Skip to content

libdebug.snapshots.process.process_shapshot_diff

ProcessSnapshotDiff

Bases: Diff

This object represents a diff between process snapshots.

Source code in libdebug/snapshots/process/process_shapshot_diff.py 
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
class ProcessSnapshotDiff(Diff):
    """This object represents a diff between process snapshots."""

    def __init__(self: ProcessSnapshotDiff, snapshot1: ProcessSnapshot, snapshot2: ProcessSnapshot) -> None:
        """Returns a diff between given snapshots of the same process.

        Args:
            snapshot1 (ProcessSnapshot): A process snapshot.
            snapshot2 (ProcessSnapshot): A process snapshot.
        """
        super().__init__(snapshot1, snapshot2)

        # Register diffs
        self._save_reg_diffs()

        # Memory map diffs
        self._resolve_maps_diff()

        # Thread diffs
        self._generate_thread_diffs()

        if (self.snapshot1._process_name == self.snapshot2._process_name) and (
            self.snapshot1.aslr_enabled or self.snapshot2.aslr_enabled
        ):
            liblog.warning("ASLR is enabled in either or both snapshots. Diff may be messy.")

    def _generate_thread_diffs(self: ProcessSnapshotDiff) -> None:
        """Generates diffs between threads in the two compared snapshots.

        Thread differences:
         - Born threads and dead threads are stored directly in separate lists (no state diff exists between the two).
         - Threads that exist in both snapshots are stored as diffs and can be accessed through the threads_diff property.
        """
        self.born_threads = []
        self.dead_threads = []
        self.threads_diff = []

        snapshot1_by_tid = {thread.tid: thread for thread in self.snapshot1.threads}
        snapshot2_by_tid = {thread.tid: thread for thread in self.snapshot2.threads}

        for tid, t1 in snapshot1_by_tid.items():
            t2 = snapshot2_by_tid.get(tid)
            if t2 is None:
                self.dead_threads.append(t1)
            else:
                diff = LightweightThreadSnapshotDiff(t1, t2, self)
                self.threads_diff.append(diff)

        for tid, t2 in snapshot2_by_tid.items():
            if tid not in snapshot1_by_tid:
                self.born_threads.append(t2)

__init__(snapshot1, snapshot2)

Returns a diff between given snapshots of the same process.

Parameters:

Name Type Description Default
snapshot1 ProcessSnapshot

A process snapshot.

 required
snapshot2 ProcessSnapshot

A process snapshot.

 required
Source code in libdebug/snapshots/process/process_shapshot_diff.py 
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
def __init__(self: ProcessSnapshotDiff, snapshot1: ProcessSnapshot, snapshot2: ProcessSnapshot) -> None:
    """Returns a diff between given snapshots of the same process.

    Args:
        snapshot1 (ProcessSnapshot): A process snapshot.
        snapshot2 (ProcessSnapshot): A process snapshot.
    """
    super().__init__(snapshot1, snapshot2)

    # Register diffs
    self._save_reg_diffs()

    # Memory map diffs
    self._resolve_maps_diff()

    # Thread diffs
    self._generate_thread_diffs()

    if (self.snapshot1._process_name == self.snapshot2._process_name) and (
        self.snapshot1.aslr_enabled or self.snapshot2.aslr_enabled
    ):
        liblog.warning("ASLR is enabled in either or both snapshots. Diff may be messy.")