标签:
标 题: 漏洞挖掘方法之静态扫描+经典栈溢出实例#!/usr/bin/env python #coding:utf-8 """ Author: tishion--<tishion@163.com> Purpose: Created: 2014/2/9 """ import os import sys import string from symscan import ImportSymScanner from reportmaker import ReportMaker g_str_help = """ Usage: python bca <target-dir> target-dir : target directory path to be scanned. e.g: python bca "c:\window\system32" """ def main(): global g_str_help #process command line arguments if len(sys.argv) <= 1: print ‘Sytanx Error: missing argument.‘ print g_str_help return target_dir = sys.argv[1] if not os.path.isdir(target_dir): print ‘Error: the target-dir:[‘ + target_dir + ‘] is not a directory!‘ return #创建一个扫描器 sc = ImportSymScanner() #添加需要扫描的目标函数 sc.add_sym(‘msvcr90.dll‘, (‘wcscpy‘, ‘strcpy‘, ‘swprintf‘)) sc.add_sym(‘msvcr80.dll‘, (‘wcscpy‘, ‘strcpy‘, ‘swprintf‘)) sc.add_sym(‘msvcrt.dll‘, (‘wcscpy‘, ‘strcpy‘, ‘swprintf‘)) sc.add_sym(‘kernel32.dll‘, (‘lstrcpyA‘, ‘lstrcpyW‘, ‘lstrcatA‘, ‘lstrcatW‘)) #开始扫描 print ‘Scanning ...‘ rl = sc.do_check(target_dir) print ‘Scanning is Done!‘ #生成报告 rm = ReportMaker() print ‘Generating report ...‘ rm.GenerateNewReport(target_dir, rl) #打开报告文件 print ‘Opening report ...‘ rm.OpenReport() if __name__ == ‘__main__‘: main()
F:\Projects\Python\BinCodeAudit>bca.py "F:\Program Files (x86)\SysinternalsSuite" Scanning ... Scanning is Done! Generating report ... Opening report ...
bp kernel32!lstrcpyW "du poi(@esp+8);g"
bp kernel32!lstrcpyW ".if(poi(poi(@esp+8))=0x00420042) {kv1;} .else{du poi(@esp+8);g;}"
0:000:x86> ?0x1360b0-0x00135c7c Evaluate expression: 1076 = 0x00000434
标签:
原文地址:http://blog.csdn.net/otishiono/article/details/51524479