# Instantiate our emulator object
emu = PEPyEmu()
if exename:
# Load the binary into PyEmu
if not emu.load(exename):
print "[!] Problem loading %s" % exename
sys.exit(2)
else:
print "[!] Blank filename specified"
sys.exit(3)
# Set our library handlers
emu.set_library_handler("LoadLibraryA", loadlibrary)
emu.set_library_handler("GetProcAddress", getprocaddress)
emu.set_library_handler("VirtualProtect", virtualprotect)
# Set a breakpoint at the real entry point to dump binary
emu.set_mnemonic_handler( "jmp", jmp_handler )
# Execute starting from the header entry point
emu.execute( start=emu.entry_point )
'''
HMODULE WINAPI LoadLibrary(
__in LPCTSTR lpFileName
);
'''
fh.write("%c" % emu.get_memory(base+x, 1))
print "[*] Dumping UPX1 Section"
base = emu.sections["UPX1"]["base"]
length = emu.sections["UPX1"]["vsize"]
print "[*] Base: 0x%08x Vsize: %08x" % (base, length)
for x in range(length):
fh.write("%c" % emu.get_memory(base+x, 1))
print "[*] Finished."
exename = sys.argv[1]
outputfile = sys.argv[2]
emu = PEPyEmu()
if exename:
if not emu.load(exename):
print "[!] Problem loading %s" % exename
sys.exit(2)
else:
print "[!] Blank filename specified"
sys.exit(3)
emu.set_library_handler("LoadLibraryA", loadlibrary)
emu.set_library_handler("GetProcAddress", getprocaddress)
emu.set_library_handler("VirtualProtect", virtualprotect)
emu.set_mnemonic_handler("jmp", jmp_handler)
emu.execute(start=emu.entry_point, end=0xFFFFFFFF)
# 에뮬레이터 객체를 초기화 한다
emu = PEPyEmu()
if exename:
# PyEmu 에 바이너리를 로드한다
if not emu.load(exename):
print "[!] Problem loading %s" % exename
sys.exit(2)
else:
print "[!] Blank filename specified"
sys.exit(3)
# 라이브러리 핸들러를 설정한다.
emu.set_library_handler("LoadLibraryA", loadlibrary)
emu.set_library_handler("GetProcAddress", getprocaddress)
emu.set_library_handler("VirtualProtect", virtualprotect)
# 바이너리를 덤프하기 위해 실제 엔트리 포인트에 브레이크 포인트를 설정한다.
emu.set_mnemonic_handler("jmp", jmp_handler)
# 엔트리포인트부터 실행을 시작한다
emu.execute(start=emu.entry_point)
'''
HMODULE WINAPI LoadLibrary(
__in LPCTSTR lpFileName
