Merge pull request #1106 from WilliamBruneau/loader_examples

More loader examples
cea-sec · Dec 4, 2019 · a900c85 · a900c85
2 parents c37cec9 + 2cf53c5
commit a900c85
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/example/loader/get_exports.py b/example/loader/get_exports.py
@@ -0,0 +1,18 @@
+from argparse import ArgumentParser
+from miasm.jitter.loader.pe import get_export_name_addr_list
+from miasm.analysis.binary import Container
+
+
+parser = ArgumentParser(description="Retrieve exported functions of a DLL")
+parser.add_argument("filename",
+                    help="DLL filename")
+args = parser.parse_args()
+
+
+fdesc = open(args.filename, 'rb')
+cont = Container.from_stream(fdesc)
+
+exported_funcs = get_export_name_addr_list(cont.executable)
+
+for name_or_ordinal, address in exported_funcs:
+    print(name_or_ordinal, hex(address))
diff --git a/example/loader/sc2pe.py b/example/loader/sc2pe.py
@@ -0,0 +1,25 @@
+import sys
+
+from argparse import ArgumentParser
+from miasm.loader import pe_init
+
+
+parser = ArgumentParser(description="Create a PE from a shellcode")
+parser.add_argument("filename",
+                    help="x86 shellcode filename")
+parser.add_argument("-p", "--pename",
+                    help="new PE filename (default is 'sc_pe.exe')",
+                    default="sc_pe.exe")
+parser.add_argument("-w", "--word-size",
+                    help="word size (default is 32 bits)",
+                    choices=[32, 64],
+                    type=int,
+                    default=32)
+args = parser.parse_args()
+
+
+data = open(args.filename, 'rb').read()
+pe = pe_init.PE(wsize=args.word_size)
+s_text = pe.SHList.add_section(name="text", addr=0x1000, data=data)
+pe.Opthdr.AddressOfEntryPoint = s_text.addr
+open(args.pename, 'wb').write(bytes(pe))