Fix mem dump (sensepost#520)

* Added chunking to memory dump operations * Increased block size and used chunking on all dumping methods * Removed extra parameter * Fixed missing bytearrays + used previously unused parameter (im sorry)
jinnu92 · Feb 13, 2022 · 3841cb1 · 3841cb1
1 parent 0ce1145
commit 3841cb1
Showing 1 changed file with 33 additions and 4 deletions.
diff --git a/objection/commands/memory.py b/objection/commands/memory.py
@@ -1,5 +1,8 @@
 import json
 import os
+import math
+
+from typing import List
 
 import click
 from tabulate import tabulate
@@ -8,6 +11,7 @@
 from ..utils.helpers import clean_argument_flags
 from ..utils.helpers import sizeof_fmt, pretty_concat
 
+BLOCK_SIZE = 40960000
 
 def _is_string_input(args: list) -> bool:
     """
@@ -84,15 +88,19 @@ def dump_all(args: list) -> None:
 
     with click.progressbar(ranges) as bar:
         for image in bar:
+            dump = bytearray()
             bar.label = 'Dumping {0} from base: {1}'.format(sizeof_fmt(image['size']), hex(int(image['base'], 16)))
-
+        
             # catch and exception thrown while dumping.
             # this could for a few reasons like if the protection
             # changes or the range is reallocated
             try:
                 # grab the (size) bytes starting at the (base_address)
-                dump = api.memory_dump(int(image['base'], 16), image['size'])
-            except Exception:
+                chunks = _get_chunks(int(image['base'], 16), int(image['size']), BLOCK_SIZE)
+                for chunk in chunks:
+                    dump.extend(bytearray(api.memory_dump(chunk[0], chunk[1])))
+
+            except Exception as e:
                 continue
 
             # append the results to the destination file
@@ -102,6 +110,21 @@ def dump_all(args: list) -> None:
     click.secho('Memory dumped to file: {0}'.format(destination), fg='green')
 
 
+def _get_chunks(addr: int, size: int, block_size: int = BLOCK_SIZE) -> List:
+  if size > block_size:
+    block_count = size // block_size
+    extra_block = size % block_size
+    ranges = []
+    current_address = addr
+    for i in range(block_count):
+      ranges.append((current_address, block_size))
+      current_address += block_size
+    if extra_block != 0:
+      ranges.append((current_address, extra_block))
+    return ranges
+  else:
+    return [(addr, size)]
+
 def dump_from_base(args: list) -> None:
     """
         Dump memory from a base address for a specific size to file
@@ -129,7 +152,13 @@ def dump_from_base(args: list) -> None:
                 fg='green', dim=True)
 
     api = state_connection.get_api()
-    dump = api.memory_dump(int(base_address, 16), int(memory_size))
+
+    # iirc, if you don't cast the return type to a bytearray it uses the sizeof(int) per cell, which is massive
+    dump = bytearray()
+    chunks = _get_chunks(int(base_address, 16), int(memory_size), BLOCK_SIZE)
+    for chunk in chunks:
+        dump.extend(bytearray(api.memory_dump(chunk[0], chunk[1])))
+
 
     # append the results to the destination file
     with open(destination, 'wb') as f: