91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

資源簡介

Hex-Rays.IDA.Pro.Advanced.v6.1.part1.rar

資源截圖

代碼片段和文件信息 

“““
A?script?that?extracts?shellcode?from?PDF?files

The?script?uses?very?basic?shellcode?extraction?algorithm

Copyright?(c)?1990-2010?Hex-Rays
ALL?RIGHTS?RESERVED.

Revision?history
=========================
v1.0?-?initial?version


Possible?enhancements:
=========================
1.?From?Didier:
-----------------
FYI:?the?regex?you?use?to?match?/javascript?/JS?will?fail?to?match
name?obfuscation.?Name?obuscation?use?a?feature?of?the?PDF?language
that?allows?a?character?in?a?name?(like?/javascript)?to?be?replaced
with?its?hexcode.?Example:?/#4Aavascript
http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/

It‘s?something?that‘s?used?in-the-wild.

I‘ve?updated?your?regex?to?support?name?obfuscation.?The?javascript
itself?is?now?captured?in?group?13.

\/S\s*\/(J|#4A|#4a)(a|#61)(v|#76)(a|#61)(S|#53)(c|#63)(r|#72)(i|#69)(p|#70)(t|#74)\s*\/(J|#4A|#4a)(S|#53)
\((.+?)>>

2.?
---------------

“““

import?re
import?zlib

SAMPLE1?=?‘malware1.pdf.vir‘
SAMPLE2?=?‘heapspray-simpler-calc.pdf.vir‘

try:
????import?idaapi
????from?idc?import?*
????ida?=?True
except:
????ida?=?False

#?-----------------------------------------------------------------------
#?Tries?to?find?shellcode?inside?javascript?statements
#?The?seach?algorithm?is?simple:?it?searchs?for?anything?between?unescape()
#?if?it?encounters?%u?or?%x?it?correctly?decodes?them?to?characters
def?extract_shellcode(lines):
????p?=?0
????shellcode?=?[]?#?accumulate?shellcode
????while?True:
????????p?=?lines.find(‘unescape(“‘?p)
????????if?p?==?-1:
????????????break
????????e?=?lines.find(‘)‘?p)
????????if?e?==?-1:
????????????break
????????expr?=?lines[p+9:e]
????????data?=?[]
????????for?i?in?xrange(0?len(expr)):
????????????if?expr[i:i+2]?==?“%u“:
????????????????i?+=?2
????????????????data.extend([chr(int(expr[i+2:i+4]?16))?chr(int(expr[i:i+2]?16))])
????????????????i?+=?4
????????????elif?expr[i]?==?“%“:
????????????????i?+=?1
????????????????data.append(chr(int(expr[i:i+2]?16)))
????????????????i?+=?2
????????#?advance?the?match?pos
????????p?+=?8
????????shellcode.append(““.join(data))
????
????#?That‘s?it
????return?shellcode

#?-----------------------------------------------------------------------
#?Given?a?PDF?object?id?and?version?we?return?the?object?declaration
def?find_obj(str?id?ver):
????stream?=?re.search(‘%d?%d?obj(.*?)endobj‘?%?(id?ver)?str?re.MULTILINE?|?re.DOTALL)
????if?not?stream:
????????return?None
????return?str[stream.start(1):stream.end(1)]

#?-----------------------------------------------------------------------
#?Find?javascript?objects?and?extract?the?referenced?script?object?id/ver
def?find_js_ref_streams(str):
????o?=?[]
????js_ref_streams?=?re.finditer(‘\/S\s*\/javascript\/JS?(\d+)?(\d+)?R‘?str)
????for?g?in?js_ref_streams:
????????id?=?int(g.group(1))
????????ver?=?int(g.group(2))
????????o.append([id?ver])
????return?o

#?-----------------------------------------------------------------------
#?Find?javascript?objects?and?extract?the?emb

?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----

?????文件?????531028??2011-04-08?18:13??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\android_server

?????文件?????860160??2011-04-08?17:55??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\aqDockingManagerB6.bpl

?????文件?????545628??2011-04-08?18:14??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\armlinux_server

?????文件?????747968??2011-04-08?18:15??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\armuclinux_server

?????文件????1254400??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\assistant.exe

?????文件????1056704??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\6805.cfg

?????文件????1243401??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\6808.cfg

?????文件????1057299??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\6811.cfg

?????文件????1253304??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\6812.cfg

?????文件???????9203??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\6816.cfg

?????文件????2867717??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\78k0.cfg

?????文件????1290540??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\78k0s.cfg

?????文件???????1324??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\ad218x.cfg

?????文件???????4247??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\alpha.cfg

?????文件???????1439??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\alpha.xml

?????文件???????3093??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\arm.xml

?????文件??????27609??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\atrap.cfg

?????文件?????733755??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\avr.cfg

?????文件???????1226??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\bochsrc.cfg

?????文件????1922602??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\c166.cfg

?????文件?????198691??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\c166v1.cfg

?????文件?????749803??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\c166v2.cfg

?????文件??????10906??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\c39.cfg

?????文件?????384771??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\clsid.cfg

?????文件???????4091??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\cr16.cfg

?????文件???????2517??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\dbg_bochs.cfg

?????文件????????537??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\dbg_gdb.cfg

?????文件????????111??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\dbg_wince.cfg

?????文件????????373??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\dbg_windbg.cfg

?????文件???????2021??2011-04-08?18:42??Hex-Rays.IDA.Pro.Advanced.v6.1.Windows.incl.Hex-Rays.x86.Decompiler.v1.5\ida61\cfg\dsp561xx.cfg

............此處省略3698個文件信息

評論

共有 條評論