Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def hook_code(uc, address, size, user_data):
- if 'ebp' in tmp[0].regs_const:
- eax = uc.reg_read(tmp[0].regs_const['eax'])
- ebx = uc.reg_read(tmp[0].regs_const['ebx'])
- ecx = uc.reg_read(tmp[0].regs_const['ecx'])
- edx = uc.reg_read(tmp[0].regs_const['edx'])
- esi = uc.reg_read(tmp[0].regs_const['esi'])
- edi = uc.reg_read(tmp[0].regs_const['edi'])
- ebp = uc.reg_read(tmp[0].regs_const['ebp'])
- esp = uc.reg_read(tmp[0].regs_const['esp'])
- eip = uc.reg_read(tmp[0].regs_const['eip'])
- ip = tmp[0].regs_const['eip']
- head = ebp
- tail = esp
- else:
- rax = uc.reg_read(self.regs_const['rax'])
- rbx = uc.reg_read(self.regs_const['rbx'])
- rcx = uc.reg_read(self.regs_const['rcx'])
- rdx = uc.reg_read(self.regs_const['rdx'])
- rsi = uc.reg_read(self.regs_const['rsi'])
- rdi = uc.reg_read(self.regs_const['rdi'])
- r8 = uc.reg_read(self.regs_const['r8'])
- r9 = uc.reg_read(self.regs_const['r9'])
- r10 = uc.reg_read(self.regs_const['r10'])
- r11 = uc.reg_read(self.regs_const['r11'])
- r12 = uc.reg_read(self.regs_const['r12'])
- r13 = uc.reg_read(self.regs_const['r13'])
- r14 = uc.reg_read(self.regs_const['r14'])
- r15 = uc.reg_read(self.regs_const['r15'])
- rbp = uc.reg_read(tmp[0].regs_const['rbp'])
- rsp = uc.reg_read(tmp[0].regs_const['rsp'])
- rip = uc.reg_read(tmp[0].regs_const['rip'])
- ip = tmp[0].regs_const['rip']
- head = rbp
- tail = rsp
- regex = r'(dword|qword|word|byte) ptr (.*)\[(.*)\]'
- match = re.search(regex, code.op_str)
- if match:
- expression = match.group(3)
- result = eval(expression)
- print 'Result', hex(result).strip('L')
- if tail > result or result > head:
- resultMem[0].visitIndirect(result)
- uc.reg_write(ip, uc.reg_read(ip) + length)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement