distorm3.DF_RETURN_FC_ONLY | distorm3.DF_STOP_ON_FLOW_CONTROL)
inst = iterable.next()
# if we've encountered a loop exit
if hasAddr(inst.address):
print 'Found a loop!', hex(inst.address), inst, inst.flowControl
return
workRva = inst.address
if __name__ == '__main__':
f = PE(open('print.exe', 'rb'))
print 'ImageBase', f.imagebase
print 'entrypoint ofs', hex(f.rva2ofs(f.entrypoint))
getExterns(f)
# some datastructure of interest
workQ = collections.deque()
# distorm3
dt = distorm3.Decode32Bits
# inst1
f.seek(f.rva2ofs(f.entrypoint))
code = f.read()
workQ.append(f.entrypoint)
while workQ:
doWork(workQ)
def hasAddr(addr):
for r in encountered:
if addr in r:
return True
return False
if __name__ == '__main__':
pe = PE(open('print.exe', 'rb'))
print 'ImageBase', pe.imagebase
print 'entrypoint ofs', hex(pe.rva2ofs(pe.entrypoint))
# distorm3
dt = distorm3.Decode32Bits
# inst1
pe.seek(pe.rva2ofs(pe.entrypoint))
code = pe.read()
offset = pe.entrypoint
iterable = distorm3.DecomposeGenerator(offset, code, dt, \
distorm3.DF_RETURN_FC_ONLY | distorm3.DF_STOP_ON_FLOW_CONTROL)
inst = iterable.next()
# add what we've encountered
encountered.append(range(pe.entrypoint, inst.address+1))
print hex(inst.address), inst, inst.flowControl, inst.operands[0], inst.operands[0].type
while True:
# if a conditional branch, don't take it
# if inst.flowControl == 'FC_CND_BRANCH':