스터디/└ 소스파일들 (13) 썸네일형 리스트형 my_ioctl_fuzzer.py import pickleimport sysimport random from ctypes import * kernel32 = windll.kernel32 # Defines for Win32 API CallsGENERIC_READ = 0x80000000GENERIC_WRITE = 0x40000000OPEN_EXISTING = 0x3 # Open the pickle and retrieve the dictionary fd = open(sys.argv[1], "rb")master_list = pickle.load(fd)ioctl_list = master_list["ioctl_list"]device_list = master_list["device_list"]fd.close() # Now test that we ca.. ioctl_dump.py import pickleimport driverlib from immlib import * def main( args ): ioctl_list = [] device_list = [] dbg = Debugger() driver = driverlib.Driver() # Grab the list of IOCTL codes and device names ioctl_list = driver.getIOCTLCodes() if not len(ioctl_list): return "[*] ERROR! Couldn't find any IOCTL codes." device_list = driver.getDeviceNames() if not len(device_list): return "[*] ERROR! Couldn't f.. ioctl_fuzzer.py import structimport randomfrom immlib import * class ioctl_hook( LogBpHook ): def __init__( self ): self.imm = Debugger() self.logfile = "C:\ioctl_log.txt" LogBpHook.__init__(self) def run( self, regs ): in_buf = "" # read the IOCTL code ioctl_code = self.imm.readLong( regs['ESP'] + 8 ) # read out the InBufferSize inbuffer_size = self.imm.readMemory( regs['ESP'] + 0x10, 4) inbuffer_size = struct.. firfox_hook.py from pydbg import * from pydbg.defines import * import utils import sys dbg = pydbg() found_firefox = False pattern = "password" def ssl_sniff(dbg,args): buffer = "" offset = 0 while 1: byte = dbg.read_process_memory(args[1] + offset, 1) if byte != "\x00": buffer += byte offset += 1 continue else: break if pattern in buffer: print "Pre-Encrypted: %s" % buffer return DBG_CONTINUE # find firefox P.. hippie_easy.py import immlib import immutils def getRet(imm,allocaddr,max_opcodes = 300): addr = allocaddr for a in range(0,max_opcodes): op = imm.disasmForward(addr) if op.isRet(): if op.getImmConst() == 0xC: op = imm.disasmBackward(addr,3) return op.getAddress() addr = op.getAddress() return 0x0 def showresult(imm,a,rtlallocate): if a[0] == rtlallocate: imm.log("RtlAllocateHeap(0x%08x,0x%08x,0x%08x) 8시간의 대장정. from immlib import * def main(args): shellcode="\x7f\xac" length = len(shellcode) shellcode=shellcode.encode("HEX") imm = Debugger() imm.log("Shellcode length : %s" % len(shellcode)) # shellcode = shellcode.encode("HEX") imm.log("We Finding : %s" % shellcode) regs = imm.getRegs() imm.log("EIP : 0x%08x" % regs['EIP']) imm.log("EBP : 0x%08x" % regs['EBP']) imm.log("ESP : 0x%08x" % regs['ESP']) add.. 책 원본 소스파일 # -*- coding: cp949 -*- from pydbg import * from pydbg.defines import * import struct import random def printf_randomizer(dbg): parameter_addr = dbg.context.Esp + 0x8 counter = dbg.read_process_memory(parameter_addr,4) #read_process_memeory returns binary string counter = struct.unpack("L",counter)[0] print "Counter: %d" % int(counter) random_counter = random.randint(1,100) random_counter = stru.. Memory Breakpoint 까지의 소스 파이썬 해킹 프로그래밍 3장 최종 소스.참 여러 삽질 끝에 도달했다. my_debugger.py # -*- coding: cp949 -*- from ctypes import * from my_debugger_defines import * kernel32 = windll.kernel32 class debugger(): def __init__(self): self.h_process = None self.pid = None self.debugger_active = False self.h_thread = None self.context = None self.exception = None self.exception_address = None self.breakpoints = {} self.first_breakpo.. 이전 1 2 다음