-
Notifications
You must be signed in to change notification settings - Fork 9
/
fortify.py
executable file
·83 lines (55 loc) · 2.07 KB
/
fortify.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/python
import sys
import os
import shutil
import cgrex.utils as utils
from cgrex.Fortifier import Fortifier
from cgrex.VagrantManager import VagrantManager
def self_memory_oep_test():
fname = sys.argv[1]
ff = Fortifier(fname)
#print ff.dump_segments()
assert not ff.has_fortify_segment(),"%s already fortified"%fname
if not ff.has_fortify_segment():
ff.setup_headers()
oep = ff.get_oep()
print "--- original oep",oep,repr(hex(oep))
ff.set_oep(Fortifier.fortify_segment1_base)
injected_code = utils.compile_asm_template("memory_scanner.asm",
{'code_loaded_address':hex(Fortifier.fortify_segment1_base),'code_return':hex(oep)})
ff.set_fortify_segment(injected_code)
ff.save(fname+"_cgrex")
'''
vgm = VagrantManager(sys.argv[2])
with vgm.get_shared_tmpdir() as sd:
save_fname = os.path.join(sd,os.path.basename(fname)+"_cgrex")
ff.save(save_fname)
res = vgm.exec_cmd(["exec",save_fname],debug=True)
raw_input()
'''
def inject_helloworld_test():
fname = sys.argv[1]
ff = Fortifier(fname)
#print ff.dump_segments()
assert not ff.has_fortify_segment(),"%s already fortified"%fname
if not ff.has_fortify_segment():
ff.setup_headers()
oep = ff.get_oep()
print "--- original oep",oep,repr(hex(oep))
ff.set_oep(Fortifier.fortify_segment1_base)
injected_code = utils.compile_asm_template("helloworld.asm",
{'code_loaded_address':hex(Fortifier.fortify_segment1_base),'code_return':hex(oep)})
ff.set_fortify_segment(injected_code)
ff.save(fname+"_cgrex")
if __name__ == "__main__":
#./fortify.py ../../cgc/vm/cgc/shared/CADET_00001
#self_memory_oep_test()
#inject_helloworld_test()
fname = sys.argv[1]
ff = Fortifier(fname)
assert not ff.has_fortify_segment(),"%s already fortified"%fname
if not ff.has_fortify_segment():
ff.setup_headers()
ff.set_fortify_segment("\x90"*1000)
ff.dump_segments()
print ff.get_maddress(0x8048f00,0x200).encode('hex')