# Minimalist mutater # handles only PUSH (68/6A), CALL (E8), and JUMPS <dword> (FF25) # no real code analysis, but mutating our original program and using only ADD, MOV, RETN import pefile, mypacklib pe, oep, ib, start, size = mypacklib.load() # mutates the original code # (needs to parse the hex, transform the underneath assembly, and rewrite it) mutated_code = """ bits 32 section .text valign=1 vstart=0%(start_va)08xh """ % { "start_va": oep + ib } #we need to keep track of jump targets labels = [] pointer = oep # parse the hex and convert in disassembly for addr, op, arg in mypacklib.disasm(pe, oep): # jump targets need to be taken into account if addr + ib in labels: mutated_code += """ _%(jump_va)i: """ % {
# Minimalist mutater # handles only PUSH (68/6A), CALL (E8), and JUMPS <dword> (FF25) # no real code analysis, but mutating our original program and using only ADD, MOV, RETN import pefile, mypacklib pe, oep, ib, start, size = mypacklib.load() # mutates the original code # (needs to parse the hex, transform the underneath assembly, and rewrite it) mutated_code = """ bits 32 section .text valign=1 vstart=0%(start_va)08xh """ % {"start_va":oep + ib} #we need to keep track of jump targets labels = [] pointer = oep # parse the hex and convert in disassembly for addr, op, arg in mypacklib.disasm(pe, oep): # jump targets need to be taken into account if addr + ib in labels: mutated_code += """ _%(jump_va)i: """ % {"jump_va":addr + ib} # rewrite opcodes in mutated form