-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathCHANGES.txt
113 lines (100 loc) · 4.42 KB
/
CHANGES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
Ongoing:
- stabilisation of search
- refactorisation of reverse
Changes to architecture.txt:
- IMemoryHandler: there is a process memory concept (dump, live, vol, rekall) that need a handler.
- IMemoryLoader: a memory loader is a helper class reads the dump and creates a IMemoryHandler instance
+ figures out the ITargetPlatform information (cpu, wordsize)
+ the ITargetPlatform wraps a CTypesProxy instance
+ figures out the list of IMemoryMapping
+ creates a IMemoryHandler with both previous element
- the IMemoryHandler instance is the one way access to:
+ the list of IMemoryMapping
+ the CTypesProxy ctypes proxy object for this MemoryHandler host
+ the IHeapWalker helpers
- the memory l
2017-06:
- Python 3 compatibility finalized
- using pkg_resources entry points for CLI, memory mapping loader
- setup pkg_resources entry points for HEAP parser
- Support frida as memory mappings loader technique
- add 'read the docs' documentation in .rst format
- normalize argument parsing around an URL format
2017-05:
- Start porting to python3
- extract extensions (reverse, gui) and docs to other git repo
2016-01:
- Support Minidump format (Windows standard dump format with all memory options)
- haystack-find-heap.py script to help debug Windows heap
- 90% support of LFH and LAL on winXP 32 and 64 bits.
- 90% support of LFH on win7 32 and 64 bits.
- 95% support of UCR.
- Support of mixed x32/x64 Windows Heap processes
2015-10:
- cleaning up the reverse API
- Fix sigsegv bug source in reset_mappings()
- Fix the double linked reverser
- Cleaned up the reverse/structure module
- Added a fun constraints heuristics on reversed types's field.
- is zeus in c30000.headers_values.py ?
2015-09:
- Working on Volatility dump reader
- working a WinXP chunk iterator
- adding PEB to winXP list of know structures
- Working volatility plugins in repo https://github.com/trolldbois/volatility_plugins
- winheap to work with heap at w.e. offset, not with heap aligned on mapping.start.
- fixed winXP x86 heapwalker
2015-08:
- Fixes for travis in setup.py
- Ran 225 tests in 519.059s
OK (skipped=7, expected failures=4)
- Profiling... Ran 225 tests in 160.300s
- heaps are not necessarly at offset 0 in mapping
- more work on Windows XP heap based on the Zeus vmem extract of a process
- cleaned the memory handler to stop being a big bag of everything
- remove reverse's context from core haystack
- added a script to find heaps in Windows dumps
- start standardizing test dumps in a test file inventory
Ran 240 tests in 119.036s
FAILED (failures=2, errors=9, skipped=11, expected failures=3)
- model is an instance.
2015-07:
- Ran 212 tests in 58.233s
FAILED (failures=1, errors=106, skipped=6, expected failures=1)
- move constraints to config flat file instead of python code
- refactor to ctypes proxy class in instances instead of module.
- design with abc ready interfaces
- clean TU state, 0 errors
- constraints config is case sensitive
- fixed win7heapfinder and walker
- adjusted basicmodel to use memeory_handler properly.
- Ran 213 tests in 149.355s
FAILED (failures=2, errors=31, skipped=8, expected failures=2)
- fixed the search API to a simple one
- fixed the haystack search cli to the new API
- Ran 213 tests in 169.886s
FAILED (errors=22, skipped=6, expected failures=2)
- pretty much refactored haytack core and search in reverse.
- Ran 229 tests in 347.116s
FAILED (errors=7, skipped=7, expected failures=3)
- cleaned search API, with matching TU
- the constraints model and listmodel are enforced by an MVC model
- Ran 224 tests in 317.901s
FAILED (failures=2, errors=13, skipped=7, expected failures=3)
2015-06:
- keep track of changes in this file
- use travis-ci to compile
- fix makefile in tests/ and sudo & virtualenv play together nicely
- FIX OverflowError: Python int too large to convert to C long on ptrace file.seek - ignore vsyscall mmap that is in the higher mmap reagion
+ this is a temporary bugfix.
- add memory dumps test case to a dropbox
- fix the heap structures used by haystack for win7.
+ Constraints: Ignore HEAP_ENTRY SubSegmentCode pointer as it is encoded.
+ fix some ctypeslib bugs
- fix the generation process for HEAP structures. ctypeslib and clang do not like circular dependencies.
- fix the name generation in ctypeslib
- autopep8 all
- fix all TU to pass
- fix installation requirements
- fix test run
- Script the generation of profiles