admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: put payload into .rdata option

Browse Source
This commit is contained in:
Dobin
2024-05-09 21:04:37 +01:00
parent 3aa79afd70
commit 900c145557
16 changed files with 178 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pe/pehelper.py
+14 -1
View File
@@ -2,7 +2,7 @@ import sys
import pefile
import pprint
from keystone import Ks, KS_ARCH_X86, KS_MODE_64
from capstone import Cs, CS_ARCH_X86, CS_MODE_64
from capstone import Cs, CS_ARCH_X86, CS_MODE_64, CS_MODE_LITTLE_ENDIAN
import logging
from model.defs import *
@@ -67,6 +67,7 @@ def get_code_section(pe: pefile.PE) -> pefile.SectionStructure:
# keystone/capstone stuff
cs = Cs(CS_ARCH_X86, CS_MODE_64 + CS_MODE_LITTLE_ENDIAN)
def assemble_lea(current_address: int, destination_address: int, reg: str) -> bytes:
#print("LEAH: 0x{:X} - 0x{:X} = 0x{:X}".format(
@@ -104,6 +105,18 @@ def assemble_relative_jmp(current_address: int, destination_address: int) -> byt
return machine_code
def asm_disasm(asm_text, offset=0):
for instr in cs.disasm(asm_text, offset):
printInstr(instr)
def printInstr(instr, depth=0):
_bytes = [f'{x:02x}' for x in instr.bytes[:8]]
if len(instr.bytes) < 8:
_bytes.extend([' ',] * (8 - len(instr.bytes)))
instrBytes = ' '.join([f'{x}' for x in _bytes])
logger.info('\t' * 1 + f' [{instr.address:08x}]\t{instrBytes}' + '\t' * depth + f'{instr.mnemonic}\t{instr.op_str}')
## Utils
def remove_trailing_null_bytes(data: bytes) -> bytes: