DecryptStringsBonus.py 文件源码

python
阅读 21 收藏 0 点赞 0 评论 0

项目:RE 作者: wasdwasdwasdwasd 项目源码 文件源码
def DecryptStackStrings(addrDecryptFunction):
    global emu
    print "[+]DecryptStackStrings"

    #Get All XrefsTo this function
    calls = idautils.CodeRefsTo(addrDecryptFunction, 1)

    # Iterate all Calls Decrypt Strings
    for call in calls:
        print "[+]Call at 0x%08X %s" % (call, idc.GetFunctionName(call))

        # Resolve Parameters
        # Param1. DestBuffer
        # Param2. Length
        # Param3. StackStringEncrypted
        destBuffer, length = GetDecryptString1Parameters(call)
        print "[+]Params dest = 0x%08X len = 0x%08X" % (destBuffer, length)

        #Get Emulation Boundaries
        emulStart, emulEnd = GetDecryptString1EmulationBoundaries(call, length)
        print "[+]Start 0x%08X, End 0x%08X" % (emulStart, emulEnd)

        #Inits Registers
        PrepareEmuRegister(emu, emulStart)

        #Try to Emulate and Update the ida databse
        try:
            #Emulate
            szDecryptedString = Emulate(emu, emulStart, emulEnd)

            #Valid Decrypted String
            if 0 < len(szDecryptedString):
                print "[+]Decrypted: \"%s\" at 0x%08X" % (szDecryptedString, call)
                #Add Comment and Patch Database
                idc.MakeRptCmt(call, szDecryptedString)

                #If DestBuffer is an address and not a register
                #Make Name and Patch IDB
                if destBuffer != 0 and destBuffer != -1:
                    idc.MakeNameEx(destBuffer, "" + szDecryptedString, SN_NOCHECK)

                    # Patch decrypted Buffer and convert to String
                    idx = 0
                    for c in szDecryptedString:
                        idc.PatchByte(destBuffer + idx, ord(c))
                        idx += 1

                    idc.PatchByte(destBuffer + idx, 0)
                    idc.MakeStr(destBuffer, destBuffer + idx)

        except:
            print "[+]EmulStart = 0x%08X, EmulEnd = 0x%08X" % (emulStart, emulEnd)
            emu.dump_regs()
            e = sys.exc_info()[0]
            print e

        print

#Performs the Emulation and Returns the Dumped String
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号