 0:
	assert isinstance(err, object)
	print(err)

	pid = args["pid"]

	ptrace(True, int(pid))
	maps_file = open("/proc/"+pid+"/maps", 'r')
	mem_file = open("/proc/"+pid+"/mem", 'r', 0)
	for line in maps_file.readlines(): # for each mapped region
	m = re.match(r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r])', line)
	if m.group(3) == 'r': # if this is a readable region
	start = int(m.group(1), 16)
	end = int(m.group(2), 16)
	mem_file.seek(start) # seek to region start
	chunk = mem_file.read(end - start) # read region contents
	print(chunk), # dump contents to standard output
	maps_file.close()
	mem_file.close()
	ptrace(False, int(pid))