[git] Wincetools - branch, master, updated. dc902c726e960e8c3699228832c774811a8841b6
by Marcus Brinkmann
cvs at cvs.gnupg.org
Mon Jan 31 14:04:17 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "UNNAMED PROJECT".
The branch, master has been updated
via dc902c726e960e8c3699228832c774811a8841b6 (commit)
from 17222082d64b404748f3fdc89bfa297180ed2e74 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dc902c726e960e8c3699228832c774811a8841b6
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date: Mon Jan 31 13:43:16 2011 +0100
Show processes, too, and write results to fixed filename on storage card.
diff --git a/inspection/virtual-query-imager.py b/inspection/virtual-query-imager.py
index 39a12e0..7bbc9c0 100644
--- a/inspection/virtual-query-imager.py
+++ b/inspection/virtual-query-imager.py
@@ -86,24 +86,44 @@ def drawit (draw, addr, size, state, prot, prot_, type):
drawit_ (draw, addr, next, state, prot, prot_, type)
addr = next
+process = [''] * 32
+threads = [0] * 32
+mode = 0
for line in fileinput.input():
- if line[0] != '0':
- continue
- # alc-base alc-prot address size state protect type
- # 0x00000000 --- --- 0x00001000 0x0000f000 free --- --- unknown
- # 0x00010000 --- --- 0x00014000 0x0000a000 reserve --- --- image
- # 0x00000000 --- --- 0x0001e000 0x017a2000 free --- --- unknown
- # 0x017c0000 --- --- 0x017c0000 0x000fe000 reserve --- --- private
- # 0x017c0000 --- --- 0x018be000 0x00002000 commit rw- --- private
- # 0x018c0000 --- --- 0x018c0000 0x00002000 commit rw- -n- private
-
- fields = line.split()
- addr, size, state, prot, prot_, type = fields[3:]
- addr = int(addr, 16) / 4096
- size = int(size, 16) / 4096
-
- drawit (draw, addr, size, state, prot, prot_, type)
-
+ if mode == 0:
+ field = line.split();
+ if field[0] == "alc-base":
+ mode = 1
+ continue
+ if field[0] == "Process":
+ continue
+ # Process PID Base Priority # Threads Base Addr Access Key
+ # NK.EXE FFFF002 3 2 C2000000 1
+ # filesys.exe FFEEE5E 3 18 4000000 2
+ # akonadi_agent_server 6CD3C9B6 3 1 6000000 4
+ base = int(field[4], 16)
+ idx = base / (32*1024*1024) - 2;
+ if idx >= 0 and idx < 32:
+ process[idx] = field[0]
+ threads[idx] = int(field[3])
+ else:
+ if line[0] != '0':
+ continue
+ # alc-base alc-prot address size state protect type
+ # 0x00000000 --- --- 0x00001000 0x0000f000 free --- --- unknown
+ # 0x00010000 --- --- 0x00014000 0x0000a000 reserve --- --- image
+ # 0x00000000 --- --- 0x0001e000 0x017a2000 free --- --- unknown
+ # 0x017c0000 --- --- 0x017c0000 0x000fe000 reserve --- --- private
+ # 0x017c0000 --- --- 0x018be000 0x00002000 commit rw- --- private
+ # 0x018c0000 --- --- 0x018c0000 0x00002000 commit rw- -n- private
+
+ fields = line.split()
+ addr, size, state, prot, prot_, type = fields[3:]
+ addr = int(addr, 16) / 4096
+ size = int(size, 16) / 4096
+
+ drawit (draw, addr, size, state, prot, prot_, type)
+
# Create grid.
for col in xrange(slots):
@@ -163,6 +183,11 @@ writerow (0, "Slot 0: Active Process")
writerow (1, "Slot 1: ROM Image")
for i in xrange (31):
writerow (2 + i, "Slot %2i: Process %i" % (i + 2, i))
+ if process[i] != "":
+ if threads[i] > 1:
+ writerow (2 + i, " %s (%i threads)" % (process[i], threads[i]))
+ else:
+ writerow (2 + i, " %s" % (process[i]))
for i in xrange (26):
writerow (33 + i, "Slot %2i: Shared Area" % (33 + i))
writerow (59, "Slot 59: Driver Stacks")
diff --git a/inspection/virtual-query.c b/inspection/virtual-query.c
index f47ddf5..d97075c 100644
--- a/inspection/virtual-query.c
+++ b/inspection/virtual-query.c
@@ -1,10 +1,12 @@
#include <stdio.h>
#include <windows.h>
+FILE *fp;
+
void
dump_mbi_header ()
{
- printf ("alc-base alc-prot address size state protect type \n");
+ fprintf (fp, "alc-base alc-prot address size state protect type \n");
}
@@ -20,7 +22,7 @@ dump_protect_flags (DWORD flags)
DWORD px = flags & (PAGE_EXECUTE | PAGE_EXECUTE_READ
| PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY);
- printf ("%c%c%c %c%c%c ",
+ fprintf (fp, "%c%c%c %c%c%c ",
pr ? 'r' : '-', pc ? 'c' : (pw ? 'w' : '-'), px ? 'x' : '-',
(flags & PAGE_GUARD) ? 'g' : '-',
(flags & PAGE_NOCACHE) ? 'n' : '-',
@@ -37,16 +39,16 @@ dump_state (DWORD state)
switch (state)
{
case MEM_COMMIT:
- printf ("commit ");
+ fprintf (fp, "commit ");
return;
case MEM_FREE:
- printf ("free ");
+ fprintf (fp, "free ");
return;
case MEM_RESERVE:
- printf ("reserve ");
+ fprintf (fp, "reserve ");
return;
default:
- printf ("unknown ");
+ fprintf (fp, "unknown ");
}
}
@@ -57,16 +59,16 @@ dump_type (DWORD mtype)
switch (mtype)
{
case MEM_IMAGE:
- printf ("image ");
+ fprintf (fp, "image ");
return;
case MEM_MAPPED:
- printf ("mapped ");
+ fprintf (fp, "mapped ");
return;
case MEM_PRIVATE:
- printf ("private ");
+ fprintf (fp, "private ");
return;
default:
- printf ("unknown ");
+ fprintf (fp, "unknown ");
}
}
@@ -74,16 +76,76 @@ dump_type (DWORD mtype)
void
dump_mbi (PMEMORY_BASIC_INFORMATION mbi)
{
- printf ("0x%08x ", mbi->AllocationBase);
+ fprintf (fp, "0x%08x ", mbi->AllocationBase);
dump_protect_flags (mbi->AllocationProtect);
- printf ("0x%08x ", mbi->BaseAddress);
- printf ("0x%08x ", mbi->RegionSize);
+ fprintf (fp, "0x%08x ", mbi->BaseAddress);
+ fprintf (fp, "0x%08x ", mbi->RegionSize);
dump_state (mbi->State);
dump_protect_flags (mbi->Protect);
dump_type (mbi->Type);
- printf ("\n");
+ fprintf (fp, "\n");
}
+#include <tlhelp32.h>
+#include <windows.h>
+#define MAX_PROCESSES 32
+
+DWORD GetMaxProcessNameLength( PROCESSENTRY32 lppe[MAX_PROCESSES], DWORD ProcessCount )
+{
+ DWORD index ;
+ DWORD MaxLength = 0;
+ DWORD CurrentLength;
+ for( index = 0; index < ProcessCount; index++ )
+ {
+ CurrentLength = wcslen( lppe[ index ].szExeFile );
+ if( MaxLength < CurrentLength )
+ MaxLength = CurrentLength;
+ }
+ return MaxLength;
+}
+
+#define TH32CS_SNAPNOHEAPS 0x40000000
+
+DWORD GetRunningProcesses( PROCESSENTRY32 *pProcess )
+{
+ HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS|TH32CS_SNAPNOHEAPS, 0);
+ DWORD index = 0;
+ if(hSnapShot == (HANDLE)-1)
+ {
+#if 1
+ fprintf (fp, "GetRunningProcesses: Failed CreateToolhelp32Snapshot Error: %d\n",
+ GetLastError());
+#endif
+ return 0;
+ }
+
+ memset(pProcess,0,sizeof(PROCESSENTRY32));
+ index = 0;
+ pProcess->dwSize = sizeof(PROCESSENTRY32);
+ if(Process32First(hSnapShot, pProcess))
+ {
+ while(TRUE)
+ {
+ index += 1;
+ if( index < MAX_PROCESSES )
+ {
+ memcpy( pProcess + 1, pProcess, sizeof(PROCESSENTRY32));
+ pProcess++;
+ if(!Process32Next(hSnapShot, pProcess))
+ {
+ break;
+ }
+ }
+ else
+ {
+ index = MAX_PROCESSES;
+ break;
+ }
+ }
+ }
+ CloseToolhelp32Snapshot (hSnapShot);
+ return index ;
+}
int
main (int argc, char* argv[])
@@ -93,6 +155,37 @@ main (int argc, char* argv[])
void *addr;
int skipping = 0;
+ fp = fopen ("\\Speicherkarte\\vmemory.txt", "w");
+ {
+ PROCESSENTRY32 *CurrentProcess;
+ PROCESSENTRY32 Process[ MAX_PROCESSES ];
+ DWORD ProcessCount;
+ DWORD index ;
+ DWORD MaxProcessNameLength;
+ // Get the list of running processes
+ ProcessCount = GetRunningProcesses( Process );
+ // Get the length of the longest process name so that we can format
+ // the output to be pretty
+ MaxProcessNameLength = GetMaxProcessNameLength( Process, ProcessCount );
+ // Output a header to describe each column
+ fprintf (fp, "%-*s %8s %13s %9s %9s %10s\n",
+ MaxProcessNameLength, "Process", "PID", "Base Priority", "# Threads", "Base Addr", "Access Key");
+
+ // Output information for each running process
+ for( index = 0; index < ProcessCount; index++ )
+ {
+ CurrentProcess = &(Process[ index ] );
+ fprintf (fp, "%-*S %8X %13d %9d %9X %10X\n",
+ MaxProcessNameLength, CurrentProcess->szExeFile,
+ CurrentProcess->th32ProcessID,
+ CurrentProcess->pcPriClassBase,
+ CurrentProcess->cntThreads,
+ CurrentProcess->th32MemoryBase,
+ CurrentProcess->th32AccessKey
+ );
+ }
+ }
+
memset (&si, '\0', sizeof (si));
GetSystemInfo (&si);
dump_mbi_header ();
@@ -108,7 +201,7 @@ main (int argc, char* argv[])
if (res == 0)
{
if (!skipping)
- printf ("Skipping over %p...\n", addr);
+ fprintf (fp, "Skipping over %p...\n", addr);
skipping = 1;
new_addr = addr + si.dwPageSize;
if (new_addr < addr)
@@ -118,7 +211,7 @@ main (int argc, char* argv[])
}
if (res != sizeof (mbi))
{
- printf ("Unexpected return size: %i (expected %i)\n",
+ fprintf (fp, "Unexpected return size: %i (expected %i)\n",
res, sizeof (mbi));
}
skipping = 0;
@@ -132,7 +225,8 @@ main (int argc, char* argv[])
while (1);
/* Give ssh time to flush buffers. */
- fflush (stdout);
+ fflush (fp);
+ fclose (fp);
Sleep (300);
return 0;
}
-----------------------------------------------------------------------
Summary of changes:
inspection/virtual-query-imager.py | 59 ++++++++++++-----
inspection/virtual-query.c | 128 +++++++++++++++++++++++++++++++-----
2 files changed, 153 insertions(+), 34 deletions(-)
hooks/post-receive
--
UNNAMED PROJECT
http://git.gnupg.org
More information about the Gnupg-commits
mailing list