search

trolldbois / python-haystack

Process heap analysis framework - Windows/Linux - record type inference and forensics
http://trolldbois.blogspot.com/search?q=python-haystack
GNU General Public License v3.0
94 stars 33 forks source link

haystack/structures/win32/winxpheap.constraints ?? #25

Closed rchateauneu closed 8 years ago

rchateauneu commented 8 years ago

Documentation https://pypi.python.org/pypi/haystack mentions the file haystack/structures/win32/winxpheap.constraints

Where is it please, or any other similar file ?

Thanks for this great software.

trolldbois commented 8 years ago

https://github.com/trolldbois/python-haystack/blob/master/haystack/allocators/win32/winxpheap32.constraints

Sorry, "the structures" module was renamed to allocators .

rchateauneu commented 8 years ago

Thanks, I understood the problem. When running this command, it tells that the constraints file cannot be seen a the expected place:

python haystack-0.33/build/scripts-2.7/haystack-find-heap.py chrome_full.dmp

Traceback (most recent call last): File "haystack-0.33/build/scripts-2.7/haystack-find-heap.py", line 134, in main(sys.argv[1:]) File "haystack-0.33/build/scripts-2.7/haystack-find-heap.py", line 44, in main finder = memory_handler.get_heap_finder() File "C:\Python27\lib\site-packages\haystack-0.33-py2.7.egg\haystack\mappings\base.py", line 241, in get_heap_finder self._heap_finder = heapwalker.make_heap_finder(self) File "C:\Python27\lib\site-packages\haystack-0.33-py2.7.egg\haystack\allocators\heapwalker.py", line 139, in make_heap_finder return win7heapwalker.Win7HeapFinder(memory_handler) File "C:\Python27\lib\site-packages\haystack-0.33-py2.7.egg\haystack\allocators\win32\winheapwalker.py", line 266, in init self._cpu = self._make_dual_arch_ctypes() File "C:\Python27\lib\site-packages\haystack-0.33-py2.7.egg\haystack\allocators\win32\win7heapwalker.py", line 61, in _make_dual_arch_ctypes _constraints_32 = parser.read(constraint_filename) File "C:\Python27\lib\site-packages\haystack-0.33-py2.7.egg\haystack\constraints.py", line 51, in read raise IOError("File not found") IOError: File not found

The four constraints files winheap.constraints just need to be copied here: C:\Python27\Lib\site-packages\haystack-0.33-py2.7.egg\haystack\allocators\win32

Apparently, they do not come with the installation tarball found here: https://pypi.python.org/pypi/haystack

Thanks

trolldbois commented 8 years ago

oh damn, indeed. the error is in the setup.py's package_data. I will try to correct this asap

trolldbois commented 8 years ago

I uploaded a v0.34 to pypi, please tell me if that doesn't fix the problem