def find_jmpreg(self,dir="c:\windows\system32"):
k = os.listdir("c:\windows\system32")
for z in k:
if z.endswith(".dll"):
data = []
cmd = "%s -D C:\windows\system32\%s" % (self.objdump,z)
fh = os.popen(cmd,"r")
data = fh.read(100000).split("\n")
fh.close()
for r in data:
y = "eb\x20%s" % self.reg
if r.find("jmp") != -1 and r.find(y) != -1:
(addy,null) = r.split(":")
temp = "0x%s" % addy
print temp
self.addrs[z] = int(temp,0)
self.found = 1
if self.found != 1:
print "found no jmp [reg]!"
return 0
return 1
# pre defined database of jmp's
评论列表
文章目录
