import lldb
def processAllMemoryRegions():
process = lldb.debugger.GetSelectedTarget().GetProcess()
memoryRegionInfoList = process.GetMemoryRegions()
numberOfMemoryRegions = memoryRegionInfoList.GetSize()
memoryRegionIndex = 0
while (memoryRegionIndex < numberOfMemoryRegions):
memoryRegionInfo = lldb.SBMemoryRegionInfo()
success = memoryRegionInfoList.GetMemoryRegionAtIndex(memoryRegionIndex, memoryRegionInfo)
if success:
print("Processing: "+str(memoryRegionIndex+1)+"/"+str(numberOfMemoryRegions))
processOneMemoryRegion(process, memoryRegionInfo)
else:
print("Could not get memory at index: "+str(memoryRegionIndex))
memoryRegionIndex = memoryRegionIndex+1
def processOneMemoryRegion(process, memoryRegionInfo):
begAddressOfMemoryRegion = memoryRegionInfo.GetRegionBase()
endAddressOfMemoryRegion = memoryRegionInfo.GetRegionEnd()
if memoryRegionInfo.IsReadable():
print("Beg address of a memory region: "+stringifyMemoryAddress(begAddressOfMemoryRegion))
print("End address of a memory region: "+stringifyMemoryAddress(endAddressOfMemoryRegion))
error = lldb.SBError()
regionSize = endAddressOfMemoryRegion-begAddressOfMemoryRegion
memoryData = process.ReadMemory(begAddressOfMemoryRegion, regionSize, error)
if error.Success():
#do something with memoryData (bytearray) eg. save it to file
file = open("/absolute path/sample.bin", "ab")
file.write(memoryData)
file.close()
pass
else:
print("Could not access memory data.")
else:
print("Memory region is not readable.")
def stringifyMemoryAddress(memoryAddress):
return '0x{:016x}'.format(memoryAddress)
(lldb) script
Python Interactive Interpreter. To exit, type 'quit()', 'exit()'.
>>> exec (open ( '/absolute path/mem.py'). read ())
>>> processAllMemoryRegions ()
Leave a comment