Python write_mem示例

示例#1

文件： hooking.py 项目： captincook/pyboxed

    def __setattr__(self, name, value):
        """Set register value
        @param name: Register name (can be upper or lower)
        @type name: str
        @param value: The numeric value to put in the register
        @type value: int ( 0 <= value < 2**32)
        """
        
        reg_name = name.upper()
        if not RegisterContext.offsets.has_key(reg_name):
            return object.__setattr__(self, name, value)

        if not (0<= value <= 0xffffffff):
            raise ValueError, "Register value must be inbetween 0 and "\
                              "0xFFFFFFFF"

        offset = RegisterContext.offsets[reg_name]
        reg_val = struct.pack("I", value)
        memorymanager.write_mem(self.base_addr + offset, reg_val)

示例#2

文件： hooking.py 项目： captincook/pyboxed

 def set_return_addr(self, new_ret_addr):
     """Changes the return address
     @param new_ret_addr: New return address
     @type new_ret_addr: int (0<= new_ret_addr <= 0xFFFFFFFF)
     """
     if not (0<= new_ret_addr <= 0xffffffff):
         raise ValueError, "Return address must be inbetween 0 and "\
                           "0xFFFFFFFF"
     rval = struct.pack("I", new_ret_addr)
     return memorymanager.write_mem(self.retaddr_p, rval)

示例#3

文件： hooking.py 项目： palaniyappanBala/pyboxed

 def set_return_addr(self, new_ret_addr):
     """Changes the return address
     @param new_ret_addr: New return address
     @type new_ret_addr: int (0<= new_ret_addr <= 0xFFFFFFFF)
     """
     if not (0 <= new_ret_addr <= 0xffffffff):
         raise ValueError, "Return address must be inbetween 0 and "\
                           "0xFFFFFFFF"
     rval = struct.pack("I", new_ret_addr)
     return memorymanager.write_mem(self.retaddr_p, rval)

示例#4

文件： hooking.py 项目： palaniyappanBala/pyboxed

    def __setattr__(self, name, value):
        """Set register value
        @param name: Register name (can be upper or lower)
        @type name: str
        @param value: The numeric value to put in the register
        @type value: int ( 0 <= value < 2**32)
        """

        reg_name = name.upper()
        if not RegisterContext.offsets.has_key(reg_name):
            return object.__setattr__(self, name, value)

        if not (0 <= value <= 0xffffffff):
            raise ValueError, "Register value must be inbetween 0 and "\
                              "0xFFFFFFFF"

        offset = RegisterContext.offsets[reg_name]
        reg_val = struct.pack("I", value)
        memorymanager.write_mem(self.base_addr + offset, reg_val)

示例#5

文件： hooking.py 项目： captincook/pyboxed

    def remove(self):
        """Removes the hook"""
        if memorymanager.write_mem(self.identifier, self.original_code):
            logging.debug("Successfully removed hook at address %08x" % \
                          self.identifier)
        else:
            logging.error("Failed to remove hook at address %08x" % \
                          self.identifier)
            return False

        return True

示例#6

文件： hooking.py 项目： palaniyappanBala/pyboxed

    def remove(self):
        """Removes the hook"""
        if memorymanager.write_mem(self.identifier, self.original_code):
            logging.debug("Successfully removed hook at address %08x" % \
                          self.identifier)
        else:
            logging.error("Failed to remove hook at address %08x" % \
                          self.identifier)
            return False

        return True

示例#7

文件： hooking.py 项目： palaniyappanBala/pyboxed

    def create(self, func_entry_addr, callback_function):
        """Creates the hook.
        @param func_entry_addr: The address of the function entry to hook
        @type func_entry_addr: int (0<= func_entry_addr < 2**32)
        @param callback_function: Python callback function
        @type callback_function: Python function with parameter 
                                 (ExecutionContext)
        @return: C{True} on success. C{False} on failure
        """

        if not (0 <= func_entry_addr <= 0xffffffff):
            raise ValueError, "Invalid function entry address <> [0, 2**32]"

        # read disassembly and make sure we can at least 5 consecutive bytes
        # longest x86 instruction is 15 bytes:
        # add [ds:esi+ecx*2+0x67452301], 0xEFCDAB89
        code = memorymanager.read_addr(func_entry_addr, 20)
        save_code = ""
        while len(save_code) < 5:
            instr = pydasm.get_instruction(code, pydasm.MODE_32)
            if not instr:
                logging.warn("Cannot hook. Failed to disassemble bytes: \n" + \
                             binascii.hexlify(code))
                return False
            save_code += code[:instr.length]
            code = code[instr.length:]

        # create trampoline
        if not self.create_trampoline(
                func_entry_addr,
                func_entry_addr + len(save_code),
                save_code,
            [1],  #check locking
                callback_function):
            logging.warn("Failed to create trampoline")
            return False

        # overwrite the original code (write hook)
        tramp_offset = ctypes.addressof(
            self.trampoline) - (func_entry_addr + 5)
        hook_code = "\xE9" + struct.pack("I", tramp_offset)
        hook_code += "\x90" * (len(save_code) - 5)
        #hook_code = "\xeb\xfe" + hook_code

        if memorymanager.write_mem(func_entry_addr, hook_code):
            logging.debug("Successfully hooked target address %08x -> %08x" %\
                          (func_entry_addr, ctypes.addressof(self.trampoline)))
        else:
            logging.error("Failed to create hook at address %08x" % \
                          func_entry_addr)
            return False

        return True

示例#8

文件： hooking.py 项目： captincook/pyboxed

    def create(self, func_entry_addr, callback_function):
        """Creates the hook.
        @param func_entry_addr: The address of the function entry to hook
        @type func_entry_addr: int (0<= func_entry_addr < 2**32)
        @param callback_function: Python callback function
        @type callback_function: Python function with parameter 
                                 (ExecutionContext)
        @return: C{True} on success. C{False} on failure
        """

        if not (0<= func_entry_addr <= 0xffffffff):
            raise ValueError, "Invalid function entry address <> [0, 2**32]"
        
        # read disassembly and make sure we can at least 5 consecutive bytes
        # longest x86 instruction is 15 bytes:
        # add [ds:esi+ecx*2+0x67452301], 0xEFCDAB89 
        code = memorymanager.read_addr(func_entry_addr, 20)
        save_code = ""
        while len(save_code) < 5:
            instr = pydasm.get_instruction(code, pydasm.MODE_32)
            if not instr:
                logging.warn("Cannot hook. Failed to disassemble bytes: \n" + \
                             binascii.hexlify(code))
                return False
            save_code += code[:instr.length]
            code = code[instr.length:]

        # create trampoline
        if not self.create_trampoline(func_entry_addr,
                                      func_entry_addr + len(save_code),
                                      save_code,
                                      [1], #check locking
                                      callback_function):
            logging.warn("Failed to create trampoline")
            return False

        # overwrite the original code (write hook)
        tramp_offset = ctypes.addressof(self.trampoline) - (func_entry_addr + 5)
        hook_code = "\xE9" + struct.pack("I", tramp_offset)
        hook_code += "\x90"*(len(save_code)-5)
        #hook_code = "\xeb\xfe" + hook_code

        if memorymanager.write_mem(func_entry_addr, hook_code):
            logging.debug("Successfully hooked target address %08x -> %08x" %\
                          (func_entry_addr, ctypes.addressof(self.trampoline)))
        else:
            logging.error("Failed to create hook at address %08x" % \
                          func_entry_addr)
            return False
        
        return True

示例#9

文件： hooking.py 项目： captincook/pyboxed

 def set_arg(self, arg_index, value):
     """Assumes that each parameter on the stack is 4-bytes in size.
     Sets the n-th of those parameters.
     @param arg_index: Index of function parameters
     @type arg_index: int
     @param value: The numeric value to put in the register
     @type value: int ( 0 <= value < 2**32)
     """
     if not (0<= value <= 0xffffffff):
         raise ValueError, "Parameter must be inbetween 0 and 0xFFFFFFFF"
     rval = struct.pack("I", value)
     
     return memorymanager.write_mem(self.stack_params + (arg_index <<2),
                                    rval)

示例#10

文件： hooking.py 项目： palaniyappanBala/pyboxed

    def set_arg(self, arg_index, value):
        """Assumes that each parameter on the stack is 4-bytes in size.
        Sets the n-th of those parameters.
        @param arg_index: Index of function parameters
        @type arg_index: int
        @param value: The numeric value to put in the register
        @type value: int ( 0 <= value < 2**32)
        """
        if not (0 <= value <= 0xffffffff):
            raise ValueError, "Parameter must be inbetween 0 and 0xFFFFFFFF"
        rval = struct.pack("I", value)

        return memorymanager.write_mem(self.stack_params + (arg_index << 2),
                                       rval)