diff --git a/cmd/cmd.go b/cmd/cmd.go index f5ab992..a7591cf 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -9,6 +9,7 @@ import ( "log" "os" "os/exec" + "path/filepath" "regexp" "strconv" "strings" @@ -38,22 +39,27 @@ func Plist() (string, error) { re := regexp.MustCompile(`\s+`) line, err := out.ReadString('\n') - pids := []string{} + pids := make(map[string]string) for err == nil && len(line) != 0 { s := strings.Split(re.ReplaceAllString(string(line), " "), " ") pid := s[1] cmd := s[8] if pid != "PID" && cmd != "" && cmd != "ps" && cmd != "sh" && cmd != "medit" { fmt.Printf("Package: %s, PID: %s\n", cmd, pid) - pids = append(pids, pid) + pids[cmd] = pid } line, err = out.ReadString('\n') } - if len(pids) == 1 { - fmt.Printf("Target PID has been set to %s.\n", pids[0]) - return pids[0], nil + current_path, _ := os.Getwd() + _, package_name := filepath.Split(current_path) + for cmd, pid := range pids { + if cmd == package_name { + fmt.Printf("Target PID has been set to %s.\n", pid) + return pid, nil + } } + return "", nil } @@ -98,10 +104,11 @@ func Attach(pid string) error { func Find(pid string, targetVal string, dataType string) ([]Found, error) { founds := []Found{} - // search value in /proc//mem + // parse /proc//map, and get writable area mapsPath := fmt.Sprintf("/proc/%s/maps", pid) - memPath := fmt.Sprintf("/proc/%s/mem", pid) addrRanges, err := memory.GetWritableAddrRanges(mapsPath) + // search value in /proc//mem + memPath := fmt.Sprintf("/proc/%s/mem", pid) if err != nil { return nil, err } @@ -115,6 +122,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { converter: converter.StringToBytes, dataType: "UTF-8 string", }) + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } fmt.Println("------------------------") @@ -129,6 +138,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } fmt.Println("------------------------") foundAddrs, err = memory.FindDword(memPath, targetVal, addrRanges) @@ -141,6 +152,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } fmt.Println("------------------------") foundAddrs, err = memory.FindQword(memPath, targetVal, addrRanges) @@ -153,6 +166,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } } else if dataType == "string" { @@ -166,6 +181,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } } else if dataType == "word" { @@ -179,6 +196,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } } else if dataType == "dword" { @@ -192,6 +211,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } } else if dataType == "qword" { @@ -205,6 +226,8 @@ func Find(pid string, targetVal string, dataType string) ([]Found, error) { }) } return founds, nil + } else if _, ok := err.(memory.TooManyErr); ok { + return founds, err } } @@ -235,7 +258,7 @@ func Filter(pid string, targetVal string, prevFounds []Found) ([]Found, error) { } } foundAddrs, _ := memory.FindDataInAddrRanges(memPath, targetBytes, addrRanges) - fmt.Printf("Found: %d!!!\n", len(foundAddrs)) + fmt.Printf("Found: %d!!\n", len(foundAddrs)) if len(foundAddrs) < 10 { for _, v := range foundAddrs { fmt.Printf("Address: 0x%x\n", v) diff --git a/main.go b/main.go index 31e3093..79cc66c 100644 --- a/main.go +++ b/main.go @@ -48,10 +48,7 @@ func executor(in string) { targetVal = inputSlice[2] dataType = inputSlice[1] } - foundAddr, err := cmd.Find(appPID, targetVal, dataType) - if err != nil { - fmt.Println(err) - } + foundAddr, _ := cmd.Find(appPID, targetVal, dataType) addrCache = foundAddr } else if strings.HasPrefix(in, "filter") { diff --git a/pkg/memory/search.go b/pkg/memory/search.go index a05fcb0..35d2617 100644 --- a/pkg/memory/search.go +++ b/pkg/memory/search.go @@ -13,7 +13,7 @@ import ( "github.com/aktsk/apk-medit/pkg/converter" ) -var splitSize = 0x50000000 +var splitSize = 0x5000000 var bufferPool = sync.Pool{ New: func() interface{} { return make([]byte, splitSize) @@ -57,6 +57,22 @@ func GetWritableAddrRanges(mapsPath string) ([][2]int, error) { return addrRanges, nil } +type Err struct { + err error +} + +func (e *Err) Error() string { + return fmt.Sprint(e.err) +} + +type ParseErr struct { + *Err +} + +type TooManyErr struct { + *Err +} + func FindDataInAddrRanges(memPath string, targetBytes []byte, addrRanges [][2]int) ([]int, error) { foundAddrs := []int{} f, err := os.OpenFile(memPath, os.O_RDONLY, 0600) @@ -71,6 +87,7 @@ func FindDataInAddrRanges(memPath string, targetBytes []byte, addrRanges [][2]in fmt.Println(err) } for i := 0; i < (memSize/splitSize)+1; i++ { + // target memory is too big to read all of it, so split it and then search in memory splitIndex := (i + 1) * splitSize splittedBeginAddr := beginAddr + i*splitSize splittedEndAddr := endAddr @@ -81,9 +98,9 @@ func FindDataInAddrRanges(memPath string, targetBytes []byte, addrRanges [][2]in ReadMemory(f, b, splittedBeginAddr, splittedEndAddr) findDataInSplittedMemory(&b, targetBytes, searchLength, splittedBeginAddr, 0, &foundAddrs) bufferPool.Put(b) - if len(foundAddrs) > 60000 { + if len(foundAddrs) > 500000 { fmt.Println("Too many addresses with target data found...") - return foundAddrs, errors.New("Error: Too many addresses") + return foundAddrs, TooManyErr{&Err{errors.New("Error: Too many addresses")}} } } } @@ -107,14 +124,14 @@ func FindString(memPath string, targetVal string, addrRanges [][2]int) ([]int, e fmt.Println("Search UTF-8 String...") targetBytes, _ := converter.StringToBytes(targetVal) fmt.Printf("Target Value: %s(%v)\n", targetVal, targetBytes) - foundAddrs, _ := FindDataInAddrRanges(memPath, targetBytes, addrRanges) - fmt.Printf("Found: %d!\n", len(foundAddrs)) + foundAddrs, err := FindDataInAddrRanges(memPath, targetBytes, addrRanges) + fmt.Printf("Found: %d!!\n", len(foundAddrs)) if len(foundAddrs) < 10 { for _, v := range foundAddrs { fmt.Printf("Address: 0x%x\n", v) } } - return foundAddrs, nil + return foundAddrs, err } func FindWord(memPath string, targetVal string, addrRanges [][2]int) ([]int, error) { @@ -122,17 +139,17 @@ func FindWord(memPath string, targetVal string, addrRanges [][2]int) ([]int, err targetBytes, err := converter.WordToBytes(targetVal) if err != nil { fmt.Printf("parsing %s: value out of range\n", targetVal) - return nil, err + return nil, ParseErr{&Err{errors.New("Error: value out of range")}} } fmt.Printf("Target Value: %s(%v)\n", targetVal, targetBytes) - foundAddrs, _ := FindDataInAddrRanges(memPath, targetBytes, addrRanges) - fmt.Printf("Found: %d!\n", len(foundAddrs)) + foundAddrs, err := FindDataInAddrRanges(memPath, targetBytes, addrRanges) + fmt.Printf("Found: %d!!\n", len(foundAddrs)) if len(foundAddrs) < 10 { for _, v := range foundAddrs { fmt.Printf("Address: 0x%x\n", v) } } - return foundAddrs, nil + return foundAddrs, err } func FindDword(memPath string, targetVal string, addrRanges [][2]int) ([]int, error) { @@ -140,17 +157,17 @@ func FindDword(memPath string, targetVal string, addrRanges [][2]int) ([]int, er targetBytes, err := converter.DwordToBytes(targetVal) if err != nil { fmt.Printf("parsing %s: value out of range\n", targetVal) - return nil, err + return nil, ParseErr{&Err{errors.New("Error: value out of range")}} } fmt.Printf("Target Value: %s(%v)\n", targetVal, targetBytes) - foundAddrs, _ := FindDataInAddrRanges(memPath, targetBytes, addrRanges) - fmt.Printf("Found: %d!\n", len(foundAddrs)) + foundAddrs, err := FindDataInAddrRanges(memPath, targetBytes, addrRanges) + fmt.Printf("Found: %d!!\n", len(foundAddrs)) if len(foundAddrs) < 10 { for _, v := range foundAddrs { fmt.Printf("Address: 0x%x\n", v) } } - return foundAddrs, nil + return foundAddrs, err } func FindQword(memPath string, targetVal string, addrRanges [][2]int) ([]int, error) { @@ -158,15 +175,15 @@ func FindQword(memPath string, targetVal string, addrRanges [][2]int) ([]int, er targetBytes, err := converter.QwordToBytes(targetVal) if err != nil { fmt.Printf("parsing %s: value out of range\n", targetVal) - return nil, err + return nil, ParseErr{&Err{errors.New("Error: value out of range")}} } fmt.Printf("Target Value: %s(%v)\n", targetVal, targetBytes) - foundAddrs, _ := FindDataInAddrRanges(memPath, targetBytes, addrRanges) - fmt.Printf("Found: %d!\n", len(foundAddrs)) + foundAddrs, err := FindDataInAddrRanges(memPath, targetBytes, addrRanges) + fmt.Printf("Found: %d!!\n", len(foundAddrs)) if len(foundAddrs) < 10 { for _, v := range foundAddrs { fmt.Printf("Address: 0x%x\n", v) } } - return foundAddrs, nil + return foundAddrs, err } diff --git a/screenshots/terminal.gif b/screenshots/terminal.gif index e701027..5d6ec7a 100644 Binary files a/screenshots/terminal.gif and b/screenshots/terminal.gif differ