def cit_aes_xor(self, p, addr):
log.info('[+] Found aes_xor key @ %X' % addr)
r = []
for c in disasm(p.readv(addr, 40), addr):
if len(r) == 4:
break
if c.mnem == 'xor':
r.append(c.op2.value)
return {'aes_xor': malduck.enhex(b''.join(map(p32, r)))}
def cit_getpes(self, p, addr):
log.info('[+] pesettings found near @ %X' % addr)
oss = []
for c in disasm(p.readv(addr - 20, 100), addr - 20):
if len(oss) == 2:
break
elif c.mnem == 'lea':
oss.append(abs(c.op2.value))
off = oss[0] - oss[1]
return {'key_off': abs(off)}
def setup(self):
self.insns = list(disasm(self.streams, 0x1000, x64=True))
def test_equal(self):
assert next(disasm(b"hAAAA", 0)).mnem == "push"
assert next(disasm(b"hAAAA", 0)).op1.value == 0x41414141
assert list(disasm(b"hAAAA", 0)) == list(disasm(b"hAAAA", 0))
def setup(self):
self.insns = list(disasm(self.streams, 0x1000))
def test_equal(self):
assert disasm(b"hAAAA", 0)[0].mnem == "push"
assert disasm(b"hAAAA", 0)[0].op1.value == 0x41414141
assert disasm(b"hAAAA", 0) == disasm(b"hAAAA", 0)