Created
July 23, 2015 02:11
-
-
Save lieanu/cb5d2c0bd3619f0c705c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import amoco | |
| import amoco.system.raw | |
| import amoco.system.core | |
| def sym_exec_gadget_and_get_mapper(code, cpu): | |
| '''Taken from https://github.com/0vercl0k/stuffz/blob/master/look_for_gadgets_with_equations.py''' | |
| p = amoco.system.raw.RawExec( | |
| amoco.system.core.DataIO(code), cpu | |
| ) | |
| try: | |
| blocks = list(amoco.lsweep(p).iterblocks()) | |
| except: | |
| return None | |
| if len(blocks) == 0: | |
| return None | |
| mp = amoco.cas.mapper.mapper() | |
| for block in blocks: | |
| if block.instr[-1].mnemonic.lower() == 'call': | |
| p.cpu.i_RET(None, block.map) | |
| try: | |
| mp >>= block.map | |
| except Exception as e: | |
| pass | |
| return mp | |
| if __name__ == "__main__": | |
| # adc bh, bh ; call qword ptr [rsi] | |
| import amoco.arch.x64.cpu_x64 as cpu | |
| bytes = "10ffff16".decode("hex") | |
| print sym_exec_gadget_and_get_mapper(bytes, cpu) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment