code formatting and newly created enums to clean up code
This commit is contained in:
parent
f46cc2438f
commit
6f4fccd350
5 changed files with 111 additions and 84 deletions
41
patch.py
41
patch.py
|
|
@ -1,37 +1,34 @@
|
|||
from utils import hex_address_to_memory_representation
|
||||
import lief
|
||||
|
||||
import utils
|
||||
from utils import Instructions, hex_address_to_memory_representation, is_32b, is_little_endian
|
||||
|
||||
|
||||
def patch_direct_adress_call(pe: lief.PE.Binary, rva: int, instruction_offset: int):
|
||||
# We can manually patch the instruction here: FF 15 08 10 00 01 represents `call [0x01001080]`
|
||||
new_value = hex_address_to_memory_representation(
|
||||
hex(rva + pe.imagebase),
|
||||
pe.abstract.header.is_32,
|
||||
pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE,
|
||||
is_32b(pe),
|
||||
is_little_endian(pe),
|
||||
)
|
||||
pe.patch_address(instruction_offset, [0xFF, 0x15] + new_value, lief.Binary.VA_TYPES.RVA)
|
||||
utils.print_debug(f" Patched a call at addr {hex(pe.imagebase+instruction_offset)}")
|
||||
pe.patch_address(instruction_offset, Instructions.CALL_ADDR + new_value, lief.Binary.VA_TYPES.RVA)
|
||||
utils.print_debug(f" Patched a call at addr {hex(pe.imagebase + instruction_offset)}")
|
||||
|
||||
|
||||
def patch_direct_adress_jump(pe: lief.PE.Binary, rva: int, instruction_offset: int):
|
||||
# We can manually patch the instruction here: FF 15 08 10 00 01 represents `call [0x01001080]`
|
||||
new_value = hex_address_to_memory_representation(
|
||||
hex(rva + pe.imagebase),
|
||||
pe.abstract.header.is_32,
|
||||
pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE,
|
||||
)
|
||||
pe.patch_address(instruction_offset, [0xFF, 0x25] + new_value, lief.Binary.VA_TYPES.RVA)
|
||||
utils.print_debug(f" Patched a jump at addr {hex(pe.imagebase+instruction_offset)}")
|
||||
new_value = hex_address_to_memory_representation(hex(rva + pe.imagebase), is_32b(pe), is_little_endian(pe))
|
||||
pe.patch_address(instruction_offset, Instructions.JUMP_ADDR + new_value, lief.Binary.VA_TYPES.RVA)
|
||||
utils.print_debug(f" Patched a jump at addr {hex(pe.imagebase + instruction_offset)}")
|
||||
|
||||
|
||||
def patch_instr_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str, str], rva: int):
|
||||
base = pe.imagebase
|
||||
instruction_offset = int(call["adress"], 16) - base
|
||||
memview = pe.get_content_from_virtual_address(instruction_offset, 2)
|
||||
if [memview[0], memview[1]] == [0xFF, 0x15]:
|
||||
if [memview[0], memview[1]] == Instructions.CALL_ADDR:
|
||||
patch_direct_adress_call(pe, rva, instruction_offset)
|
||||
elif [memview[0], memview[1]] == [0xFF, 0x25]:
|
||||
elif [memview[0], memview[1]] == Instructions.JUMP_ADDR:
|
||||
patch_direct_adress_jump(pe, rva, instruction_offset)
|
||||
|
||||
|
||||
|
|
@ -39,16 +36,8 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
|
|||
is_32 = pe.abstract.header.is_32
|
||||
little_endian = pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE
|
||||
# scan memory for reference to old addr
|
||||
old_addr_mem_repr = hex_address_to_memory_representation(
|
||||
old_addr,
|
||||
is_32,
|
||||
pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE,
|
||||
)
|
||||
new_addr = hex_address_to_memory_representation(
|
||||
hex(rva + pe.imagebase),
|
||||
is_32,
|
||||
little_endian,
|
||||
)
|
||||
old_addr_mem_repr = hex_address_to_memory_representation(old_addr, is_32b(pe), is_little_endian(pe))
|
||||
new_addr = hex_address_to_memory_representation(hex(rva + pe.imagebase), is_32, little_endian)
|
||||
found_ref_addr = []
|
||||
found_xref_addr = []
|
||||
for section in pe.sections:
|
||||
|
|
@ -70,7 +59,7 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
|
|||
|
||||
for section in pe.sections:
|
||||
for ref_addr in found_ref_addr:
|
||||
for k in range(len(section.content)-len(ref_addr)):
|
||||
for k in range(len(section.content) - len(ref_addr)):
|
||||
foundxref = True
|
||||
for L in range(len(ref_addr)):
|
||||
if section.content[k + L] != ref_addr[L]:
|
||||
|
|
@ -80,4 +69,4 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
|
|||
found_xref_addr.append(section.virtual_address + k)
|
||||
for addr in found_xref_addr:
|
||||
pe.patch_address(addr, new_addr, lief.Binary.VA_TYPES.RVA)
|
||||
utils.print_debug(f" Patched an xref to old IAT at {hex(pe.imagebase+addr)}")
|
||||
utils.print_debug(f" Patched an xref to old IAT at {hex(pe.imagebase + addr)}")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue