def loadmodule(modulename, lnk): st = linker.coffexecutable() symlookup = {} pe = modulelookup[modulename].load()['Pe'] print('using', modulename, 'from memory address', '%x' % pe.parent.getoffset()) st.load(pe.parent, modulename) symlookup[modulename] = {k: st[k] for k in st.getglobals()} for module, name in (tuple(k.split('!')) for k in lnk.getglobals() if '!' in k and lnk[k] is None): if module != modulename: continue fullname = '%s!%s' % (module, name) s = symlookup[module] try: lnk[fullname] = s[fullname] except KeyError: # XXX: shell32.dll tries to import from user32.dll!Ordinal2000...which doesn't exist # OFT: 800007d0 FT: 77D15AA6 HINT: N/A Name: Ordinal: 000007d0 print("Some crazy module wants to import from %s" % fullname) continue return st
def loadmodule(modulename, lnk, lookup): st = linker.coffexecutable() symlookup = {} if modulename in lookup: pe = modulelookup[modulename].load()['Pe'] print('using', modulename, 'from memory address', '%x' % pe.parent.getoffset()) st.load(pe.parent, modulename) symlookup[modulename] = dict( ((k, st[k]) for k in st.getglobals())) # raise NotImplementedError # Somehow a few of our exports in the iat don't get set # this is in coffexecutable for module, name in (tuple(k.split('!')) for k in lnk.getglobals() if '!' in k and lnk[k] is None): if module != modulename: continue fullname = '%s!%s' % (module, name) s = symlookup[module] try: lnk[fullname] = s[fullname] except KeyError: # XXX: shell32.dll tries to import from user32.dll!Ordinal2000...which doesn't exist # OFT: 800007d0 FT: 77D15AA6 HINT: N/A Name: Ordinal: 000007d0 print("Some crazy module wants to import from %s" % fullname) return # print('reading',modulename,'from disk') failure = True search = list(searchpath) path = search.pop(0) while failure: fullpath = (path + '/' + modulename) try: st.open(fullpath) print('loaded module from %s' % fullpath) failure = False except IOError: print('unable to locate %s, trying next searchpath' % fullpath) path = search.pop(0) continue continue lnk.add(st)
def loadmodule(modulename, lnk, lookup): st = linker.coffexecutable() symlookup = {} if modulename in lookup: pe = modulelookup[modulename].load()['Pe'] print 'using',modulename,'from memory address', '%x'% pe.parent.getoffset() st.load(pe.parent,modulename) symlookup[modulename] = dict( ((k, st[k]) for k in st.getglobals()) ) # raise NotImplementedError # Somehow a few of our exports in the iat don't get set # this is in coffexecutable for module,name in ( tuple(k.split('!')) for k in lnk.getglobals() if '!' in k and lnk[k] is None ): if module != modulename: continue fullname = '%s!%s'%(module,name) s = symlookup[module] try: lnk[fullname] = s[fullname] except KeyError: # XXX: shell32.dll tries to import from user32.dll!Ordinal2000...which doesn't exist # OFT: 800007d0 FT: 77D15AA6 HINT: N/A Name: Ordinal: 000007d0 print "Some crazy module wants to import from %s"% fullname return # print 'reading',modulename,'from disk' failure = True search = list(searchpath) path = search.pop(0) while failure: fullpath = (path + '/' + modulename) try: st.open(fullpath) print 'loaded module from %s'% fullpath failure = False except IOError: print 'unable to locate %s, trying next searchpath'% fullpath path = search.pop(0) continue continue lnk.add(st)
def openmodule(modulename, lnk): st = linker.coffexecutable() failure = True search = list(searchpath) path = search.pop(0) while failure: fullpath = (path + '/' + modulename) try: st.open(fullpath) print('loaded module from %s' % fullpath) failure = False except IOError: print('unable to locate %s, trying next searchpath' % fullpath) path = search.pop(0) continue continue return st
def openmodule(modulename, lnk): st = linker.coffexecutable() failure = True search = list(searchpath) path = search.pop(0) while failure: fullpath = (path + '/' + modulename) try: st.open(fullpath) print 'loaded module from %s'% fullpath failure = False except IOError: print 'unable to locate %s, trying next searchpath'% fullpath path = search.pop(0) continue continue return st
def loadmodule(modulename, lnk): st = linker.coffexecutable() symlookup = {} pe = modulelookup[modulename].load()['Pe'] print 'using',modulename,'from memory address', '%x'% pe.parent.getoffset() st.load(pe.parent,modulename) symlookup[modulename] = dict( ((k, st[k]) for k in st.getglobals()) ) for module,name in ( tuple(k.split('!')) for k in lnk.getglobals() if '!' in k and lnk[k] is None ): if module != modulename: continue fullname = '%s!%s'%(module,name) s = symlookup[module] try: lnk[fullname] = s[fullname] except KeyError: # XXX: shell32.dll tries to import from user32.dll!Ordinal2000...which doesn't exist # OFT: 800007d0 FT: 77D15AA6 HINT: N/A Name: Ordinal: 000007d0 print "Some crazy module wants to import from %s"% fullname continue return st