Skip to content

Home

Jump to bottom Edit New page
trolldbois edited this page Jul 8, 2011 · 3 revisions

[[GUI usage]]

[[Dumpfile format]]

Run in a python script :

>>> import haystack
>>> haystack.findStruct( pid , 'ctypes.c_int')
>>> haystack.findStruct( pid , 'ctypes_example.big_struct')

not so FAQ :

What does it do ?:

The basic functionnality is to search in a process' memory maps for a specific C Structures.

How do it knows that the structures is valid ? :

You add some constraints ( expectedValues ) on the fields. Pointers are also a good start.

Where does the idea comes from ? :

use http://www.hsc.fr/ressources/breves/passe-partout.html.fr to get keys use http://pauldotcom.com/2010/10/tsharkwireshark-ssl-decryption.html or http://www.rtfm.com/ssldump/ to read streams use scapy, because it’s fun ? but we need IP reassembly . pynids could be more useful…​ dsniff is now in python ? flowgrep use python.

What are the dependencies ? :

python-ptrace

Add a custom footer
Add a custom sidebar
Clone this wiki locally