-
Notifications
You must be signed in to change notification settings - Fork 33
CommandLineUsage
trolldbois edited this page Jul 8, 2011
·
4 revisions
$ haystack --help
usage: StructFinder [-h] [--string] [--debug] [--interactive] [--nommap]
(--pid PID | --memfile MEMFILE)
structType {search,refresh} ...
Parse memory structs and pickle them.
positional arguments:
structType Structure type name
{search,refresh} sub-command help
search search help
refresh refresh help
optional arguments:
-h, --help show this help message and exit
--string Print results as human readable string
--debug setLevel to DEBUG
--interactive drop to python command line after action
--nommap disable mmap()-ing
--pid PID Target PID
--memfile MEMFILE Use a memory dump instead of a live process ID
As an example, let’s open a ssh to localhost :
$ sudo haystack --pid 26725 sslsnoop.ctypes_openssh.session_state search > instance.pickled $ sudo haystack --pid 26725 sslsnoop.ctypes_openssh.session_state refresh 0xb8b70d18 > instance.pickled $ sudo haystack --pid 26725 your_ctypes_Structure search > instance.pickled