Last active
July 12, 2022 21:39
-
-
Save Mukundan314/2e34797db0f811a02a86bb2e5f588cb5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import textwrap | |
| import lzma | |
| import sys | |
| from collections import defaultdict | |
| import elftools.elf.constants | |
| import elftools.elf.elffile | |
| import elftools.elf.sections | |
| import elftools.elf.relocation | |
| from elftools.elf.enums import ENUM_RELOC_TYPE_x64 | |
| def main(): | |
| objfile = sys.argv[1] | |
| with open(objfile, "rb") as fp: | |
| elf = elftools.elf.elffile.ELFFile(fp) | |
| relocation_handler = elftools.elf.relocation.RelocationHandler(elf) | |
| data = defaultdict(bytes) | |
| data_offsets = defaultdict(dict) | |
| for idx, section in enumerate(elf.iter_sections()): | |
| if section["sh_flags"] & elftools.elf.constants.SH_FLAGS.SHF_ALLOC: | |
| data_offsets[section["sh_flags"]][idx] = len(data[section["sh_flags"]]) | |
| data[section["sh_flags"]] += section.data() | |
| full_data = bytearray() | |
| section_offsets = {} | |
| for sh_flags in data: | |
| for idx, offset in data_offsets[sh_flags].items(): | |
| section_offsets[idx] = len(full_data) + offset | |
| full_data += data[sh_flags] | |
| reloc_code = "" | |
| for idx, section_offset in section_offsets.items(): | |
| section = elf.get_section(idx) | |
| reloc_section = relocation_handler.find_relocations_for_section(section) | |
| if reloc_section is not None: | |
| symtab = elf.get_section(reloc_section['sh_link']) | |
| for reloc in reloc_section .iter_relocations(): | |
| reloc_offset = section_offset + reloc['r_offset'] | |
| reloc_type = reloc['r_info_type'] | |
| reloc_addend = reloc['r_addend'] | |
| symbol = symtab.get_symbol(reloc['r_info_sym']) | |
| symbol_section_offset = section_offsets[symbol['st_shndx']] | |
| symbol_offset = symbol_section_offset + symbol['st_value'] | |
| if elf.get_machine_arch() == 'x64': | |
| if reloc_type in [ENUM_RELOC_TYPE_x64['R_X86_64_PLT32'], ENUM_RELOC_TYPE_x64['R_X86_64_PC32'], ENUM_RELOC_TYPE_x64['R_X86_64_REX_GOTPCRELX']]: | |
| val = symbol_offset + reloc_addend - reloc_offset | |
| full_data[reloc_offset:reloc_offset+4] = val.to_bytes( | |
| 4, | |
| byteorder=('little' if elf.little_endian else 'big'), | |
| signed=True, | |
| ) | |
| elif reloc_type == ENUM_RELOC_TYPE_x64['R_X86_64_64']: | |
| reloc_code += textwrap.dedent(f""" | |
| code[{reloc_offset}:{reloc_offset+8}] = (base_address + {symbol_offset + reloc_addend}).to_bytes( | |
| 8, | |
| byteorder='{'little' if elf.little_endian else 'big'}', | |
| signed=True, | |
| )""") | |
| else: | |
| print('re', reloc_type, section.name, symbol.name, symbol_offset) | |
| symtab = elf.get_section_by_name('.symtab') | |
| symbol_off = {} | |
| for symbol in symtab.iter_symbols(): | |
| if symbol['st_shndx'] in section_offsets: | |
| symbol_section_offset = section_offsets[symbol['st_shndx']] | |
| symbol_offset = symbol_section_offset + symbol['st_value'] | |
| symbol_off[symbol.name] = symbol_offset | |
| compressed = lzma.compress(full_data) | |
| encoded = base64.b85encode(compressed) | |
| print(f""" | |
| import ctypes | |
| import base64 | |
| import lzma | |
| import mmap | |
| libc = ctypes.cdll.LoadLibrary(None) | |
| c_mmap = libc.mmap | |
| c_mmap.restype = ctypes.c_void_p | |
| c_mmap.argtypes = ( | |
| ctypes.c_void_p, | |
| ctypes.c_size_t, | |
| ctypes.c_int, | |
| ctypes.c_int, | |
| ctypes.c_int, | |
| ctypes.c_size_t, | |
| ) | |
| code = bytearray(lzma.decompress(base64.b85decode({encoded}))) | |
| base_address = c_mmap( | |
| None, | |
| len(code), | |
| mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC, | |
| mmap.MAP_PRIVATE | mmap.MAP_ANONYMOUS, | |
| -1, | |
| 0, | |
| ) | |
| {reloc_code} | |
| ctypes.memmove(base_address, bytes(code), len(code)) | |
| add_type = ctypes.CFUNCTYPE(ctypes.c_int, ctypes.c_int) | |
| add = ctypes.cast(base_address+{symbol_off['add']}, add_type) | |
| # print(base_address, ctypes.addressof(add), ctypes.cast(add, ctypes.c_void_p).value) | |
| add10_type = ctypes.CFUNCTYPE(ctypes.c_int) | |
| add10 = ctypes.cast(base_address+{symbol_off['add10']}, add10_type) | |
| print(add(42)) | |
| print(add10(5)) | |
| """) | |
| if __name__ == "__main__": | |
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes | |
| import base64 | |
| import lzma | |
| import mmap | |
| libc = ctypes.cdll.LoadLibrary(None) | |
| c_mmap = libc.mmap | |
| c_mmap.restype = ctypes.c_void_p | |
| c_mmap.argtypes = ( | |
| ctypes.c_void_p, | |
| ctypes.c_size_t, | |
| ctypes.c_int, | |
| ctypes.c_int, | |
| ctypes.c_int, | |
| ctypes.c_size_t, | |
| ) | |
| # code used to generate: | |
| # #include <stdio.h> | |
| # | |
| # int c; | |
| # | |
| # int add(int a) { | |
| # c += a; | |
| # printf("c = %d from c\n", c); | |
| # return c; | |
| # } | |
| # | |
| # int add10() { | |
| # return add(10); | |
| # } | |
| code = bytearray(lzma.decompress(base64.b85decode(b'{Wp48S^xk9=GL@E0stWa761SMbT8$j;5JYlmR$e>05-$-it9#~al^p(bPMw+zlB?`6N!vL$nAlXp_q&YQ^U5~R=yDN`_V>U>7$XE31<05IO;=~aZ-u1F;%_F>eF}bkV?T=5p<{0Ird%}n5)f9lP>;kPJrl3)iBrCvl;71k)AE<WERO`YlRj&+5BxM=b6^>p(Ha%K9*Z|wU^!m6%z+`1OU!3@|+A@UErye(s_TTU{x*nHLj7cFzh|qq^)MDeOZ>)ewS4%F^<&3l8v~gY?bfcm15N#6nU{+cRvgFyQHXL`W0KN7Z~+1&vAYI5x#UjibzGXl9@yFSlpix8WVm3TK=B4-_#O=eqp@d@-WXnXjK|9`Hqc|v=-by0gN$nk^?$6?b@!)BDOps5BMrD7!&)ONuq&W5Cd3f0~}WRCW^E2#MNED;Er0Di7sVMI)+*Gx?8lHzn@Y-FyFp>3dKpxhD_dq)<2?pxNo>D1?){43@*kyr$>PZXFq1qO+CS4Avis+?jr3O5B%ka_{9O6e8u<Fg<aM(^3$~YQho~x`p!WuLz2w~=-I&$RT+^kn+g-ew?Og4tcCO(_<5{a?H^Itmt9-s;Ae)mf-5k7QG^_seq;Wh%yR%2X_uDVXXU{prHClKSC`)zTzNuMAUt|*8T0!vd+LODE7gM;y&Rvg`I7}xjea&n3}Oo;+i3A^(nu%|nqt<kR|1mth%g-pT#ccC*rdJ_W~nV4A%Aj1UzdIl530}FuZ0Q^?&Xe4X9rTq)L>Nw$_~_@>iX1x=WNPE!_;Ag1>y}qbepunJ9zc<I>2NLl*2ukBhf{|9}?&Zn7i=|BeHEZ*76E^Xy=tH;1DC3k*utdqdT6H{>rZy+h*#6eYS4r`=-&oou@|cJ|U)8Mel?_#JuL`Fb@<R4gH81mC%wkA-8HtUCMI43rU^<!sfT=M`KNP3Slw;hJiv;26Z{A>gqNVbWlB@nhOA@0aTFFVn}`{57BZ^X+S-b8R`6SfvTj&N6sGKTFaC98|P1})bZoj(3?t<X~Fh54GtNW&4L|IhQrRG-RjX@iLsv4QGMZKbO#a}0>OZ6g$rj8znJ;G*0B?|uFL2rs&n)xmkqSbradT9**w5u=xwhIbU%9*0cpw=JdQ*MIN{}~iHep7y!t;1jCcvBAzt;MOw43ixrnr2S@&^hNxC0fk7DZMFXb8DP^^N+dn}#W{G2m{TK6rpmL{*%QKqjK0df`0rw}hZmX7^oo;p9oR7Pn2Tq(2lzm<xhDN7^p%<~Jys<V3tkJI_wy65XSyV4<Pbz)E=`|F2Rv<R%s+^utK$=DrLa}J$u6RUW|nqVi-qwaa;bPQS)^UB!b8~MU>M&RS@@DSq`)u>@rjgX9)<3P9&GAq=Zmj{D%PSp1#jyU;JfD*;%H`OP$cTiBrw5s~0vBQP2xerLWP|<E2O$#xb*^i8KDFyS%)pvxasg%}tq>!R?W{j?wvk|!$$)lTQ7>XQy>f?y0Pl`^khL$O;BbiL^ko7s)P2C`SarmsK`+ZK4hu;VLqx-&Ua)?CYA$Y{q8y@vk`Kh7K2a3w}VHiV>Tvbja&dPVZG>Q*8Ic^n_y#I|-sl8hCt`~Gi6bB95aiC}``H>7v5*7yO4jMj$^!*d$(l6K4TlD*m3{CHl#FCd&0lJWo9ED~(MD21!WLNG8YLmW_C83x;+#F=HA8o_xGSDqiDAW;18+-)un>sVO&vEW(4}bc}Xm*%~6()&}1ID~sX^+7Z9KJvbif)cSt+Ie%7-r0!Oa4Yec|_hU@;a=E22GBVWw3jT*()3SWGC!^5x%{og%3sf3`6cutR7e?KPBoF(G^@`lBX|RaL}OM)84fnv^82w(m|JGld9$3F4wB@*7KGWAH(-(pz!QJvNf9#PHI=^xr?!~rMEQRtY0NI$D?A&d7-QCleE@Z_h?>UKSM3bhoI;WUs~h~)^_z@I5a|q61QcCAvelUZC`vWg)@M0Y+kyOK1Fa+_z;I|N-W9(k0r{oxH{o$ms3%;ihIMjO9fqL6+TEKkm~vhg~BD@mRXq+fu?sq`y1DB7G?{Pu-ywo+g7EYX)PvaNtDJAMgKVE`|{BkcT9vIsxBLG3uU}OJyudE5g$T&qo-2MA!4tSrm6h-$cNT`xzE<Qt75HumrOrdzc;pLdiA52=Y4@WOchG=kUebFm<AQ#gWPTFU~tKB4JlD)#ATFxfa7#$0R|K6oCCz94|fAdK`90I<Af)iEw`J3g1g#G1TBej3f3Er^=V5yqXV$Nm!84f$7>1~%FP#y(dU{{GBKA5Tok)*i&$+8_md0uNo%KaT7a7<60&mFD$B@?2mV?7<l2_?oZlp%G;1!+kz0SMaivuPN2Jm)xz4zi;(d)IdQ=ra6V-rW6%vfa&m^e(W;0_3u~%Y;BquJNF%y@@V1iCVUJr<;JjjV%$>+C_<0_?t6nd}JNS$aA2&d1_z&n&<uyfu|XtkOk;|_~7;X8Fp+oSR6lHxbO{o&l98X{{s&V7R`a%Z~<zMpABXjY%jjusO8{E@w2*je14(YJHBKYaaK#0V+-Kf4@qNz#H0#2~=117z^0t9?q(Lp#t|foe+uRkrdGNr4Bsef7Ok*>uuUjWQ2DxM85o=CI$0Bwli*R4<tpbLOg#^}nk<hBt0>Hk^MGr7@U?4#Ox_X;plPXwjzpmotL^`CVnzb*WVb_5+TjE;N*no_u@#Yg!oRN>_K!rvTy}Z(n+?EP1evL_WJNfuqJYL9C5GG0`-pPmbZQ^m&7ofFLP1Z(4v%I^`BP{wieaeS4Q6fL@t@Sa@Aq!oTiQ3~mXhI3KX*z6SZX(n4R-q~Y}xidH8BW9Hx<bLDMnvr0EX>*NkN7L@*c!a>O@ncs*jSo^Tu$xg18y29^(5Wn&1k3qbMK+fkv?kYEE(>vqM!!J2+0q~^<AxyLAjYfccXX!+fbuOrBn7f2l&E8!4#hzuApnZe<wUbFK-2BuBiUr~?P;zZ{R{cm8&o;am+@zInb2()6Y|p)GT&+@p83LrZ45@c^Q_0D{koYzQtT}WIS>lou{mtBSKIvTuhtaKa?(#8b=2Mwz1lJv(Tk6Vml8GRlNb^DKJS|gxCVc!u2-6Qm68`3J?#zxG5Zd2xl)kMY9#)$@vf`O9<fXEtFv4J8Srad)m=OZWiCV6P(YGzS{(|aiXLHi+qHJjSL}VLHlt+zpTb((UyqeSMw`xt;ZUn9ebMnq6{q~+(Ys}klkyu2*-(ba9^QaDJ6-PkD^HL~La_`ZH=#&gFLWsd}$~PcUVO}jS9g^1-Kt7Z%)OJO3+j-|v#k2(=oK|d)<1rTd*>Zq-OV4IEQhO&}ZfT?qnoyn6XHl^A_`XgkV6a`R>a{M+tCYPBM(gN-rC{~NKLu;$qF_-W4nDWekwbfY<z(Ywly(QiwcNKD4`&m#&Y1NfnCfIzmbskn`uho0RCP>}ROz1+Y_0v!%LY!mP+3WhGI#PQVlEIcwiG_gFtWM$xY%KroH^oBxrPl~9h+;$6E%d=ZXM}TVhfr+If;@ZD8Iy7jw>0+M|3ozyv7tco!V|Wdyq3r$`A1qGD$b0Y_TY%8c@~pg<hucvb+66{<(A}1kY30`xP6TxY86Ii?7?zhlYSejQlxRdP>diS-h2riErxHG1=o%)%{W^%i<=!j>M(k@a>TPqprvug3LvZaIEIR2z$D0Df$F7%bP^>oUq_EKC497WlJ+ZbHbKZf=f*^c%nDWt?f4(Z>dWBFcRa3B{ed1dvshY#PmbKJ-Gh=NJvt>8x_~RxeYV`c2O2HWo)??PY?aRlV2_|k;ez2zL_lD?4~#8Uhne!`9~CCFTVIeol;(_#GFfhkZ=0f1AT)qh*00qY8}yEaw&Rn_r{*$;4N(r<7s^&$!eed4oWT%gTqOb54eyqRi{X*fuo51KyA*Mh*s5lwe4B}rLHdWvo>*;SKq)ki9K*)`5or%Vr#NAaM&>$rtRY#vGA4H!|gBOwu5!`CKDIRavh!Jk${-rkrBdhSP>;3a?%0~eyMMk^eX*Rjm7aad9`%R;S{{3Xm$*bopR{@v*9T+x8&1+sru8R;Rq6VMn%g?EC2p^2v}sUoFmAbyHyM+2cyH~)NR4=o{vq)%4js^^|MyCHL7G{$5926Y~H#F)hGI#`{8IR2<2;}%zvKPvE6JsMoT9BDB&19pL<&)wRPLFa(m7+8UkW457xnoUmgQ|I>%~FU@$WgZ!$c`tg{2bdeV4}oa$)}hdZrGHl(Q;Q4d;TR1Rx7WtUk{Qa8MgT%#cFYg{?kEWr2zdls@Dm)e!|gS+t%e7dPuSkq61>&@$aietrx@CT#k@J%MN>sd*ydKbv@QWv}hRn4v0Aau<rd&@ewyd4smA<+A|N1B1ZBm1D?sNdtyKV}HFD>D$!1uS1&ud|b#zd6I~Z|71Csr+V$zCIO=yW6jV1;eTleC2xkKO2;BN48nuksmBfJmkqLqfQ4S`aX}pMjB-&)sQB;RM9Zv?l|FM83(wWJJor2%15^I&JrfK`R&U991~4pc@SPZ5)Gr=0OBc9{c2GTB%Sr?*Q&pkZakr<J%>x;AMt2>HxpN0z!%`|SWw?6x{?|FUmktP!V$)@DbjQlM6iepLOmXRZ2JXxH!A-&h)LonwodOqb_bMMgzR=N>MG#@@=uh-6J8A+Rr`u2D}Rn>&Somdg}#fi)e645+#JzLvT@IjJ6<|;#K`tryRj1Z{zD_#-J5^)Az^ywCFb6!fhoW8?u*cKNSn)jDF%o-{!dcjfS&Ur;#kh?Ij|eC^sB%xL$!LS^cY4}IMj%b77D+3ej4*GY%LAnN>xF!QuO;Od)daxl6}&^LQwzC#^?A@=A&L{c8OSM^q}YrIlvx&6#Yf`Qa9aHcLLB`!Zj#G1rXy6Cdj(Y#`bjxISfYz-w~?BOMz;c1M&0M+o6pA9@X+TA1?<F$;^YN^0Ccv;BEIC^LlV65gY5<k)hgOz>@#GUmF2*g2XIWt{oY`{s2<gIdyRt!V#Q_D4Nz5X&3RA5AskR_ujGS{k7f9=NbXVvW*xM3($%NEm@3{eF<}5XOP%gmBa~^9h}mh6EX+Ya1;V|S&m32*)uV{%LANkepAQ0xVadFB#w||^^%hS;cAgDLOB*8TukB5eszq{o`gdQRHvJlxSV<*jGAgm#$xat%0&l2A;@7su@9!4Ji2y)ZRZDyTTBf=TTi+EHx9|w{UuQvg|aKjw}fD_q^~d6nnH)v{MbtBDSG_$IY@BT<$EWU=5qk~$F44k?X!QpRo$vN`H8x*!f02<BX`F*UU*`JKIuv4Jbu(To3C80s=VonZFZB}6cUDnCiFdd6Pq-jZuvoLZ9Urp=J4P1wi*O)`;V@cWaG`cWZun9Iy?oV7WzFT7jM1{WOfA3A4%!iUT5Oof>p#_z3mDP{aXJ|A@sZV<KC@PEAbqR0=CV9ws`hY?V*@j8n`Ac@leNH4W4(4UQTK$zT#%sPb3aqw8EOrqQPw@6)fPPGy#-;Ub57NV!-~5(^O$*P!{>$c=0F1BCIPr3`89Vlr4v=K;tgsX0EEBhi%86&kJ`OzsZr!bSS~(G7E1hkLskkm&5^(*>DM&(3Uud*<8mHq)t(?KqOag2eVqYWnevk8RTg<;W1qC-&q%-S;)|Eh*&%Uhr#R?PVG(;P}aN=KXArz(*$F0-f0jCW2lMsRdl7}_^6zED(BS#7`XC4S*iGuJ`|!tUpW|Gu=N;N1=<o{D*~Rl7gD}xFk;)R|DO0er|kmil32VrH1k8VI?lv^g`O{nARAaB$Xy0to6d~x?PzF~A6F(5DW!{=5=n-w(d65GN~Po37L<XIUDT~tFHoaxA~Z{x0z{ScU?s9ukmja~V`?O)g}mv!MEm0h3(BYvijNRMRR4XyP~!c)!|mA`qG~$i;L0I3&3VHjubbx7Etu(9BnzNnP_9|Y54_yt;DzO}eSc#vVwwyZ#Hm7Gn5zO)JZQ-OSAZkAvX^?R&X2@_=~}aC%Q3|8jChs}@Z2Bj1qn9db2+Gt<v;)V2>WdR_fT+Ft^-t-gZCSOCoD9Q2%Z2YF6!z(2W5Z+*s;ma2`K$L2%dCGU~W_A)tpQrrDekdvnN-?IF8>3at_;xvtol1FBpR2V&HbYW2;%A00o+`vN7^N_yv^XTvrqc<_seyg*S!WGNh~nNfG9NkrB;j*Ixqc=sqt^KKNTmZ|Kr_PJ<iDXPr3_H>{<^>ZS%WK&}TF0bLMf*{NG*ePo*K;!MYShc3FF`vSlKS`ICjWQnS9DUwrwB)fp#Hh>s19N!-Upf`8nwp-@x3l*W^Uyh3^3eS<fX@XG;kxjU62`mo%$Lxq;=%%!vIS~92<jkxK=)(BKH2V7$!LEPj+k)~*wKJrc9e~mIwVseaej)@o4jk9?hY!MWpO`gdlhk6ElNWiQ8$SBy?SB@WKXbom&Z4>DB>c<xq|m(#k*&7Q1f>TE0{qO`{TsVlXT#V6$r+*zbL8vIXm(!GaWAvRU2;QqC$!9r`mAb7x=pkXvFKlM%YI{*{jK5Cx=KeI!INA4T=eKglz9CyNRLMj+Knu3B*Gglm-7jdrWP)y%~ZQV#{neW#C>(18&upyz>y~{bUY^lVr*095O76B*rp^}t^gnz@HYP)aE4bOnLOPX8aSBV`2IZfn!m_W;tkuRX$e{v{Rxo!mX=T=njoDcE<3D-FZEx9H|gfVQ$4)}g{33(I~;ry&En$j<9d4@;hOA<rYvXEAhu)O{U4o4(Hpwfdz>jeP}OvRnHaMYH0nytZzA8^jripwoD3^2UvTc&BtOWdYTgu$hVAQ{4g??vcPI;@mJ^0I5kGMfOW67~Q>s=%V@w?hBdl3?V3Hd5o!mdIMwqgm!wbxMYvNe!FPBX2s-jgC5KN!^L&FzR4;O-aBQiXA_)D;kgW0Yw(Q`Iqaj{z1!^0*IrUX7h<w=>PtlxRMQ}kh?*+KyX8F|~$>|tsT^bNoVqevP-FgZ!4&uI(tJrSl<VJ?H|L@zHNY=wEU8;VO9k3~zvUf`MulXj*sOo+lFGet0W6@qpsuvogzKIX^3f6s5^J73=KmACmkX?kB=UVrF6R-MJ4`kOfalFAlIljV>OhvZj|(9Dy0Y%PughwKhFw?WiXYPI$zlR2Jr(W85|;AKE!J=vuV3;a?FK|!vsd@#ay&O8SeT0`cF?yvbw7N-%e04x>Jrk$c9OZ7*vJ3%k>z-C<(p?bI9%^c2L(ZRPiBqp*R74g)Vq$RC@_sVW0N<9|)s@z+$u>^wZk@fs8rOdO=vxF9N>n=n*H4rYrP$CptMqBJ}J#unq9E`T~MfYD(FEks$qP$}fITW$HPcHO|lx)K*mJrC6IWJkq(9Peruf&X%JzLX}W<fNivde#NAUq)Zy0fPWTeGjNO>xj<ID9DKADFsXFGj(sIU}s;kh3(1lXj++u~`PzP;P-jf+Jc87T~4&3-Jzb+IQ+uFax0?H@LewBik!dwJWSX*03}>brLid{crY3i<nC^&6=e5=FngbZ%JdnII+G4u?5-Sc|UdS?T(yXzL0dK4WyxVJ4vF?#NIC-X4!V;GpvUvZ9cXKqXh=w?zLz3kyYe6im(`^vL&Y2XQQl`09rC1#@q>Pkhx7^3WSYP11gr~8)<t^isKE?Rj`*s!}Mqa=Zj^)3}D`o#$11K5KdqPAs&O8a!B*x1Q<Mj7+Fo8*>!t7ibIv0EOB6!V_kSL*D8tLpmxnaWKF*J*!(<`TEWSz|2jaAx!A`7dfGioZsmbX_xHRZ;TU|~0zh00;f{)=!eMxAXQ0LNwP=KH@F!7H&~VjX-e(k}n#27;6)t(oQ?9j`&*h^Q9%~@qR;Va`^wSjIOlf?^h}2Dx&n$;4ck@wM`_5y*KfLOeG+*nPEv8^70(|YER#flA;E3=5=`kSjPHIcOfsI{*A_nZ>#=n1R9=ggBRM<mVyHGb>9jYi?E12-6n!mY~O#8Pf^W6|o!8+?mLoJSP@Db=l=u4CMj@4I}GOsRRQiuPL<%}Z_);qomRJtmm?2N;hdD4IZc^DX?tR!r#9N47Z?YeDWrUmU<bRcd3UawI}z!x@oPkx_*2;Ztv6#zuyfB>$t@e~7-EK5fq#(ociecK4OkSA%|!-Z&q=U#Vyxoo%h4>=MZqg=P}C?vkGM2=BA2hufM#y0V7DI=qOr|;!2Rb>g0)1nIu#Bviy98cayh+aVGOJ7FGTqK(Zwy=_))|xd%(S{CES6tT2|DUQdj<8<V_g50_$f?F=-UL>CK{Tc}@~Zd@eKU{4|3GEyeW!p-x<RGw0Rc=3aD(X$st)>-9FDxZTyEy+CL2J?6bEOK-0gxZS6okg^N#=2Y&aeVQUTNDW-srSKsJ0X`<iC<2^J-j#U+3a(KNZjI0K@~voF^Na2_xv%RrIp0_5j>{@U(&YcV>LhqdMqi;s*zIdxW>)U62TlZp$tDt7_;U54%g`vc3@iDhxPd}RTWx{EH#5v#>pqFIbg$|YKQ*4o)gg^rmnC6~H3A1clb754pxgONk^r?`G4x8cP{K<S{a>=vn~=;Vbze&oNR>(8;<!x;AqCZjfrW8(SSP>6a4qAr_0xi1W$rI-}(Tow=OW8o-iYH_NRj+7rL{{`Or=OXfgxq9+flviq37He?Ok(5wu(w;poYk2C9E9H2iXNq%1_(WtJ;#Zy^SdQ_l*raheeiSvkHtz1R*H1rnv~|<l4|T|8<ERT~j#C%V>JNq*x42kphN254bbWO2F;YaNPI<H>p*4EQB1n$3C;hGuRE<TM`G<hx<cVg4{rl<@99}D$4BYV&T$a_j;p7tH?u(&ACB|k~lLpg%d(izPe!qMd2JzPCzw17>DMGg`NDMwLrS)Z4QSw3_r&k#U`2<WZ*T*SJP-|mI-24Nkq$uhTNB8f`Mp@BCIS1I4EIs5+#MuST>ePKp8SJnfBaOodeM*}!Zr}l)?*TfTC$=BU*GP_$V0A2FWX%9$c6{E{6QFD3{%$-o^iN~%ZcM!+r;Tv@w2lL)xC9$b$MW2c&t3+fi41c_T_XHR0@#Y=OH9jNAVP-Av~Y|;eT8F@TW`ZwulmK@XmgT6C2=WVkQl80o@V}x3Q#SFpB}2mWuVWr4?`giD{6h;44{A7ljME$snHg{gkCt7ks-ry*uIOYGtNVexz)OF)>(ZKMA^@wI_BoYsLyZ-j3?9IU+WSsh=|)c{X4c8Eg0Yh2Z8TCjzMHhs`ZiYSlNpe9f(BF0}e~>hwxLiE{^}U-4>@$52I}L!!mH}6iwsCtw{UjWRj>?^mNn_Ujtg<heYr#nJ8>!5kMp>s)7^-9(Kb$j`z8J(&dY8d90gpro?6rQ3pD*D^1)!L>Tg3H_s%eK6n@T4nonrwbedKo*vaQP;cW^D<o_o;jgTMmo3&yryQ+-@lckoal)BWzOpiVdeIR5{C0TiyZ69B1y{Th(WBMKAv@c)U0P%HY(Vm-r}g-JfFwDXgSp#giXN&vZfuABlr0Md<9!9|IZKR;1iTx(f%10Qdpq3QbD)<ncl#qq1M`P55Uo-1g=((VKnEEQEUOR3P>{SIa^L?ZhU$XYG`XCC>QSdk=kF7d!ip7jF6zHAkwu_{B)AiS%C!Kxe|{DZ!8)EyI~^yq*|(#*)s1(86FK&dz=#OibAxQC(I=WDAJMt0L4ZR3!ZfBrAiKlV`m&0Ow&^}_@P`-~6w_u<Ta0Po%8(ikI~jx2*Jt2<cNwh;E=x90K;1UXvRwSa<Q7{Hiy^U^$WMszLW)S3CVqF_VD{=h00000Hr`$2QaBI>00FW)(QE(!j01z6vBYQl0ssI200dcD'))) | |
| base_address = c_mmap( | |
| None, | |
| len(code), | |
| mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC, | |
| mmap.MAP_PRIVATE | mmap.MAP_ANONYMOUS, | |
| -1, | |
| 0, | |
| ) | |
| code[12457:12465] = (base_address + 12473).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12465:12473] = (base_address + 12473).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12497:12505] = (base_address + 10588).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12545:12553] = (base_address + 10625).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12553:12561] = (base_address + 10617).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12561:12569] = (base_address + 12725).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| code[12705:12713] = (base_address + 13765).to_bytes( | |
| 8, | |
| byteorder='little', | |
| signed=True, | |
| ) | |
| ctypes.memmove(base_address, bytes(code), len(code)) | |
| add_type = ctypes.CFUNCTYPE(ctypes.c_int, ctypes.c_int) | |
| add = ctypes.cast(base_address+2957, add_type) | |
| add10_type = ctypes.CFUNCTYPE(ctypes.c_int) | |
| add10 = ctypes.cast(base_address+3021, add10_type) | |
| print(add(42)) | |
| print(add10(5)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment