python 软件漏斗挖掘脚本
来源:互联网 发布:网店美工工资多少 编辑:程序博客网 时间:2024/04/27 15:24
排版有问题,修改了以下。官网无法下载。
把这个作为摸班了把
from pydbg import *from pydbg.defines import *import utils# This is the maximum number of instructions we will log# after an access violation MAX_INSTRUCTIONS = 10# This is far from an exhaustive list; add more for bonus pointsdangerous_functions = { "strcpy" : "msvcrt.dll", "strncpy" : "msvcrt.dll", "sprintf" : "msvcrt.dll", "vsprintf": "msvcrt.dll", "MessageBoxA": "User32.dll" }dangerous_functions_resolved = {}crash_encountered = Falseinstruction_count = 0def danger_handler(dbg): # We want to print out the contents of the stack; that's about it # Generally there are only going to be a few parameters, so we will # take everything from ESP to ESP+20, which should give us enough # information to determine if we own any of the data esp_offset = 0 print "[*] Hit %s" % dangerous_functions_resolved[dbg.context.Eip] print "=================================================================" while esp_offset <= 20: parameter = dbg.smart_dereference(dbg.context.Esp + esp_offset) print "[ESP + %d] => %s" % (esp_offset, parameter) esp_offset += 4 print "=================================================================\n" dbg.suspend_all_threads() dbg.process_snapshot() dbg.resume_all_threads() return DBG_CONTINUEdef access_violation_handler(dbg): global crash_encountered # Something bad happened, which means something good happened :) # Let's handle the access violation and then restore the process # back to the last dangerous function that was called if dbg.dbg.u.Exception.dwFirstChance: return DBG_EXCEPTION_NOT_HANDLED crash_bin = utils.crash_binning.crash_binning() crash_bin.record_crash(dbg) print crash_bin.crash_synopsis() if crash_encountered == False: dbg.suspend_all_threads() dbg.process_restore() crash_encountered = True # We flag each thread to single step for thread_id in dbg.enumerate_threads(): print "[*] Setting single step for thread: 0x%08x" % thread_id h_thread = dbg.open_thread(thread_id) dbg.single_step(True, h_thread) dbg.close_handle(h_thread) # Now resume execution, which will pass control to our # single step handler dbg.resume_all_threads() return DBG_CONTINUE else: dbg.terminate_process() return DBG_EXCEPTION_NOT_HANDLED def single_step_handler(dbg): global instruction_count global crash_encountered if crash_encountered: if instruction_count == MAX_INSTRUCTIONS: dbg.single_step(False) return DBG_CONTINUE else: # Disassemble this instruction instruction = dbg.disasm(dbg.context.Eip) print "#%d\t0x%08x : %s" % (instruction_count,dbg.context.Eip,instruction) instruction_count += 1 dbg.single_step(True) return DBG_CONTINUE dbg = pydbg()#pid = int(raw_input("Enter the PID you wish to monitor: "))findpid=Trueprint "Finding ...\n"while findpid: for i in dbg.enumerate_processes(): if i[1]=='aa.exe': dbg.attach(i[0]) findpid=False print "Find The Pid\n" #dbg.attach(pid)# Track down all of the dangerous functions and set breakpointsfor func in dangerous_functions.keys(): func_address = dbg.func_resolve( dangerous_functions[func],func ) print "[*] Resolved breakpoint: %s -> 0x%08x" % ( func, func_address ) dbg.bp_set( func_address, handler = danger_handler ) dangerous_functions_resolved[func_address] = funcdbg.set_callback( EXCEPTION_ACCESS_VIOLATION, access_violation_handler )dbg.set_callback( EXCEPTION_SINGLE_STEP, single_step_handler )dbg.run()
- python 软件漏斗挖掘脚本
- python 软件漏洞挖掘脚本
- 漏斗
- 用户转换漏斗模型对软件开发的挑战
- 数据挖掘常见软件
- 软件需求挖掘步骤
- 数据挖掘软件weka
- 数据挖掘软件
- 销售漏斗
- 沟通漏斗
- 漏斗模型
- 漏斗模型
- 漏斗模型
- 用Python编写脚本进行软件自动安装配置
- 用Python编写脚本进行软件自动安装配置
- 在secureCRT软件上运行一些简单的python脚本
- 支持Python编程接口的开源数据挖掘软件Orange
- 深入挖掘Windows脚本技术
- 那些年,我们一起找过的工作
- session_set_save_handler
- JavaScript 跨域
- 遍历json数据的n种方法
- zlib基本使用
- python 软件漏斗挖掘脚本
- JAVA中转义字符
- 38 匹马赛跑问题
- WSAGetLastError
- ruby 类的封装
- 在VISUAL STUDIO.NET宏操作
- 一些想做要做的事情
- 38匹马赛跑参考答案
- vector 、map 、iterator 之学习笔记