def gennop(size, NOPS=None):
"""
genNOP is used to create an arbitrary length NOP sled using characters of your choosing.
Perhaps you prefer \x90, perhaps you like the defaults. Given a list of NOP characters,
genNOP will randomize and spit out something not easily recognized by the average human/rev engineer.
Still, while you are working a vulnerability, you may prefer to specify one byte such as "A" or
"\x90" as they are easily identified while searching memory.
Defaults:
# inc eax @ \x40
# inc ecx A \x41
# inc edx B \x42
# inc ebx C \x43
# inc esp D \x44
# inc ebp E \x45
# inc esi F \x46
# inc edi G \x47
# dec eax H \x48
# dec esx J \x4a
# daa ' \x27
# das / \x2f
# nop \x90
# xor eax,eax \x33\xc0
source: atlasutils
"""
DEFAULT_NOPS = "ABCFGHKIJ@'"
if (not NOPS):
NOPS = DEFAULT_NOPS
sled = ""
for i in range(size, 0, -1):
N = random.randint(0, len(NOPS) - 1)
sled += NOPS[N]
return sled
def db(t, p):
if len(sequence) == maxlen:
return
if t > n:
if n % p == 0:
for j in range(1, p + 1):
sequence.append(charset[a[j]])
if len(sequence) == maxlen:
return
else:
a[t] = a[t - p]
db(t + 1, p)
for j in range(a[t - p] + 1, k):
a[t] = j
db(t + 1, t)
def normalize_argv(args, size=0):
"""
Normalize argv to list with predefined length
"""
args = list(args)
for (idx, val) in enumerate(args):
if to_int(val) is not None:
args[idx] = to_int(val)
if size and idx == size:
return args[:idx]
if size == 0:
return args
args.extend([None for _ in range(len(args), size)])
return args
def str2intlist(data, intsize=4):
"""
Convert a string to list of int
"""
result = []
data = decode_string_escape(data)[::-1]
l = len(data)
data = ("\x00" * (intsize - l % intsize) +
data) if l % intsize != 0 else data
for i in range(0, l, intsize):
if intsize == 8:
val = struct.unpack(">Q", data[i:i + intsize])[0]
else:
val = struct.unpack(">L", data[i:i + intsize])[0]
result = [val] + result
return result
def cyclic_pattern_charset(charset_type=None):
"""
Generate charset for cyclic pattern
Args:
- charset_type: charset type
0: basic (0-9A-Za-z)
1: extended (default)
2: maximum (almost printable chars)
Returns:
- list of charset
"""
charset = []
charset += ["ABCDEFGHIJKLMNOPQRSTUVWXYZ"] # string.uppercase
charset += ["abcdefghijklmnopqrstuvwxyz"] # string.lowercase
charset += ["0123456789"] # string.digits
if not charset_type:
charset_type = config.Option.get("pattern")
if charset_type == 1: # extended type
charset[1] = "%$-;" + charset[1]
charset[2] = "sn()" + charset[2]
if charset_type == 2: # maximum type
charset += ['!"#$%&\()*+,-./:;<=>?@[\\]^_{|}~'] # string.punctuation
mixed_charset = mixed = ''
k = 0
while True:
for i in range(0, len(charset)):
mixed += charset[i][k:k + 1]
if not mixed: break
mixed_charset += mixed
mixed = ''
k += 1
return mixed_charset