-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathrebounce.py
More file actions
executable file
·67 lines (58 loc) · 2.11 KB
/
Copy pathrebounce.py
File metadata and controls
executable file
·67 lines (58 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env python
from capstone import *
#types of conditional jumps
condit_str = {'jo', 'jno', 'js', 'jns', 'je', 'jx', 'jne', 'jnz', 'jb', 'jnae', 'jc', 'jnb', 'jae', 'jnc', 'jbe', 'jna', 'ja', 'jnbe', 'jl', 'jnge', 'jge', 'jnl', 'jle', 'jng', 'jg', 'jnle', 'jp', 'jpe', 'jnp', 'jpo', 'jcxz', 'jecxz', 'loop'}
#types of unconditional jumps
uncond_str = {'jmp', 'call'}
#return has a special result
recursive_list = ["0x00"] #We start with only the base value to parse
pairs_list = []
def str_to_hex( strin ):
return int(strin, 0)
def unchecked( address ):
#print("Base: %s"%(int(address, 0)))
for p in pairs_list :
#print("Compare: %s %s"%(int(p[0]), int(p[1])))
if (int(address, 0) >= p[0]) and (int(address, 0) <= p[1]) :
return False
return True
def addpoints ( first, last ):
newpoint = [first, last]
pairs_list.append(newpoint)
def recursive ( start , code ) :
md = Cs(CS_ARCH_X86, CS_MODE_32)
for i in md.disasm(code, start):
print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))
if (i.mnemonic == 'return'):
break
if (i.mnemonic in uncond_str):
addpoints(start, i.address)
if unchecked(i.op_str): # If we've already written this part there's no need to do it again.
recursive(str_to_hex(i.op_str), code)
break
if (i.mnemonic in condit_str):
addpoints(start, i.address)
if unchecked(i.op_str): # If we've already written this part there's no need to do it again.
recursive(str_to_hex(i.op_str), code)
def checkelf (code):
firstmagic = False
secondmagic = False
check = 0
my = Cs(CS_ARCH_X86, CS_MODE_32)
for i in my.disasm(code, 0x00):
check = check + 1
if (i.address == 0x00) and (i.mnemonic == 'jg') and (i.op_str == '0x47') :
firstmagic = True
if (i.address == 0x02) and (i.mnemonic == 'dec') and (i.op_str == 'esp') :
secondmagic = True
if check > 1:
if firstmagic and secondmagic :
print("This is an ELF file")
return True
else:
print("This is not an ELF file")
return False
code = "\xff\x25\x0a\x0c\x20\x00"
md = Cs(CS_ARCH_X86, CS_MODE_64)
for i in md.disasm(code, 0x00):
print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))