blob: aa559e05837fdcf71881b43fc1aed6cde5cff740 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
/*
* DevMemPatt.hpp:
* search the kernel...
* written by palmers / teso
*
* ahh, btw. fuck. now you can grep for it :)
*/
#ifndef __DEVMEMPATT_C
#define __DEVMEMPATT_C
#define READ_BUFF_SIZE 4096
#include <string>
#include <rwKernel.hpp>
#include <SymbolFingp.hpp>
/**
* Searching the kernel. This class helps you by seaching for
* patterns in kernel memory. Each function has a, more or less, unique structure.
* There is nothing to wonder about this: each function is for solving a different
* task. If the function, or parts of it, are know it can be found without any further
* knowledge about it.
*/
class DevMemPatt
{
private:
rwKernel *rw;
int compare_data_snippet (unsigned char *, struct sfp *);
public:
/**
* This constructor will initialize the object with a reference to a rwKernel object.
* @see rwKernel
*/
DevMemPatt (rwKernel *);
/**
* Another constructor. This one will generate a new rwKernel object.
*/
DevMemPatt ();
/**
* Destruct DevMemPatt object. Local rwKernel object will not be deleted.
*/
~DevMemPatt ();
/**
* Find a data string in kernel memory.
* @param start start address of the search.
* @param end the search will go upto this address in kernel memory.
* @param length the length of the data.
* @param data the data searched for.
* @return the address of the first byte of the searched data or
* zero if it was not found.
*/
unsigned int find_patt (unsigned int start, unsigned int end, \
unsigned short len, unsigned char *data);
/**
* Find a data pattern in kernel memory.
* @param a search a data pattern defined by a.
* @return the address of the first byte of the searched pattern or
* zero if it was not found.
* @see SymbolFingp
*/
unsigned int find_patt (struct sfp *a);
};
#endif /* __DEVMEMPATT_C */
|
