반응형
immunity debugger library 분석 ][ libs > findpacker.py
■ 사용법
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # test by kyoung chip, jang | |
| # immunity debugger 1.8.5 | |
| # Libs > findpacker.py | |
| # | |
| import pefile | |
| import peutils | |
| # Libs > pefile.py > pe | |
| pe = pefile.PE( './Notepad.exe' ) | |
| # Data > UserDB.TXT | |
| # Libs > peutils.py > SignatureDatabase | |
| sig_db = peutils.SignatureDatabase('UserDB.TXT') | |
| # Libs > peutils.py > match | |
| ret = sig_db.match( pe ) | |
| if not ret : | |
| print(" No Packer found") | |
| else : | |
| for( addr , name ) in ret : | |
| print(" packer found ! : %s at 0x%08x" % ( name , addr ) ) | |
반응형
'Python > 0x15-immunity-debugger1.85' 카테고리의 다른 글
| immunity debugger library 분석 ][ getModule 실행해보기 (0) | 2019.09.16 |
|---|---|
| immunity debugger ][ python shell 사용하기 (0) | 2019.09.12 |
| immunity debugger library ][ libs > pefile.py > PE > pe 구조 출력하기 (0) | 2019.09.11 |
| immunity debugger library 테스트 ][ libs > immutils.py > hexprint 테스트 (0) | 2019.09.11 |
| immunity debugger library 테스트 ][ libs > pefile.py > hexdump 테스트 (0) | 2019.09.11 |
