def Main():
codeSegments = GetExecutableSegments()
#Iterate Segments
for segment in codeSegments:
functions = GetFunctions(segment)
#Iterate Functions and search XOR
for function in functions:
flag = GetFunctionFlags(function)
if flag == -1 or flag & FUNC_LIB:
continue
#print hex(function), GetFunctionName(function)
xorList = FindXor(function)
if 0 < len(xorList):
print "[+]Found Possible Crypto at 0x%08X in function %s" % (function, GetFunctionName(function))
# Itrate over tuples (function, xorAddr, xorMnemonic, operand1, operand2)
for xor in xorList:
print "[+]Crypto Inst: 0x%08X: %s %s %s" % (xor[1], xor[2], xor[3], xor[4])
#hardcoded addresses are not good
if function == 0x00402C72:
DecryptString0(function)
else:
pass
#Script Entry
评论列表
文章目录
