serpilliere / elfesteem Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/elfesteem
Automatically exported from code.google.com/p/elfesteem
It is not true that __setitem__ in python 32bit is limited to [0-0x7fffffff]
.
The problem is because you did not use "New Style Classes".
Instead of the complicated commits of November 2nd and December 13th, you could simply have replaced class virt:
by class virt(object):
and everyhing would have been OK.
This version of elfesteem has some significant improvements over the version in PyPI. Can you bump the version number in setup.py and package this version for PyPI?
Apologies for opening this as an issue I just can't find a better way to contact you or Philippe.
e.DirRes
Traceback (most recent call last):
File "", line 1, in
File "C:\Python27\lib\elfesteem\pe.py", line 1457, in repr
dir_todo = [1] + a.resentries.l + [-1] + dir_todo
AttributeError: 'list' object has no attribute 'l'
e = elf_init.ELF(open(FILENAME, 'rb').read())
results in hanging script, eating up more and more RAM. When you stop it, it tells you it was here
https://github.com/serpilliere/elfesteem/blob/master/elfesteem/strpatchwork.py#L27
With dd if=App of=App.trunc bs=1024 count=39405
I found out that the last "good" size was 40350720Bytes (count=39405) and 40351744 resulting in deadlock.
I couldnt tell what the root cause is as I'm not familiar with the codebase but it certainly has to do with memory and boundaries.
Btw. I also tried https://bitbucket.org/LouisG/elfesteem which also comes with ELF64 in general. Same results with that bigger file.
I hope you have an idea what could be the problem ?
Rebuilding a binary (using "str(pe)") on Windows 10 doesn't produce a valid PE file, even if no modifications have been done to the original PE (which is valid).
Steps to reproduce:
In [1]: from elfesteem import pe_init
In [2]: pe = pe_init.PE(open('C:/Windows/System32/ntdll.dll','rb').read())
In [3]: pe.SHList
Out[3]:
# section offset size addr flags rawsize
0 .text 00000400 10d7a3 00001000 60000020 0010d800
1 RT 0010dc00 0001f5 0010f000 60000020 00000200
2 .rdata 0010de00 0442e7 00110000 40000040 00044400
3 .data 00152200 00780c 00155000 c0000040 00004000
4 .pdata 00156200 00da94 0015d000 40000040 0000dc00
5 .mrdata 00163e00 0034d0 0016b000 c0000040 00003600
6 .00cfg 00167400 000018 0016f000 40000040 00000200
7 .rsrc 00167600 069448 00170000 40000040 00069600
8 .reloc 001d0c00 0004b4 001da000 42000040 00000600
In [4]: f = open('test.dll', 'wb'); f.write(str(pe)); f.close()
In [5]: import ctypes
In [6]: ctypes.CDLL('test.dll')
---------------------------------------------------------------------------
WindowsError Traceback (most recent call last)
<ipython-input-6-f0a9a7593b4e> in <module>()
----> 1 ctypes.CDLL('test.dll')
c:\python27-x64\lib\ctypes\__init__.pyc in __init__(self, name, mode, handle, use_errno, use_last_error)
360
361 if handle is None:
--> 362 self._handle = _dlopen(self._name, mode)
363 else:
364 self._handle = handle
WindowsError: [Error 193] %1 is not a valid Win32 application
This also displays a message box with:
test.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc000007b.
To be sure that the problem was not with Python/Ctypes, we can also try to load the dll using rundll32:
C:\> rundll32.exe C:\Windows\System32\ntdll.dll,atoi
# Works fine, no error displayed
C:\> rundll32.exe test.dll,atoi
# Message box: "There was a problem starting test.dll. test.dll is not a valid Win32 application"
Version info:
The CPU context of an amd64 minidump sounds to be off; here's the context from windbg:
0:000> r
rax=deadbeefbaadc0de rbx=0000003bc15fdb60 rcx=0000020fe9626000
rdx=0000003bc15fdb60 rsi=0000020fe9cdb098 rdi=0000003bc15fdcf0
rip=00007ff7004900cc rsp=0000003bc15fd778 rbp=0000020fe9626000
r8=0000003bc15fdcf0 r9=0000020fe9cdb098 r10=0000020fe9d4c948
r11=0000000000000013 r12=0000020fe9626068 r13=00007ff7010724d8
r14=deadbeefbaadc0de r15=0000020fe9626000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010204
Here's the one recovered via elfesteem:
=============================CPU==============================
rax=0000000000000000 rbx=deadbeefbaadc0de rcx=0000000000000000
rdx=0000000000000000 rsi=0000003bc15fdb60 rdi=0000003bc15fd778
rip=00007ff7010724d8 rsp=0000020fe9626000 rbp=0000003bc15fdb60
r8=0000020fe9626000 r9=0000020fe9cdb098 r10=0000003bc15fdcf0
r11=0000003bc15fdcf0 r12=0000020fe9cdb098 r13=0000020fe9d4c948
r14=0000000000000013 r15=0000020fe9626068
=============================EOF==============================
By trying to open a ELF file on Windows python x86-64, I got a MemoryError at this line : https://github.com/serpilliere/elfesteem/blob/master/elfesteem/strpatchwork.py#L25
>C:\Python27x64\python.exe
...
>>> from elfesteem import *
>>> elf_init.ELF(open("test-i386", "rb").read())
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python27x64\lib\site-packages\elfesteem\elf_init.py", line 756, in __init__
self.parse_content()
File "C:\Python27x64\lib\site-packages\elfesteem\elf_init.py", line 771, in parse_content
self.sh = SHList(self, self.sex, self.size)
File "C:\Python27x64\lib\site-packages\elfesteem\elf_init.py", line 473, in __init__
s.parse_content(sex, size)
File "C:\Python27x64\lib\site-packages\elfesteem\elf_init.py", line 309, in parse_content
c = c[12 + namesz + descsz:]
File "C:\Python27x64\lib\site-packages\elfesteem\strpatchwork.py", line 25, in __getitem__
s.extend(array("B", self.paddingbyte * (end - l)))
MemoryError
It seems that on linux sys.maxsize == sys.maxint
:
linux-machine$ python
...
>>> import sys
>>> sys.maxsize
9223372036854775807
>>> sys.maxint
9223372036854775807
But not on Windows:
windows-machine>C:\Python27x64\python.exe
...
>>> import sys
>>> sys.maxint
2147483647
>>> sys.maxsize
9223372036854775807L
Also maxint has been removed in python3 see https://docs.python.org/3.1/whatsnew/3.0.html#integers.
I tried with two exes. One complexer one with icons, dialog etc and one that only has version info. Both produce a bad exe when read in and written out.
from elfesteem import *
FILENAME = "symget.exe"
e = pe_init.PE(open(FILENAME, 'rb').read())
open(FILENAME + "_copy", "wb").write(str(e))
symget.exe is from Microsoft and public available.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.