initial commit

SravanthiSinha · SravanthiSinha · commit 8ab4244298c9 · 2017-07-18T17:00:37.000-07:00
diff --git a/0x03-proc_filesystem/README.md b/0x03-proc_filesystem/README.md
@@ -0,0 +1,28 @@
+# 0x02. Python - /proc filesystem
+
+### System programming & Algorithm ― Linux programming
+
+
+Task : Hack the VM
+
+Write a script that finds a string in the heap of a running process, and replaces it.
+
+* Usage: read_write_heap.py pid search_string replace_string
+  * where pid is the pid of the running process
+  * and strings are ASCII
+* The script should look only in the heap of the process
+* Output: you can print whatever you think is interesting
+* On usage error, print an error message on stdout and exit with status code 1
+
+
+
+File: read_write_heap.py
+
+
+### Usefull Links:
+
+https://www.kernel.org/doc/Documentation/filesystems/proc.txt
+
+https://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux/6302#6302
+
+https://stackoverflow.com/questions/12977179/reading-living-process-memory-without-interrupting-it-proc-kcore-is-an-option
diff --git a/0x03-proc_filesystem/read_write_heap.py b/0x03-proc_filesystem/read_write_heap.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python3
+import sys
+import re
+
+
+def print_usage():
+    print("Usage: read_write_heap.py pid search_s replace_s")
+    exit(1)
+
+
+def read_write_heap(pid, search_s, replace_s, only_writable=True):
+    mem_perm = 'rw' if only_writable else 'r-'
+    maps_filename = "/proc/{}/maps".format(pid)
+    mem_filename = "/proc/{}/mem".format(pid)
+    try:
+        with open(maps_filename, 'r') as maps_file:
+            with open(mem_filename, 'rb+', 0) as mem_file:
+                for line in maps_file.readlines():
+                    addr_perm = r'([0-9A-Fa-f]+)-([0-9A-Fa-f]+) ([-r][-w])'
+                    m = re.search(addr_perm, line)
+                    h = re.search(r'(\[heap\])', line)
+                    if m.group(3) == mem_perm and h and h.group(0) == "[heap]":
+                        start_addr = int(m.group(1), 16)
+                        end_addr = int(m.group(2), 16)
+                        mem_file.seek(start_addr)
+                        heap = mem_file.read(end_addr - start_addr)
+                        pos = heap.find(bytes(search_s, "ASCII"))
+                        if pos:
+                            mem_file.seek(start_addr + pos)
+                            adjusted_str = replace_s.ljust(len(search_s))
+                            mem_file.write(bytes(adjusted_str, "ASCII"))
+                        else:
+                            print("Couldn't find the %s in the heap", search_s)
+    except IOError as e:
+        print("[ERROR] Can not open file {}:".format(maps_filename))
+        print("        I/O error({}): {}".format(e.errno, e.strerror))
+        exit(1)
+
+
+try:
+    if len(sys.argv) != 4:
+        print_usage()
+    pid = int(sys.argv[1])
+    search_s = sys.argv[2]
+    replace_s = sys.argv[3]
+    if (len(search_s) == 0 or len(replace_s) == 0):
+        print_usage()
+    read_write_heap(pid, search_s, replace_s)
+except Exception as e:
+    print_usage()
