exe文件解析_PE文件格式之重定位表

2024年2月20日发(作者：)

import string

Offst_xor_func = 0x00Offst_func_size = 0x08Offst_s_start_addr = 0x0cOffst_s_len = 0x10Offst_dst_pos = 0x14Offst_xor_data_pos = 0x18Offst_x_data = 0x20

orig_bs_table = [0x2A, 0x39, 0x5F, 0x64, 0xC2, 0xA7, 0x46, 0x23,0x53, 0x6B, 0x74, 0x47, 0x28, 0x4D, 0x70, 0x42,0x49, 0x25, 0x52, 0x6A, 0x62, 0x38, 0x40, 0x4A,0x69, 0x45, 0x44, 0x59, 0x2D, 0x31, 0x24, 0x50,0x67, 0x79, 0x54, 0x21, 0x4C, 0x76, 0x71, 0x66,0x2B, 0x63, 0x68, 0x6D, 0x51, 0x57, 0x4F, 0x30,0x65, 0x4E, 0x5A, 0x34, 0x75, 0x6E, 0x33, 0x6C,0x37, 0x48, 0x26, 0x32, 0x77, 0x61, 0x7A, 0x4B]for i in range(len(orig_bs_table)): orig_bs_table[i] = chr(orig_bs_table[i])

def dump_data_core(filename, data_addr, base_addr, size): fp= open(filename, "rb") offset = data_addr - base_addr (offset,0) f = () type_format = '<' #default if size == 1: type_format += 'B' elif size == 2: type_format += 'H' elif size == 4: type_format += 'I' elif size == 8: type_format += 'Q' else: print "[warn]" type_format += 'x' target_data, = unpack(type_format, f[:size]) return target_data

def dump_data_specific(filename, start_addr, base_addr, order, species, size, count): arr_data = [] for i in range(count): data_addr = start_addr + 0x120*order + species + i*size arr_(hex(dump_data_core(filename, data_addr, base_addr, size))) return arr_data

def explode_fib_num(dst): for i in range(len(fib_list)): if(dst == fib_list[i]): return i-1 return "Error"

def spec_fib(key_1, key_pos, filename, start_addr, base_addr, order, species, size, count): res_arr = dump_data_specific(filename, start_addr, base_addr, order, species, size, count) print 'order:'+str(order)+' '+str(res_arr) for i in range(len(res_arr)): if(res_arr[i][-1] == 'L'): c = chr(explode_fib_num(int(res_arr[i][:-1] ,16))) key_1[key_pos+i] = c else: c = chr(explode_fib_num(int(res_arr[i],16))) key_1[key_pos+i] = c return key_1fib_list = [0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, 377, 610, 987, 1597, 2584, 4181, 6765, 10946, 17711, 28657, 46368, 75025, 121393, 196418, 317811,

return key_1

def explode_crc32_c1(dst): if dst == 0x0: return ord('X') for i in range(31, 127): if(dst == 32(chr(i)) &0xffffffff): return chr(i) return 'E1ROR'

def explode_crc32_c2(dst): if dst == 0x0: return ord('X') for x0 in range(31, 127): for x1 in range(31, 127): s = chr(x0) + chr(x1) if(32(s) &0xffffffff) == dst: return s return 'E2ROR'

def explode_crc32_c3(dst): if dst == 0x0: return ord('X') for x0 in range(31, 127): for x1 in range(31, 127): for x2 in range(31, 127): s = chr(x0) + chr(x1) + chr(x2) if(32(s) &0xffffffff) == dst: return s return 'E3ROR'

def spec_crc32(key_1, key_pos, filename, start_addr, base_addr, order, species, size, count): res_arr = dump_data_specific(filename, start_addr, base_addr, order, species, size, 1) #dst_value must is 1*dword print 'order:'+str(order)+' '+str(res_arr) if count == 1: p = res_arr[0] if res_arr[0][-1] == 'L': p = res_arr[0][:-1] dec = explode_crc32_c1(int(p,16)