1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| from pe_loader.pe_loader import *
from unicorn import *
import capstone as cs
check = 0
boom = 0
def trace(mu: Uc, address, size, data):
global check
global boom
EIP = mu.reg_read(unicorn.x86_const.UC_X86_REG_EIP)
if EIP == 0x19:
mu.reg_write(unicorn.x86_const.UC_X86_REG_DL,boom)
if EIP == 0x1f:
if mu.reg_read(unicorn.x86_const.UC_X86_REG_FLAGS)&(2**6)==(2**6):
check = 1
mu.emu_stop()
return
if EIP > 0x30:
mu.emu_stop()
anwsers = [0]*1010
count = 0
for suffix in range(0,1009):
path = "attachment/binaries/"
prefix = "binary"
if suffix == 993:
continue
loader = pe_loader(path + prefix+ str(suffix),UC_MODE_32)
vaddr = 0
vsize = 0xdf - 0xb0
raddr = 0xb0
rsize = 0xdf - 0xb0
content = loader.image[raddr:raddr + rsize]
CODE = content
BASE_ADDR = vaddr
CODE_LEN = vsize
uc = unicorn.Uc(UC_ARCH_X86,UC_MODE_32)
uc.mem_map(BASE_ADDR,32*1024)
uc.mem_write(BASE_ADDR,b'\x00'*32*1024)
STACK = b'\x00' * 1024
STACK_POINT = 30 * 1024
uc.reg_write(unicorn.x86_const.UC_X86_REG_SP,STACK_POINT)
uc.mem_write(BASE_ADDR,CODE)
uc.hook_add(UC_HOOK_CODE, trace)
for i in range(0,0xff):
if check == 1:
anwsers[count] = boom
count += 1
check = 0
break
try:
boom = i
uc.emu_start(BASE_ADDR, rsize)
except UcError as e:
print("ERROR ", e)
uc.mem_unmap(BASE_ADDR,32*1024)
import gc
del uc
gc.collect()
with open("attachment/binaries/anwser.txt","wb") as f:
f.write(bytes(anwsers))
|