This is not a cut and paste plugin, but it does dump function locations and addresses...
# bindiff PyCommand - (c) Andrew King
# TODO:
# - a LOT
# liberated some code from other scripts built by immunity.
# this arrangement, however, is mine.
import immlib
import immutils
import libdatatype
import getopt
from immlib import *
__VERSION__ = '0.la'
DESC = "A start on bindiff for immdbg"
ProgName = 'bindiff'
ProgVers = __VERSION__
def usage(imm):
imm.log("%s v%s aking1012 -> team notATeam : response to a question on questions.securitytube.net" % (ProgName, ProgVers),focus=1, highlight=1)
imm.log("!%s Runs through all function calls and dumps the basic blocks for binary diff-ing" % (NAME))
imm.log("usage !bindiff -i modulename")
imm.log("%s v%s aking1012 -> team notATeam : response to a question on questions.securitytube.net" % (ProgName, ProgVers),focus=1, highlight=1)
def main(args):
imm = Debugger()
include_pattern = exclude_pattern = None
try:
opts, args = getopt.getopt(args, "i:")
except getopt.GetoptError:
usage(imm)
return "Incorrect arguments (Check log window)"
for o, a in opts:
if o == "-i":
image_name = a
else:
usage(imm)
return "Incorrect arguments (Check log window)"
imm.markBegin()
module = imm.getModule( image_name )
modadd = module.getBase()
func_list = imm.getAllFunctions( modadd )
i=0
for f in func_list:
i=1+i
function=imm.getFunction(f)
sof = imm.getFunctionBegin(f)
imm.log("Start of function: %x - end " % (sof))
basicblocks = function.getBasicBlocks(f)
for bb in basicblocks:
imm.log(" basicblock duration: %x - end %x" % (bb.start,bb.end))
inst_set=bb.getInstructions(imm)
for inst in inst_set:
imm.log(" assembly: %s" % inst.result)
totaltime=imm.markEnd()
imm.log("Used time: %d seconds" % totaltime)
return "[*] Got'em."
No comments:
Post a Comment