# read the next instruction
code = f.read()
iterable = distorm3.DecomposeGenerator(offset, code, dt, \
distorm3.DF_RETURN_FC_ONLY | distorm3.DF_STOP_ON_FLOW_CONTROL)
inst = iterable.next()
# if we've encountered a loop exit
if hasAddr(inst.address):
print 'Found a loop!', hex(inst.address), inst, inst.flowControl
return
workRva = inst.address
if __name__ == '__main__':
f = PE(open('print.exe', 'rb'))
print 'ImageBase', f.imagebase
print 'entrypoint ofs', hex(f.rva2ofs(f.entrypoint))
getExterns(f)
# some datastructure of interest
workQ = collections.deque()
# distorm3
dt = distorm3.Decode32Bits
# inst1
f.seek(f.rva2ofs(f.entrypoint))
code = f.read()
workQ.append(f.entrypoint)
while workQ:
import os
from pe import PE
import distorm3
# distorm3 things
offset = 0
dt = distorm3.Decode32Bits
f = open('print.exe', 'rb')
o = PE(f)
# distorm3
f.seek(o.rva2ofs(o.entrypoint))
code = f.read()
iterable = distorm3.DecomposeGenerator(offset, code, dt, \
distorm3.DF_RETURN_FC_ONLY | distorm3.DF_STOP_ON_FLOW_CONTROL)
print iterable.next()
import os
import sys
from pe import PE
import distorm3
encountered = list()
def hasAddr(addr):
for r in encountered:
if addr in r:
return True
return False
if __name__ == '__main__':
pe = PE(open('print.exe', 'rb'))
print 'ImageBase', pe.imagebase
print 'entrypoint ofs', hex(pe.rva2ofs(pe.entrypoint))
# distorm3
dt = distorm3.Decode32Bits
# inst1
pe.seek(pe.rva2ofs(pe.entrypoint))
code = pe.read()
offset = pe.entrypoint
iterable = distorm3.DecomposeGenerator(offset, code, dt, \
distorm3.DF_RETURN_FC_ONLY | distorm3.DF_STOP_ON_FLOW_CONTROL)
inst = iterable.next()
# add what we've encountered