UMSKT
/
peacestone
mirror of https://github.com/UMSKT/peacestone.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix stub regex matching

This commit is contained in:
WitherOrNot 2023-08-18 21:54:35 -04:00
parent 958ff9adde
commit de1a89c4c2
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
peacestone.py
View File

@ -613,11 +613,11 @@ def get_all_stubs():
# "nooo write another function dont just copy paste a loop twice" :nerd: # "nooo write another function dont just copy paste a loop twice" :nerd:
for match in re.finditer(STUB_RET4_REGEX, pe_data): for match in re.finditer(STUB_RET4_REGEX, pe_data):
match_addr = image_start + match.start() match_addr = image_start + match.start()
print(hex(match_addr)) # print(hex(match_addr))
stub_code = ql.mem.read(match_addr - 0x50, 0x50) stub_code = ql.mem.read(match_addr - 0x50, 0x50)
try: try:
stub_start_offset = list(re.finditer(PUSH_REGEX, stub_code))[0].start() stub_start_offset = list(re.finditer(PUSH_REGEX, stub_code, re.DOTALL))[0].start()
except: except:
# print("A") # print("A")
continue continue
@ -648,7 +648,7 @@ def get_all_stubs():
if instrs[stub_start_index].mnemonic == "mov" or instrs[stub_start_index].mnemonic == "push": if instrs[stub_start_index].mnemonic == "mov" or instrs[stub_start_index].mnemonic == "push":
stub_start_index += 1 stub_start_index += 1
elif instrs[stub_start_index].mnemonic != "lea": elif instrs[stub_start_index].mnemonic != "lea":
# print("CANT DEAL WITH THIS") # print("C")
continue continue
stub_start = instrs[stub_start_index].address stub_start = instrs[stub_start_index].address
@ -656,10 +656,10 @@ def get_all_stubs():
try: try:
used_reg = list(md.disasm(instrs[stub_start_index].bytes, 0))[0].operands[0].value.reg used_reg = list(md.disasm(instrs[stub_start_index].bytes, 0))[0].operands[0].value.reg
except: except:
raise Exception("CANT DEAL WITH THIS") raise Exception("D")
if used_reg not in REG_NAMES: if used_reg not in REG_NAMES:
# print("CANT DEAL WITH THIS") # print("E")
continue continue
used_reg_name = REG_NAMES[used_reg].lower() used_reg_name = REG_NAMES[used_reg].lower()
@ -682,11 +682,13 @@ def get_all_stubs():
break break
if jmp_insert_addr == 0: if jmp_insert_addr == 0:
# print("CANT DEAL WITH THIS") # print("F")
continue continue
# print("NOPPED STARTING @ " + hex(jmp_insert_addr)) # print("NOPPED STARTING @ " + hex(jmp_insert_addr))
print("PASS1")
try: try:
ql.run(begin=jmp_insert_addr, end=instrs[ret].address) ql.run(begin=jmp_insert_addr, end=instrs[ret].address)
@ -701,6 +703,8 @@ def get_all_stubs():
bad_stubs.append(jmp_insert_addr) bad_stubs.append(jmp_insert_addr)
continue continue
print("PASS2")
# print("HANDLER @ " + hex(handler_addr)) # print("HANDLER @ " + hex(handler_addr))
# print("JUMP TARGET @ " + hex(next_addr)) # print("JUMP TARGET @ " + hex(next_addr))
# print(ql.arch.regs.esp) # print(ql.arch.regs.esp)
@ -730,7 +734,7 @@ def get_all_stubs():
stub_code = ql.mem.read(match_addr - 0x30, 0x30) stub_code = ql.mem.read(match_addr - 0x30, 0x30)
try: try:
stub_start_offset = list(re.finditer(PUSH_REGEX, stub_code))[0].start() stub_start_offset = list(re.finditer(PUSH_REGEX, stub_code, re.DOTALL))[0].start()
except: except:
# print("A") # print("A")
continue continue