Metadata-Version: 1.0
Name: haystack
Version: 0.2
Summary: Search C Structures in a process' memory
Home-page: http://packages.python.org/haystack/
Author: Loic Jaquemet
Author-email: loic.jaquemet+python@gmail.com
License: GPL
Download-URL: http://github.com/trolldbois/python-haystack/tree/master
Description: HOWTO:
        ------
        
        >>> import haystack
        >>> haystack.findStruct( pid , 'ctypes.c_int')
        >>> haystack.findStruct( pid , 'ctypes_example.big_struct')
        
        It's easy to add new structures (check ctypeslib or do it by hand )
        
        
        not so FAQ :
        ============
        
        What does it do ?:
        ------------------
        The basic functionnality is to search in a process' memory maps for a specific C Structures.
        
        How do it knows that the structures is valid ? :
        ------------------------------------------------
        You add some constraints ( expectedValues ) on the fields. Pointers are also a good start.
         
        Where does the idea comes from ? :
        -----------------------------------
        use http://www.hsc.fr/ressources/breves/passe-partout.html.fr  to get keys
        use http://pauldotcom.com/2010/10/tsharkwireshark-ssl-decryption.html  
         or http://www.rtfm.com/ssldump/ to read streams
        use scapy, because it's fun ? but we need IP reassembly . 
        pynids could be more useful...
        dsniff is now in python ?
        flowgrep
        use python.
        
        
        What are the dependencies ? :
        ----------------------------
        python-ptrace
        
        
        
Keywords: memory,analysis,forensics,struct,ptrace
Platform: UNKNOWN
Classifier: Topic :: System :: Networking
Classifier: Topic :: Security
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU General Public License (GPL)
Classifier: Programming Language :: Python
Classifier: Development Status :: 5 - Production/Stable
