immunity debugger library 분석 ][ getModule 실행해보기

immunity debugger library 분석 ][ getModule 실행해보기

■ 사용법

	#
	# test by kyoung chip, jang
	# immunity debugger 1.8.5
	# Libs > immlib.py > getModule()
	# Libs > debugtype.py > Module()
	# Libs > debugtype.py > getEntry()
	#
	#
	import immlib
	import debugger
	import os
	import UserDict
	from debugtypes import *
	# Dict that returns classess
	class DictTypes(UserDict.IterableUserDict):
	def __init__(self):
	UserDict.IterableUserDict.__init__(self)
	def __iter__(self):
	for k in self.data.keys():
	yield self.data[k]
	class CtestDebugger :
	def __init__(self):
	self.clearState()
	def clearState( self ) :
	self.Modules = DictTypes()
	def _getmoduleinfo(self,base_address):
	return debugger.get_mod_info(base_address)
	def log(self, msg, address = 0xbadf00d ,highlight = False, gray = False , focus = 0):
	"""
	Adds a single line of ASCII text to the log window.
	@type msg: STRING
	@param msg: Message (max size is 255 bytes)
	@type address: DWORD
	@param address: Address associated with the message
	@type highlight: BOOLEAN
	@param highlight: Set highlight text
	@type gray: BOOLEAN
	@param gray: Set gray text
	"""
	if gray and not highlight:
	highlight = -1
	return debugger.add_to_list( address, int(highlight), msg[:255],focus)
	def getModule(self, name):
	"""
	Get Module Information
	@type name: STRING
	@param name: Name of the module
	@rtype: Module OBJECT
	@return: A Module object
	"""
	modulos = debugger.get_all_modules()
	if modulos.has_key(name):
	if not self.Modules.has_key(name):
	# Modules are stable
	'''
	class Module:
	def __init__(self, name, baseaddress, size, entrypoint):
	Module Information
	@type name: STRING
	@param name: Name of the module
	@type baseaddress: DWORD
	@param baseaddress: Base Address of the Module
	@type size: DWORD
	@param size: Size of the Module
	@type entrypoint: DWORD
	@param entrypoint: Entry Point
	# for modulos in mods.keys():
	# name : modulos
	# base addy: mods[modulos][0]
	# size : mods[modulos][1]
	# entry : mods[modulos][2]
	# full path: mods[modulos][3]
	'''
	m = Module(name, modulos[name][0], modulos[name][1], modulos[name][2])
	self.log("module name = %s " % ( name ) )
	self.log("base address = 0x%x " % ( modulos[name][0] ) )
	self.log("size = %s " % ( modulos[name][1] ) )
	self.log("entry point = 0x%x " % ( modulos[name][2] ) )
	self.log("full path = %s " % ( modulos[name][3] ) )
	mod_dict = self._getmoduleinfo(modulos[name][0])
	m.setModuleExtension(mod_dict)
	self.Modules[name] = m
	return m
	else:
	return self.Modules[name]
	return None
	def main(args):
	"""
	Get Module Information
	@type name: STRING
	@param name: Name of the module
	@rtype: Module OBJECT
	@return: A Module object
	"""
	imm=immlib.Debugger()
	imm.log("")
	imm.log("")
	imm.log("")
	imm.log("[ imm.getModule() ")
	currAddr = imm.getModule( imm.getDebuggedName()).getEntry()
	imm.log( "imm.getDebuggedName() = %s " % imm.getDebuggedName() )
	imm.log( "imm.getModule() = %s " % imm.getModule( imm.getDebuggedName() ) )
	imm.log( "current address = 0x%x " % imm.getModule( imm.getDebuggedName()).getEntry() )
	imm.log("]")
	imm.log("")
	imm.log("")
	imm.log("[ debugger.getModule() ")
	debug = CtestDebugger()
	imm.log( "getModule = %s" % debug.getModule("python.exe") )
	imm.log( "Get debugged name = %s " % debugger.get_debugged_name() )
	imm.log( "current address = 0x%x " % debug.getModule( debugger.get_debugged_name() ).getEntry() )
	imm.log("]")
	imm.log("")

view raw get_module.py hosted with ❤ by GitHub