forked from korcankaraokcu/PINCE
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSysUtils.py
135 lines (102 loc) · 3.84 KB
/
SysUtils.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/python3
import psutil
import os
import shutil
import sys
import PINCE
from re import match, search, IGNORECASE
PINCE_IPC_PATH = "/tmp/PINCE-connection/"
# returns a list of currently working processes
def get_process_list():
processlist = []
for p in psutil.process_iter():
processlist.append(p)
return processlist
# returns the information about the given process
def get_process_information(pid=int):
p = psutil.Process(pid)
return p
# self-explanatory, returns a list
def search_in_processes_by_name(searchstring=str):
processlist = []
for p in psutil.process_iter():
if search(searchstring, p.name(), IGNORECASE):
processlist.append(p)
return processlist
# returns a list that contains information about each memory region
def get_memory_regions(pid=int):
maplist = []
p = psutil.Process(pid)
for m in p.memory_maps(grouped=False):
maplist.append(m)
return maplist
# returns a tuple based on the permissions given to the regions
def get_memory_regions_by_perms(pid=int):
readable_only, writeable, executable, readable = [], [], [], []
p = psutil.Process(pid)
for m in p.memory_maps(grouped=False):
if search("r--", m.perms):
readable_only.append(m)
if search("w", m.perms):
writeable.append(m)
if search("x", m.perms):
executable.append(m)
if search("r", m.perms):
readable.append(m)
return readable_only, writeable, executable, readable
# excludes the shared memory regions from the list
# the list must be generated from the function getmemoryregionsByPerms or getmemoryregions
def exclude_shared_memory_regions(generatedlist):
for m in generatedlist[:]:
if search("s", m.perms):
generatedlist.remove(m)
return generatedlist
# excludes the system-related memory regions from the list
# the list must be generated from the function getmemoryregionsByPerms or getmemoryregions
def exclude_system_memory_regions(generatedlist):
for m in generatedlist[:]:
if match("[7-f]", m.addr):
generatedlist.remove(m)
return generatedlist
# returns name of the tracer if specified process is being traced
def is_traced(pid=int):
for line in open("/proc/%d/status" % pid).readlines():
if line.startswith("TracerPid:"):
tracerpid = line.split(":", 1)[1].strip()
if tracerpid == "0":
return False
else:
return psutil.Process(int(tracerpid)).name()
# return True if the process is still running, False if not
def is_process_valid(pid=int):
return is_path_valid("/proc/%d" % pid)
# returns a string pointing to the home directory
def get_home_directory():
return os.path.expanduser("~")
# returns a string pointing to the py file currently working
def get_current_script_directory():
return sys.path[0]
def is_path_valid(dest_path, issue_path=""):
if os.path.exists(dest_path):
if issue_path is "delete":
shutil.rmtree(dest_path)
return True
else:
if issue_path is "create":
os.makedirs(dest_path)
fix_path_permissions(dest_path)
return False
# this function is necessary because PINCE gets opened with the root permissions
# the inferior PINCE communicating with won't be able to access to the communication files at /tmp otherwise
def fix_path_permissions(dest_path):
uid = int(os.environ.get('SUDO_UID'))
gid = int(os.environ.get('SUDO_GID'))
os.chown(dest_path, uid, gid)
# removes the corresponding pid file
def do_cleanups(pid):
is_path_valid(PINCE_IPC_PATH + str(pid), "delete")
def create_PINCE_IPC_PATH(pid):
directory_path = PINCE_IPC_PATH + str(pid)
is_path_valid(directory_path, "create")
def get_PINCE_IPC_directory(pid):
return PINCE_IPC_PATH + str(pid)