Python rainbow_x86示例

编程语言: Python

命名空间/包名称: rainbow.generics

方法/功能: rainbow_x86

hotexamples.com的示例: 2

Python rainbow_x86 - 已找到2个示例。这些是从开源项目中提取的最受好评的rainbow.generics.rainbow_x86现实Python示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

def generate_targetf():
    e = rainbow_x86(sca_mode=True)

    e.load("libnative-lib_x86.so")
    target_func = "_Z48TfcqPqf1lNhu0DC2qGsAAeML0SEmOBYX4jpYUnyT8qYWIlEqPhS_"

    e.trace = 1
    e.mem_trace = 1
    e.trace_regs = 1

    def targetf(inp, length):
        e.trace_reset()
        e[e.STACK[0]:e.STACK[1]] = 0

        for r in e.INTERNAL_REGS:
            e[r] = 0

        e["ebp"] = e.STACK_ADDR
        e["esp"] = e.STACK_ADDR

        e[0xBADC0FE0] = unhexlify(inp)
        e[0xA5A5A5A5] = unhexlify(inp)
        # e[e.STACK_ADDR] = 0xDEADBEEF
        e[e.STACK_ADDR + 4] = 0xBADC0FE0
        e[e.STACK_ADDR + 8] = 0xA5A5A5A5
        e.start(e.functions[target_func], 0, count=length)

        return e.sca_address_trace, e.sca_values_trace

    return e, targetf

示例#2

显示文件

文件： go.py 项目： davidelbaze/rainbow

# Hack.lu ctf 2009
from rainbow.generics import rainbow_x86
from binascii import unhexlify, hexlify

e = rainbow_x86(sca_mode=True)
e.load('crackme.exe')


def encrypt(plain):
    # Reset the emulator state
    e.trace_reset()
    for r in e.INTERNAL_REGS:
        e[r] = 0
    e['esp'] = e.STACK_ADDR
    e['ebp'] = e.STACK_ADDR

    # Load the plaintext into memory
    # the state is loaded column-wise
    order = [0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15]
    for i, j in enumerate(order):
        e[0xdeadbe00 + i] = plain[j]

    # the encryption function is identified at 0x401050
    # it takes its input parameter from stack+4
    e[e.STACK_ADDR + 4] = 0xdeadbe00
    e.start(0x401050, 0, count=1000)

    return e.sca_values_trace


if __name__ == "__main__":