-
Notifications
You must be signed in to change notification settings - Fork 33
CommandLineUsage
$ haystack --help
usage: StructFinder [-h] [--string] [--debug] [--interactive] [--nommap]
(--pid PID | --memfile MEMFILE)
structType {search,refresh} ...
>$ haystack --help >usage: StructFinder [-h] [--string] [--debug] [--interactive] [--nommap] > (--pid PID | --memfile MEMFILE) > structType {search,refresh} …
Parse memory structs and pickle them.
positional arguments: structType Structure type name {search,refresh} sub-command help search search help refresh refresh help
optional arguments: -h, --help show this help message and exit --string Print results as human readable string --debug setLevel to DEBUG --interactive drop to python command line after action --nommap disable mmap()-ing --pid PID Target PID --memfile MEMFILE Use a memory dump instead of a live process ID
$ sudo haystack --pid 26725 sslsnoop.ctypes_openssh.session_state refresh 0xb8b70d18 > instance.pickled
$ sudo haystack --pid 26725 <your ctypes Structure > search > instance.pickled `