티스토리 뷰

리버싱/Immunity Debugger PyCommands 스크립트 정리

Immunity Debugger Plugin - BpHook 예제

1q 2017. 2. 7. 12:01

Bufferoverflow 예제로, 취약한 strcpy 함수를 후킹하여 두 번째 인자인 source(쉘코드!?)를 로그에 출력한다. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import immlib
from immlib import BpHook
 
DESC = "BpHook Basic Demonstration for the SPSE course"
 
class StrcpyBpHook(BpHook):
    def _init_(self):
        BpHook.__init__(self)
 
    def run(self, regs):
        imm = immlib.Debugger()
        imm.log("StrcpyBpHook Called!")
 
        # strcpy(char *destination, char *source)
        
        eipOnStack = imm.readLong(regs['ESP'])
        strcpyFirstArg = imm.readLong(regs['ESP'+ 4)
        strcpySecondArg = imm.readLong(regs['ESP'+ 8)
 
        imm.log("EIP on Stack: 0x%08x" % eipOnStack)
        imm.log("First Arg: 0x%08x" % strcpyFirstArg)
        imm.log("Second Arg: 0x%08x" % strcpySecondArg)
 
        # print the source string
        receivedString = imm.readString(strcpySecondArg)
        imm.log(receivedString)
        imm.log("Received String: %s with length %d" % (str(receivedString), len(receivedString)))
 
def main(args):
    imm = immlib.Debugger()
 
    # find strcpy address
    functionToHook = "msvcrt.strcpy"
    
    functionAddress = imm.getAddress(functionToHook)
 
    newHook = StrcpyBpHook()
 
    newHook.add(functionToHook, functionAddress)
 
    imm.log("Hook for %s : 0x%08x added successfully !" % (functionToHook, functionAddress))
 
    return "Hook Installed"
 
cs


'리버싱 > Immunity Debugger PyCommands 스크립트 정리' 카테고리의 다른 글

immlib.py - 메서드 정리  (0) 2017.02.07
Immunity Debugger PyCommands - openfile.py  (0) 2017.02.03
Immunity Debugger PyCommands - usage.py  (0) 2017.02.03
PyHooks 정리  (0) 2017.02.03
Immunity Debugger PyCommands - list.py  (0) 2017.01.23
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG more
«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
글 보관함