python 通过 capstone 反汇编
2022/4/4 17:19:20
本文主要是介绍python 通过 capstone 反汇编,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
Capstone是一个轻量级的多平台、多架构的反汇编框架,该模块支持目前所有通用操作系统,反汇编架构几乎全部支持。
capstone使用起来非常简单,如果只需要静态反汇编,则几行代码即可完成该功能了。
from capstone import * # powerby LyShark def Disassembly(path,BaseAddr,FileOffset,ReadByte): with open(path,"rb") as fp: fp.seek(int(FileOffset)) opcode = fp.read(int(ReadByte)) md = Cs(CS_ARCH_X86, CS_MODE_32) for item in md.disasm(opcode, 0): addr = int(BaseAddr) + item.address dic = {"Addr": str(addr) , "OpCode": item.mnemonic + " " + item.op_str} print(dic) if __name__ == "__main__": # 文件名 内存地址 开始位置 长度 Disassembly("d://Win32Project.exe",401000,0,1024)
如果需要针对.text节进行反汇编,则需要通过pefile模块找到该节所对应到文件中的位置,并从该位置开始向下反编译即可,代码如下:
from capstone import * import pefile # 遍历整个可执行文件并返回汇编代码,有一个小Bug # powerby LyShark def FOA_Disassembly(FilePath): opcode_list = [] pe = pefile.PE(FilePath) ImageBase = pe.OPTIONAL_HEADER.ImageBase for item in pe.sections: if str(item.Name.decode('UTF-8').strip(b'\x00'.decode())) == ".text": # print("虚拟地址: 0x%.8X 虚拟大小: 0x%.8X" %(item.VirtualAddress,item.Misc_VirtualSize)) VirtualAddress = item.VirtualAddress VirtualSize = item.Misc_VirtualSize ActualOffset = item.PointerToRawData StartVA = ImageBase + VirtualAddress StopVA = ImageBase + VirtualAddress + VirtualSize with open(FilePath,"rb") as fp: fp.seek(ActualOffset) HexCode = fp.read(VirtualSize) md = Cs(CS_ARCH_X86, CS_MODE_32) for item in md.disasm(HexCode, 0): addr = hex(int(StartVA) + item.address) dic = {"Addr": str(addr) , "OpCode": item.mnemonic + " " + item.op_str} print("[+] 反汇编地址: {} 参数: {}".format(addr,dic)) opcode_list.append(dic) return opcode_list if __name__ == "__main__": ref = FOA_Disassembly("d://Win32Project.exe") print(ref)
这篇关于python 通过 capstone 反汇编的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2025-01-03用FastAPI掌握Python异步IO:轻松实现高并发网络请求处理
- 2025-01-02封装学习:Python面向对象编程基础教程
- 2024-12-28Python编程基础教程
- 2024-12-27Python编程入门指南
- 2024-12-27Python编程基础
- 2024-12-27Python编程基础教程
- 2024-12-27Python编程基础指南
- 2024-12-24Python编程入门指南
- 2024-12-24Python编程基础入门
- 2024-12-24Python编程基础:变量与数据类型