Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/283.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python Pydbg从VirtualAlloc转储内存_Python_Memory_Virtualalloc_Pydbg - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python Pydbg从VirtualAlloc转储内存

Python Pydbg从VirtualAlloc转储内存

python memory

Python Pydbg从VirtualAlloc转储内存,python,memory,virtualalloc,pydbg,Python,Memory,Virtualalloc,Pydbg,我使用的代码取自: 我的问题是如何读取VirtualAlloc将分配的内存?我尝试了读取内存的过程,但没有成功 # Author: Amit Malik import sys import pefile import struct from pydbg import * from pydbg.defines import * def ret_addr_handler(dbg): lpAddress = dbg.context.Eax

我使用的代码取自:

我的问题是如何读取VirtualAlloc将分配的内存?我尝试了读取内存的过程,但没有成功

    # Author: Amit Malik


import sys
import pefile
import struct
from pydbg import *
from pydbg.defines import *


def ret_addr_handler(dbg):

    lpAddress = dbg.context.Eax                      # Get value returned by VirtualAlloc
    print " Returned Pointer: ",hex(int(lpAddress))

    return DBG_CONTINUE

def virtual_handler(dbg):

    print "****************"
    pdwSize = dbg.context.Esp + 8                   # 2nd argument to VirtualAlloc
    rdwSize = dbg.read_process_memory(pdwSize,4)
    dwSize  = struct.unpack("L",rdwSize)[0]
    dwSize  = int(dwSize)
    print "Allocation Size: ",hex(dwSize)

    pflAllocationType = dbg.context.Esp + 12          # 3rd argument to VirtualAlloc    
    rflAllocationType = dbg.read_process_memory(pflAllocationType,4)
    flAllocationType  = struct.unpack("L",rflAllocationType)[0] 
    flAllocationType  = int(flAllocationType)
    print "Allocation Type: ",hex(flAllocationType)

    pflProtect = dbg.context.Esp + 16                  # 4th Argument to VirtualAlloc   
    rflProtect = dbg.read_process_memory(pflProtect,4)
    flProtect  = struct.unpack("L",rflProtect)[0]   
    flProtect  = int(flProtect)
    print "Protection Type: ",hex(flProtect)

    pret_addr = dbg.context.Esp                        # Get return Address
    rret_addr = dbg.read_process_memory(pret_addr,4)
    ret_addr  = struct.unpack("L",rret_addr)[0]
    ret_addr  = int(ret_addr)
    dbg.bp_set(ret_addr,description="ret_addr breakpoint",restore = True,handler = ret_addr_handler)

    return DBG_CONTINUE

def entry_handler(dbg):

    virtual_addr = dbg.func_resolve("kernel32.dll","VirtualAlloc")   # Get VirtualAlloc address
    if virtual_addr:    
        dbg.bp_set(virtual_addr,description="Virtualalloc breakpoint",restore = True,handler = virtual_handler)

    return DBG_CONTINUE

def main():

    file = sys.argv[1]
    pe = pefile.PE(file)
    # get entry point 
    entry_addr = pe.OPTIONAL_HEADER.AddressOfEntryPoint + pe.OPTIONAL_HEADER.ImageBase 
    dbg = pydbg()          # get pydbg object
    dbg.load(file)
    dbg.bp_set(entry_addr,description="Entry point breakpoint",restore = True,handler = entry_handler)
    dbg.run()

if __name__ == '__main__':
    main()