• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Python utils.pck32函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Python中miasm2.core.utils.pck32函数的典型用法代码示例。如果您正苦于以下问题:Python pck32函数的具体用法?Python pck32怎么用?Python pck32使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了pck32函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: fix_InInitializationOrderModuleList

def fix_InInitializationOrderModuleList(myjit, module_info):
    # first binary is ntdll
    # second binary is kernel32
    olist = []
    ntdll_e = None
    kernel_e = None
    for bname, (addr, e) in module_info.items():
        if bname[::2].lower() == "ntdll.dll":
            ntdll_e = (e, bname, addr)
            continue
        elif bname[::2].lower() == "kernel32.dll":
            kernel_e = (e, bname, addr)
            continue
        elif e == dummy_e:
            d_e = (e, bname, addr)
            continue
        elif e == main_pe:
            continue
        olist.append((e, bname, addr))
    if not ntdll_e or not kernel_e or not d_e:
        log.warn('No kernel ntdll, ldr data will be unconsistant')
    else:
        olist[0:0] = [ntdll_e]
        olist[1:1] = [kernel_e]

    olist.append(d_e)

    last_addr = 0
    for i in xrange(len(olist)):
        e, bname, addr = olist[i]
        p_e, p_bname, p_addr = olist[(i - 1) % len(olist)]
        n_e, n_bname, n_addr = olist[(i + 1) % len(olist)]
        myjit.vm.set_mem(
            addr + 0x10, pck32(n_addr + 0x10) + pck32(p_addr + 0x10))
开发者ID:primitivorm,项目名称:miasm,代码行数:34,代码来源:win_api_x86_32_seh.py


示例2: build_teb

def build_teb(jitter, teb_address):
    """
    Build TEB informations using following structure:

    +0x000 NtTib                     : _NT_TIB
    +0x01c EnvironmentPointer        : Ptr32 Void
    +0x020 ClientId                  : _CLIENT_ID
    +0x028 ActiveRpcHandle           : Ptr32 Void
    +0x02c ThreadLocalStoragePointer : Ptr32 Void
    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB
    +0x034 LastErrorValue            : Uint4B
    ...
    @jitter: jitter instance
    @teb_address: the TEB address
    """

    o = ""
    o += pck32(default_seh)
    o += (0x18 - len(o)) * "\x00"
    o += pck32(tib_address)

    o += (0x30 - len(o)) * "\x00"
    o += pck32(peb_address)
    o += pck32(0x11223344)

    jitter.vm.add_memory_page(teb_address, PAGE_READ | PAGE_WRITE, o)
开发者ID:winchester1887,项目名称:miasm,代码行数:26,代码来源:win_api_x86_32_seh.py


示例3: init_seh

def init_seh(myjit):
    global seh_count
    seh_count = 0
    build_teb(myjit, FS_0_AD)
    build_peb(myjit, peb_address)

    module_info = create_modules_chain(myjit, loaded_modules)
    fix_InLoadOrderModuleList(myjit, module_info)
    fix_InMemoryOrderModuleList(myjit, module_info)
    fix_InInitializationOrderModuleList(myjit, module_info)

    build_ldr_data(myjit, module_info)
    add_process_env(myjit)
    add_process_parameters(myjit)

    myjit.vm.add_memory_page(default_seh, PAGE_READ | PAGE_WRITE, pck32(
        0xffffffff) + pck32(0x41414141) + pck32(0x42424242))

    myjit.vm.add_memory_page(
        context_address, PAGE_READ | PAGE_WRITE, '\x00' * 0x2cc)
    myjit.vm.add_memory_page(
        exception_record_address, PAGE_READ | PAGE_WRITE, '\x00' * 200)

    myjit.vm.add_memory_page(
        FAKE_SEH_B_AD, PAGE_READ | PAGE_WRITE, 0x10000 * "\x00")
开发者ID:primitivorm,项目名称:miasm,代码行数:25,代码来源:win_api_x86_32_seh.py


示例4: build_peb

def build_peb(jitter, peb_address):
    """
    Build PEB informations using following structure:

    +0x000 InheritedAddressSpace    : UChar
    +0x001 ReadImageFileExecOptions : UChar
    +0x002 BeingDebugged            : UChar
    +0x003 SpareBool                : UChar
    +0x004 Mutant                   : Ptr32 Void
    +0x008 ImageBaseAddress         : Ptr32 Void
    +0x00c Ldr                      : Ptr32 _PEB_LDR_DATA
    +0x010 processparameter

    @jitter: jitter instance
    @peb_address: the PEB address
    """

    offset = peb_address + 8
    o = ""
    if main_pe:
        o += pck32(main_pe.NThdr.ImageBase)
    else:
        offset += 4
    o += pck32(peb_ldr_data_address)
    o += pck32(process_parameters_address)
    jitter.vm.add_memory_page(offset, PAGE_READ | PAGE_WRITE, o)
开发者ID:winchester1887,项目名称:miasm,代码行数:26,代码来源:win_api_x86_32_seh.py


示例5: fix_InInitializationOrderModuleList

def fix_InInitializationOrderModuleList(jitter, modules_info):
    """Fix InInitializationOrderModuleList double link list. First module is the
    ntdll, then kernel32. dummy is last pe.

    @jitter: the jitter instance
    @modules_info: the LoadedModules instance

    """

    log.debug("Fix InInitializationOrderModuleList")
    main_pe = modules_info.name2module.get(main_pe_name, None)
    kernel32_pe = modules_info.name2module.get("kernel32.dll", None)
    ntdll_pe = modules_info.name2module.get("ntdll.dll", None)
    dummy_pe = modules_info.name2module.get("", None)
    special_modules = [main_pe, kernel32_pe, ntdll_pe, dummy_pe]
    if not all(special_modules):
        log.warn('No main pe, ldr data will be unconsistant')
        loaded_modules = modules_info.modules
    else:
        loaded_modules = [module for module in modules_info.modules
                          if module not in special_modules]
        loaded_modules[0:0] = [ntdll_pe]
        loaded_modules[1:1] = [kernel32_pe]
        loaded_modules.append(dummy_pe)

    for i, module in enumerate(loaded_modules):
        cur_module_entry = modules_info.module2entry[module]
        prev_module = loaded_modules[(i - 1) % len(loaded_modules)]
        next_module = loaded_modules[(i + 1) % len(loaded_modules)]
        prev_module_entry = modules_info.module2entry[prev_module]
        next_module_entry = modules_info.module2entry[next_module]
        jitter.vm.set_mem(cur_module_entry + 0x10,
                          (pck32(next_module_entry + 0x10) +
                           pck32(prev_module_entry + 0x10)))
开发者ID:winchester1887,项目名称:miasm,代码行数:34,代码来源:win_api_x86_32_seh.py


示例6: init_seh

def init_seh(jitter):
    """
    Build the modules entries and create double links
    @jitter: jitter instance
    """

    global seh_count
    seh_count = 0
    build_teb(jitter, FS_0_AD)
    build_peb(jitter, peb_address)

    modules_info = create_modules_chain(jitter, name2module)
    fix_InLoadOrderModuleList(jitter, modules_info)
    fix_InMemoryOrderModuleList(jitter, modules_info)
    fix_InInitializationOrderModuleList(jitter, modules_info)

    build_ldr_data(jitter, modules_info)
    add_process_env(jitter)
    add_process_parameters(jitter)

    jitter.vm.add_memory_page(default_seh, PAGE_READ | PAGE_WRITE, pck32(
        0xffffffff) + pck32(0x41414141) + pck32(0x42424242))

    jitter.vm.add_memory_page(
        context_address, PAGE_READ | PAGE_WRITE, '\x00' * 0x2cc)
    jitter.vm.add_memory_page(
        exception_record_address, PAGE_READ | PAGE_WRITE, '\x00' * 200)

    jitter.vm.add_memory_page(
        FAKE_SEH_B_AD, PAGE_READ | PAGE_WRITE, 0x10000 * "\x00")
开发者ID:winchester1887,项目名称:miasm,代码行数:30,代码来源:win_api_x86_32_seh.py


示例7: add_process_parameters

def add_process_parameters(myjit):
    o = ""
    o += pck32(0x1000)  # size
    o += "E" * (0x48 - len(o))
    o += pck32(process_environment_address)
    myjit.vm.add_memory_page(process_parameters_address,
                             PAGE_READ | PAGE_WRITE,
                             o)
开发者ID:primitivorm,项目名称:miasm,代码行数:8,代码来源:win_api_x86_32_seh.py


示例8: add_process_parameters

def add_process_parameters(jitter):
    """
    Build a process parameters structure
    @jitter: jitter instance
    """

    o = ""
    o += pck32(0x1000)  # size
    o += "E" * (0x48 - len(o))
    o += pck32(process_environment_address)
    jitter.vm.add_memory_page(process_parameters_address,
                              PAGE_READ | PAGE_WRITE,
                              o)
开发者ID:winchester1887,项目名称:miasm,代码行数:13,代码来源:win_api_x86_32_seh.py


示例9: regs2ctxt

def regs2ctxt(jitter):
    """
    Build x86_32 cpu context for exception handling
    @jitter: jitload instance
    """

    ctxt = []
    # ContextFlags
    ctxt += [pck32(0x0)]
    # DRX
    ctxt += [pck32(0x0)] * 6
    # Float context
    ctxt += ['\x00' * 112]
    # Segment selectors
    ctxt += [pck32(reg) for reg in (jitter.cpu.GS, jitter.cpu.FS,
                                    jitter.cpu.ES, jitter.cpu.DS)]
    # Gpregs
    ctxt += [pck32(reg) for reg in (jitter.cpu.EDI, jitter.cpu.ESI,
                                    jitter.cpu.EBX, jitter.cpu.EDX,
                                    jitter.cpu.ECX, jitter.cpu.EAX,
                                    jitter.cpu.EBP, jitter.cpu.EIP)]
    # CS
    ctxt += [pck32(jitter.cpu.CS)]
    # Eflags
    # XXX TODO real eflag
    ctxt += [pck32(0x0)]
    # ESP
    ctxt += [pck32(jitter.cpu.ESP)]
    # SS
    ctxt += [pck32(jitter.cpu.SS)]
    return "".join(ctxt)
开发者ID:winchester1887,项目名称:miasm,代码行数:31,代码来源:win_api_x86_32_seh.py


示例10: set_link_list_entry

def set_link_list_entry(jitter, loaded_modules, modules_info, offset):
    for i, module in enumerate(loaded_modules):
        cur_module_entry = modules_info.module2entry[module]
        prev_module = loaded_modules[(i - 1) % len(loaded_modules)]
        next_module = loaded_modules[(i + 1) % len(loaded_modules)]
        prev_module_entry = modules_info.module2entry[prev_module]
        next_module_entry = modules_info.module2entry[next_module]
        if i == 0:
            prev_module_entry = peb_ldr_data_address + 0xC
        if i == len(loaded_modules) - 1:
            next_module_entry = peb_ldr_data_address + 0xC
        jitter.vm.set_mem(cur_module_entry + offset,
                          (pck32(next_module_entry + offset) +
                           pck32(prev_module_entry + offset)))
开发者ID:msaleh83,项目名称:miasm,代码行数:14,代码来源:win_api_x86_32_seh.py


示例11: return_from_seh

def return_from_seh(myjit):
    "Handle return after a call to fake seh handler"

    # Get current context
    context_address = upck32(myjit.vm.get_mem(myjit.cpu.ESP + 0x8, 4))
    log.info('Context address: %x', context_address)
    myjit.cpu.ESP = upck32(myjit.vm.get_mem(context_address + 0xc4, 4))
    log.info('New esp: %x', myjit.cpu.ESP)

    # Rebuild SEH
    old_seh = upck32(myjit.vm.get_mem(tib_address, 4))
    new_seh = upck32(myjit.vm.get_mem(old_seh, 4))
    log.info('Old seh: %x New seh: %x', old_seh, new_seh)
    myjit.vm.set_mem(tib_address, pck32(new_seh))

    dump_seh(myjit)

    if myjit.cpu.EAX == 0x0:
        # ExceptionContinueExecution
        ctxt_ptr = context_address
        log.info('Seh continues Context: %x', ctxt_ptr)

        # Get registers changes
        ctxt_str = myjit.vm.get_mem(ctxt_ptr, 0x2cc)
        ctxt2regs(ctxt_str, myjit)
        myjit.pc = myjit.cpu.EIP
        log.info('Context::Eip: %x', myjit.pc)

    elif myjit.cpu.EAX == -1:
        raise NotImplementedError("-> seh try to go to the next handler")

    elif myjit.cpu.EAX == 1:
        # ExceptionContinueSearch
        raise NotImplementedError("-> seh, gameover")
开发者ID:primitivorm,项目名称:miasm,代码行数:34,代码来源:win_api_x86_32_seh.py


示例12: return_from_seh

def return_from_seh(jitter):
    """Handle the return from an exception handler
    @jitter: jitter instance"""

    # Get current context
    context_address = upck32(jitter.vm.get_mem(jitter.cpu.ESP + 0x8, 4))
    log.info('Context address: %x', context_address)
    jitter.cpu.ESP = upck32(jitter.vm.get_mem(context_address + 0xc4, 4))
    log.info('New esp: %x', jitter.cpu.ESP)

    # Rebuild SEH
    old_seh = upck32(jitter.vm.get_mem(tib_address, 4))
    new_seh = upck32(jitter.vm.get_mem(old_seh, 4))
    log.info('Old seh: %x New seh: %x', old_seh, new_seh)
    jitter.vm.set_mem(tib_address, pck32(new_seh))

    dump_seh(jitter)

    if jitter.cpu.EAX == 0x0:
        # ExceptionContinueExecution
        ctxt_ptr = context_address
        log.info('Seh continues Context: %x', ctxt_ptr)

        # Get registers changes
        ctxt_str = jitter.vm.get_mem(ctxt_ptr, 0x2cc)
        ctxt2regs(ctxt_str, jitter)
        jitter.pc = jitter.cpu.EIP
        log.info('Context::Eip: %x', jitter.pc)

    elif jitter.cpu.EAX == -1:
        raise NotImplementedError("-> seh try to go to the next handler")

    elif jitter.cpu.EAX == 1:
        # ExceptionContinueSearch
        raise NotImplementedError("-> seh, gameover")
开发者ID:winchester1887,项目名称:miasm,代码行数:35,代码来源:win_api_x86_32_seh.py


示例13: init_seh

def init_seh(myjit):
    global seh_count
    seh_count = 0
    # myjit.vm.add_memory_page(tib_address, PAGE_READ | PAGE_WRITE,
    # p(default_seh) + p(0) * 11 + p(peb_address))
    myjit.vm.add_memory_page(
        FS_0_AD, PAGE_READ | PAGE_WRITE, build_fake_teb())
    # myjit.vm.add_memory_page(peb_address, PAGE_READ | PAGE_WRITE, p(0) *
    # 3 + p(peb_ldr_data_address))
    myjit.vm.add_memory_page(
        peb_address, PAGE_READ | PAGE_WRITE, build_fake_peb())
    # myjit.vm.add_memory_page(peb_ldr_data_address, PAGE_READ |
    # PAGE_WRITE, p(0) * 3 + p(in_load_order_module_list_address) + p(0) *
    # 0x20)

    """
    ldr_data += "\x00"*(InInitializationOrderModuleList_offset - len(ldr_data))
    ldr_data += build_fake_InInitializationOrderModuleList(loaded_modules)
    ldr_data += "\x00"*(InLoadOrderModuleList_offset - len(ldr_data))
    ldr_data += build_fake_InLoadOrderModuleList(loaded_modules)
    """
    myjit.vm.add_memory_page(
        LDR_AD, PAGE_READ | PAGE_WRITE, "\x00" * MAX_MODULES * 0x1000)
    module_info = create_modules_chain(myjit, loaded_modules)
    fix_InLoadOrderModuleList(myjit, module_info)
    fix_InMemoryOrderModuleList(myjit, module_info)
    fix_InInitializationOrderModuleList(myjit, module_info)

    ldr_data = build_fake_ldr_data(module_info)
    myjit.vm.set_mem(LDR_AD, ldr_data)
    add_process_env(myjit)
    add_process_parameters(myjit)

    # myjit.vm.add_memory_page(in_load_order_module_list_address,
    #     PAGE_READ | PAGE_WRITE, p(0) * 40)
    # myjit.vm.add_memory_page(in_load_order_module_list_address,
    #     PAGE_READ | PAGE_WRITE, build_fake_inordermodule(loaded_modules))
    myjit.vm.add_memory_page(default_seh, PAGE_READ | PAGE_WRITE, pck32(
        0xffffffff) + pck32(0x41414141) + pck32(0x42424242))

    myjit.vm.add_memory_page(
        context_address, PAGE_READ | PAGE_WRITE, '\x00' * 0x2cc)
    myjit.vm.add_memory_page(
        exception_record_address, PAGE_READ | PAGE_WRITE, '\x00' * 200)

    myjit.vm.add_memory_page(
        FAKE_SEH_B_AD, PAGE_READ | PAGE_WRITE, 0x10000 * "\x00")
开发者ID:CaineQT,项目名称:miasm,代码行数:47,代码来源:win_api_x86_32_seh.py


示例14: test_init

 def test_init(self):
     init_regs(self)
     self.buf = ""
     for reg_name in reversed(["EAX", "ECX",
                               "EDX", "EBX",
                               "ESP", "EBP",
                               "ESI", "EDI"]):
         self.buf += pck32(getattr(self.myjit.cpu, reg_name))
开发者ID:chubbymaggie,项目名称:miasm,代码行数:8,代码来源:mn_pushpop.py


示例15: fix_InMemoryOrderModuleList

def fix_InMemoryOrderModuleList(myjit, module_info):
    log.debug("Fix InMemoryOrderModuleList")
    # first binary is PE
    # last is dumm_e
    olist = []
    m_e = None
    d_e = None
    for m in [main_pe_name, ""] + loaded_modules:

        if isinstance(m, tuple):
            fname, e = m
        else:
            fname, e = m, None

        if "/" in fname:
            fname = fname[fname.rfind("/") + 1:]
        bname_str = fname
        bname = '\x00'.join(bname_str) + '\x00'
        if not bname.lower() in module_info:
            log.warn('Module not found, ldr data will be unconsistant')
            continue
        addr, e = module_info[bname.lower()]
        log.debug(bname_str)
        if e == main_pe:
            m_e = (e, bname, addr)
            continue
        elif e == dummy_e:
            d_e = (e, bname, addr)
            continue
        olist.append((e, bname, addr))
    if not m_e or not d_e:
        log.warn('No main pe, ldr data will be unconsistant')
    else:
        olist[0:0] = [m_e]
    olist.append(d_e)

    last_addr = 0

    for i in xrange(len(olist)):
        e, bname, addr = olist[i]
        p_e, p_bname, p_addr = olist[(i - 1) % len(olist)]
        n_e, n_bname, n_addr = olist[(i + 1) % len(olist)]
        myjit.vm.set_mem(
            addr + 0x8, pck32(n_addr + 0x8) + pck32(p_addr + 0x8))
开发者ID:primitivorm,项目名称:miasm,代码行数:44,代码来源:win_api_x86_32_seh.py


示例16: regs2ctxt

def regs2ctxt(regs):
    ctxt = ""
    ctxt += '\x00\x00\x00\x00'  # ContextFlags
    ctxt += '\x00\x00\x00\x00' * 6  # drX
    ctxt += '\x00' * 112  # float context
    ctxt += '\x00\x00\x00\x00' + '\x3b\x00\x00\x00' + \
        '\x23\x00\x00\x00' + '\x23\x00\x00\x00'  # segment selectors
    ctxt += pck32(regs['EDI']) + pck32(regs['ESI']) + pck32(regs['EBX']) + \
        pck32(regs['EDX']) + pck32(regs['ECX']) + pck32(regs['EAX']) + \
        pck32(regs['EBP']) + pck32(regs['EIP'])  # gpregs
    ctxt += '\x23\x00\x00\x00'  # cs
    ctxt += '\x00\x00\x00\x00'  # eflags
    ctxt += pck32(regs['ESP'])  # esp
    ctxt += '\x23\x00\x00\x00'  # ss segment selector
    return ctxt
开发者ID:CaineQT,项目名称:miasm,代码行数:15,代码来源:win_api_x86_32_seh.py


示例17: build_ldr_data

def build_ldr_data(jitter, modules_info):
    """
    Build Loader informations using following structure:

    +0x000 Length                          : Uint4B
    +0x004 Initialized                     : UChar
    +0x008 SsHandle                        : Ptr32 Void
    +0x00c InLoadOrderModuleList           : _LIST_ENTRY
    +0x014 InMemoryOrderModuleList         : _LIST_ENTRY
    +0x01C InInitializationOrderModuleList         : _LIST_ENTRY
    # dummy dll base
    +0x024 DllBase : Ptr32 Void

    @jitter: jitter instance
    @modules_info: LoadedModules instance

    """
    # ldr offset pad
    offset = 0xC
    addr = LDR_AD + peb_ldr_data_offset
    ldrdata = PEB_LDR_DATA(jitter.vm, addr)

    main_pe = modules_info.name2module.get(main_pe_name, None)
    ntdll_pe = modules_info.name2module.get("ntdll.dll", None)


    size = 0
    if main_pe:
        size += ListEntry.sizeof() * 2
        main_addr_entry = modules_info.module2entry[main_pe]
    if ntdll_pe:
        size += ListEntry.sizeof()
        ntdll_addr_entry = modules_info.module2entry[ntdll_pe]

    jitter.vm.add_memory_page(addr + offset, PAGE_READ | PAGE_WRITE,
                              "\x00" * size,
                              "Loader struct")  # (ldrdata.get_size() - offset))

    if main_pe:
        ldrdata.InLoadOrderModuleList.flink = main_addr_entry
        ldrdata.InLoadOrderModuleList.blink = 0

        ldrdata.InMemoryOrderModuleList.flink = main_addr_entry + \
            LdrDataEntry.get_type().get_offset("InMemoryOrderLinks")
        ldrdata.InMemoryOrderModuleList.blink = 0

    if ntdll_pe:
        ldrdata.InInitializationOrderModuleList.flink = ntdll_addr_entry + \
            LdrDataEntry.get_type().get_offset("InInitializationOrderLinks")
        ldrdata.InInitializationOrderModuleList.blink = 0

    # Add dummy dll base
    jitter.vm.add_memory_page(peb_ldr_data_address + 0x24,
                              PAGE_READ | PAGE_WRITE, pck32(0),
                              "Loader struct dummy dllbase")
开发者ID:commial,项目名称:miasm,代码行数:55,代码来源:win_api_x86_32_seh.py


示例18: build_fake_teb

def build_fake_teb():
    """
    +0x000 NtTib                     : _NT_TIB
    +0x01c EnvironmentPointer        : Ptr32 Void
    +0x020 ClientId                  : _CLIENT_ID
    +0x028 ActiveRpcHandle           : Ptr32 Void
    +0x02c ThreadLocalStoragePointer : Ptr32 Void
    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB
    +0x034 LastErrorValue            : Uint4B
    ...
    """
    o = ""
    o += pck32(default_seh)
    o += (0x18 - len(o)) * "\x00"
    o += pck32(tib_address)

    o += (0x30 - len(o)) * "\x00"
    o += pck32(peb_address)
    o += pck32(0x11223344)

    return o
开发者ID:CaineQT,项目名称:miasm,代码行数:21,代码来源:win_api_x86_32_seh.py


示例19: build_teb

def build_teb(myjit, teb_address):
    """
    +0x000 NtTib                     : _NT_TIB
    +0x01c EnvironmentPointer        : Ptr32 Void
    +0x020 ClientId                  : _CLIENT_ID
    +0x028 ActiveRpcHandle           : Ptr32 Void
    +0x02c ThreadLocalStoragePointer : Ptr32 Void
    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB
    +0x034 LastErrorValue            : Uint4B
    ...
    """
    o = ""
    o += pck32(default_seh)
    o += (0x18 - len(o)) * "\x00"
    o += pck32(tib_address)

    o += (0x30 - len(o)) * "\x00"
    o += pck32(peb_address)
    o += pck32(0x11223344)

    myjit.vm.add_memory_page(teb_address, PAGE_READ | PAGE_WRITE, o)
开发者ID:primitivorm,项目名称:miasm,代码行数:21,代码来源:win_api_x86_32_seh.py


示例20: build_peb

def build_peb(myjit, peb_address):
    """
    +0x000 InheritedAddressSpace    : UChar
    +0x001 ReadImageFileExecOptions : UChar
    +0x002 BeingDebugged            : UChar
    +0x003 SpareBool                : UChar
    +0x004 Mutant                   : Ptr32 Void
    +0x008 ImageBaseAddress         : Ptr32 Void
    +0x00c Ldr                      : Ptr32 _PEB_LDR_DATA
    +0x010 processparameter
    """

    offset = peb_address + 8
    o = ""
    if main_pe:
        o += pck32(main_pe.NThdr.ImageBase)
    else:
        offset += 4
    o += pck32(peb_ldr_data_address)
    o += pck32(process_parameters_address)
    myjit.vm.add_memory_page(offset, PAGE_READ | PAGE_WRITE, o)
开发者ID:primitivorm,项目名称:miasm,代码行数:21,代码来源:win_api_x86_32_seh.py



注:本文中的miasm2.core.utils.pck32函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Python simplifications.expr_simp函数代码示例发布时间:2022-05-27
下一篇:
Python parse_asm.parse_txt函数代码示例发布时间:2022-05-27
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap