Advertisement
Guest User

Untitled

a guest
Sep 19th, 2019
92
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.49 KB | None | 0 0
  1. #!/usr/bin/python3
  2.  
  3. from keystone import *
  4.  
  5. with open('copy_to_patch', 'rb+') as f:
  6.  
  7. CODE = "call 0x570" # file offset of PLT entry of __cxa_finalize
  8. ks = Ks(KS_ARCH_X86, KS_MODE_64) # initialize keystone for x86-64 arch
  9. encoding, count = ks.asm(CODE, 0x6f1) # CALL to `detour_me` is made in main() at file offset 0x6f1
  10. print("encoding of 'call 0x570': %s\n" % bytearray(encoding).hex())
  11. f.seek(0x6f1) # seek to file offset of CALL
  12. f.write(bytearray(encoding))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement