Linux下使用python读取共享内存
python没有独立的库可以读取linux下的共享内存,下面使用ctypes调用系统的API读取共享内存的内容
使用C++创建共享内存
#include <stdio.h>#include <iostream>#include <unistd.h> #include <sys/ipc.h>#include <sys/shm.h>#include <stdlib.h>#include <errno.h>#define MY_SHM_ID 67483void get_buf(char *buf){ int i=0; while((buf[i]=getchar())!='\n'&&i<1024) i++;}int main( ){ printf("page size=%d\n", getpagesize()); int shmid=0, ret=0; shmid = shmget(MY_SHM_ID, 4096, 0666|IPC_CREAT); if (shmid > 0) { printf("Create a shared memory segment %d\n", shmid); } struct shmid_ds shmds; ret = shmctl( shmid, IPC_STAT, &shmds ); if (ret == 0 ) { printf( "Size of memory segment is %d \n", shmds.shm_segsz ); printf( "Number of attaches %d \n", (int)shmds.shm_nattch ); } else { printf( "shmctl () call failed \n"); } // write data to share memary char *buf = NULL; if ((int)(buf=(char*)shmat(shmid, NULL, 0))==-1) { perror("Share memary can't get pointer\n"); exit(1); } get_buf(buf); //ret = shmctl(shmid, IPC_RMID, 0); if (ret == 0) { printf("Shared memary removed \n"); } else { printf("Shared memory remove failed \n"); } return 0;}?
查看共享内存:
$ipcs
------ Shared Memory Segments --------
key??????? shmid????? owner????? perms????? bytes????? nattch???? status?????
0x0001079b 98305????? postmast?? 666??????? 4096?????? 0??????????????????????
------ Semaphore Arrays --------
key??????? semid????? owner????? perms????? nsems????
------ Message Queues --------
key??????? msqid????? owner????? perms????? used-bytes?? messages???
0x000004d2 131073???? abber????? 666??????? 17?????????? 3??
?
?
使用python读取共享内存 代码如下:
[postmast@xuanyuan-soft22 ~/test]$vi shm.py #!/usr/bin/env python # -*- coding: utf-8 -*- # # This script dumps the content of a shared memory block # used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin # when the machine is infected. # # Some of the data is encrypted. If your server is infected and you # would like to help, please send the httpd_cdorked_config.bin # to our lab for analysis. Thanks! # # Marc-Etienne M.Léveillé <leve...@eset.com> # from ctypes import * SHM_SIZE = 4096 SHM_KEY = 67483 OUTFILE="httpd_cdorked_config.bin" try: rt = CDLL('librt.so') except: rt = CDLL('librt.so.1') shmget = rt.shmget shmget.argtypes = [c_int, c_size_t, c_int] shmget.restype = c_int shmat = rt.shmat shmat.argtypes = [c_int, POINTER(c_void_p), c_int] shmat.restype = c_void_p shmid = shmget(SHM_KEY, SHM_SIZE, 0o666) if shmid < 0: print ("System not infected") else: addr = shmat(shmid, None, 0) #f = file(OUTFILE, 'wb') f=open(OUTFILE, 'wb') f.write(string_at(addr,SHM_SIZE)) f.close() print(addr, type(addr)) print ("Dumped %d bytes in %s" % (SHM_SIZE, OUTFILE)) ?python 读取的结果存放在文件httpd_cdorked_config.bin中
$cat httpd_cdorked_config.bin
hello word!this is a test.
$