-
Notifications
You must be signed in to change notification settings - Fork 0
/
encode.py
65 lines (50 loc) · 1.64 KB
/
encode.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env python3
import sys
#check for errors in input
pid = input("Enter PID of Process: ")
readText = input("Enter existing Text: ")
writeText = input("Enter new Text: ")
#error end script
def error():
sys.exit(1)
#find the range of heap from maps
mapsfile = open("/proc/{}/maps".format(pid), "r") #could fail !!
#parsing maps(.txt) for heap info
for line in mapsfile:
currline = line.split()
if "[heap]" in currline:
break
else:
continue
offset, permission = currline[0], currline[1]
#check permissions
if permission[0] == 'r':
print("[*] File is '{}' Readable".format(permission[0]))
else:
print("[*] ERROR: File is '{}' NOT Readable".format(permission[0]))
error()
if permission[1] == 'w':
print("[*] File is '{}' Writeable".format(permission[1]))
else:
print("[*] ERROR: File is '{}' NOT Readable".format(permission[1]))
error()
#note start-end points of heap
addrs = offset.split("-")
addr_start = int(addrs[0], 16)
addr_end = int(addrs[1], 16)
#open mem file in read-write binary
mem_file = open("/proc/{}/mem".format(pid),'rb+') #check of failiure
#move pointer to heap start
mem_file.seek(addr_start)
#convert heap to list of bytes by reading it in one chunk of size(heap)
heap = mem_file.read(addr_end-addr_start) #list of 'bytes' from mem for easy search
#find the string in heap and note index
i = heap.index(bytes(readText,"ASCII")) #check for error!
#move pointer to string location
mem_file.seek(addr_start + i)
#convert writeText to bytes and write to memory
mem_file.write(bytes(writeText,"ASCII"))
print("[*] Memory Write Successful!")
#close files
mapsfile.close()
mem_file.close()