ia32.setRelativeAddress(address, newinstruction, target), 4)
def __patch(self, sourceaddress, destinationaddress):
instruction = ''.join(
self.__createbranch(sourceaddress, '\xe9', destinationaddress))
mm = self.memorymanager
mm.allocator.setMemoryPermission(sourceaddress, 1, int('110', 2))
count = mm.write(sourceaddress, instruction)
mm.allocator.setMemoryPermission(sourceaddress, 1, int('101', 2))
if __name__ == '__main__':
import sys, memorymanager, instrument
if False:
mm = memorymanager.new(pid=int(sys.argv[1], 16))
self = instrument.instruction(mm)
#address = 0x00402f64
#address = 0x00401f0d
address = int(sys.argv[2], 16)
self[address] = '\xcc\xcc\xcc\xcc\xcc'
self.commit()
print self
print self.loaded
print self.committed
if False:
import ia32, struct
if bitmap.empty(layout):
self.allocator.freeWriteable(page, 1)
del(self.allocations[page])
return
# perhaps zero the buffer out?
return
if False and __name__ == '__main__':
import sys
import memorymanager,debugger
debugger = debugger.Local()
# debugger.attach(int(sys.argv[1], 0x10))
v = memorymanager.new()
list = []
for n in range(4):
res = v.alloc(0x400)
list.append(res)
print '\n'.join(map(hex,list))
print '=' * 80
for n in list:
print 'free(%x)'% n
v.free(n)
print '.' * 80
page = v.alloc(0x4000)
def unload(self, mm):
for name in self.segments.keys():
self.__deallocatesegment(name, mm)
name, address, length = self.segments[name]
del (self.segments[name])
print('Unloaded segment %s at %x:%x' %
(name, address, address + length))
return
if __name__ == '__main__':
import sys
import linker, loader, memorymanager
pid = 1832
pid = int(sys.argv[1])
mm = memorymanager.new(
allocator=memorymanager.allocator.WindowsProcessId(pid))
if True:
import ndk
import ctypes
ntdll = ctypes.WinDLL('ntdll.dll')
def getProcessBasicInformation(handle):
class ProcessBasicInformation(ctypes.Structure):
_fields_ = [('Reserved1', ctypes.c_uint32),
('PebBaseAddress', ctypes.c_uint32),
('Reserved2', ctypes.c_uint32 * 2),
('UniqueProcessId', ctypes.c_uint32),
('Reserved3', ctypes.c_uint32)]
pbi = ProcessBasicInformation()
newinstruction = ia32.promoteBranch(instruction, 4)
return ia32.promoteBranch(ia32.setRelativeAddress(address, newinstruction, target), 4)
def __patch(self, sourceaddress, destinationaddress):
instruction = ''.join( self.__createbranch(sourceaddress, '\xe9', destinationaddress) )
mm = self.memorymanager
mm.allocator.setMemoryPermission(sourceaddress, 1, int('110', 2))
count = mm.write(sourceaddress, instruction)
mm.allocator.setMemoryPermission(sourceaddress, 1, int('101', 2))
if __name__ == '__main__':
import sys,memorymanager,instrument
if False:
mm = memorymanager.new(pid=int(sys.argv[1],16))
self = instrument.instruction(mm)
#address = 0x00402f64
#address = 0x00401f0d
address = int(sys.argv[2],16)
self[address] = '\xcc\xcc\xcc\xcc\xcc'
self.commit()
print self
print self.loaded
print self.committed
if False:
import ia32,struct
self.allocator.freeWriteable(page, 1)
del (self.allocations[page])
return
# perhaps zero the buffer out?
return
if False and __name__ == '__main__':
import sys
import memorymanager, debugger
debugger = debugger.Local()
# debugger.attach(int(sys.argv[1], 0x10))
v = memorymanager.new()
list = []
for n in range(4):
res = v.alloc(0x400)
list.append(res)
print('\n'.join(map(hex, list)))
print('=' * 80)
for n in list:
print('free(%x)' % n)
v.free(n)
print('.' * 80)
page = v.alloc(0x4000)
return
def unload(self, mm):
for name in self.segments.keys():
self.__deallocatesegment(name, mm)
name,address,length=self.segments[name]
del(self.segments[name])
print 'Unloaded segment %s at %x:%x'%(name,address,address+length)
return
if __name__ == '__main__':
import sys
import linker,loader,memorymanager
pid = 1832
pid = int(sys.argv[1])
mm = memorymanager.new(allocator=memorymanager.allocator.WindowsProcessId(pid))
if True:
import ndk
import ctypes
ntdll = ctypes.WinDLL('ntdll.dll')
def getProcessBasicInformation(handle):
class ProcessBasicInformation(ctypes.Structure):
_fields_ = [('Reserved1', ctypes.c_uint32),
('PebBaseAddress', ctypes.c_uint32),
('Reserved2', ctypes.c_uint32 * 2),
('UniqueProcessId', ctypes.c_uint32),
('Reserved3', ctypes.c_uint32)]
pbi = ProcessBasicInformation()
res = ntdll.NtQueryInformationProcess(handle, 0, ctypes.byref(pbi), ctypes.sizeof(pbi), None)
