hamano/psum.py

## psum.py
#!/usr/bin/python
from ctypes import *

x86_64 = [
0x48,0x81,0xec,0xa0,0x7c,0x03,0x00,# sub    $0x37ca0,%rsp
0x66,0x0f,0xef,0xc0,# pxor   %xmm0,%xmm0
0x48,0x8d,0x44,0x24,0x88,# lea    -0x78(%rsp),%rax
0x48,0x8d,0x94,0x24,0x88,0x7c,0x03,# lea    0x37c88(%rsp),%rdx
0x00,#
0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,# nopl   0x0(%rax,%rax,1)
0x00,#
0x66,0x0f,0x7f,0x00,# movdqa %xmm0,(%rax)
0x48,0x83,0xc0,0x10,# add    $0x10,%rax
0x48,0x39,0xd0,# cmp    %rdx,%rax
0x75,0xf3,# jne    400820 <psum+0x20>
0x8b,0x54,0x24,0x8c,# mov    -0x74(%rsp),%edx
0xc7,0x84,0x24,0x88,0x7c,0x03,0x00,# movl   $0x0,0x37c88(%rsp)
0x00,0x00,0x00,0x00,#
0x41,0xb8,0x01,0x00,0x00,0x00,# mov    $0x1,%r8d
0xbe,0x01,0x00,0x00,0x00,# mov    $0x1,%esi
0xb8,0x02,0x00,0x00,0x00,# mov    $0x2,%eax
0x85,0xd2,# test   %edx,%edx
0x75,0x48,# jne    400898 <psum+0x98>
0x44,0x8d,0x4c,0x36,0x01,# lea    0x1(%rsi,%rsi,1),%r9d
0x41,0x83,0xc0,0x01,# add    $0x1,%r8d
0x44,0x01,0xc8,# add    %r9d,%eax
0x41,0x39,0xf8,# cmp    %edi,%r8d
0x7d,0x43,# jge    4008a4 <psum+0xa4>
0x81,0xfe,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%esi
0x7f,0xec,# jg     400855 <psum+0x55>
0x89,0xf2,# mov    %esi,%edx
0x0f,0x1f,0x44,0x00,0x00,# nopl   0x0(%rax,%rax,1)
0x48,0x63,0xca,# movslq %edx,%rcx
0x44,0x01,0xca,# add    %r9d,%edx
0x81,0xfa,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%edx
0xc7,0x44,0x8c,0x88,0x01,0x00,0x00,# movl   $0x1,-0x78(%rsp,%rcx,4)
0x00,#
0x7e,0xea,# jle    400870 <psum+0x70>
0x48,0x63,0xd6,# movslq %esi,%rdx
0x8b,0x54,0x94,0x88,# mov    -0x78(%rsp,%rdx,4),%edx
0x85,0xd2,# test   %edx,%edx
0x74,0xbf,# je     400850 <psum+0x50>
0x0f,0x1f,0x80,0x00,0x00,0x00,0x00,# nopl   0x0(%rax)
0x83,0xc6,0x01,# add    $0x1,%esi
0x48,0x63,0xd6,# movslq %esi,%rdx
0x8b,0x54,0x94,0x88,# mov    -0x78(%rsp,%rdx,4),%edx
0xeb,0xe9,# jmp    40088d <psum+0x8d>
0x48,0x81,0xc4,0xa0,0x7c,0x03,0x00,# add    $0x37ca0,%rsp
0xc3,# retq
0x90,# nop
0x90,# nop
0x90,# nop
0x90,# nop
]

x86 = [
0x55,# push   %ebp
0x89,0xe5,# mov    %esp,%ebp
0x57,# push   %edi
0x56,# push   %esi
0x53,# push   %ebx
0x81,0xec,0x18,0x7d,0x03,0x00,# sub    $0x37d18,%esp
0x8d,0x85,0xf0,0x82,0xfc,0xff,# lea    -0x37d10(%ebp),%eax
0x8d,0xb6,0x00,0x00,0x00,0x00,# lea    0x0(%esi),%esi
0xc7,0x00,0x00,0x00,0x00,0x00,# movl   $0x0,(%eax)
0x8d,0x55,0xf4,# lea    -0xc(%ebp),%edx
0x83,0xc0,0x04,# add    $0x4,%eax
0x39,0xd0,# cmp    %edx,%eax
0x75,0xf0,# jne    8048578 <psum+0x18>
0x8b,0x85,0xf4,0x82,0xfc,0xff,# mov    -0x37d0c(%ebp),%eax
0xbf,0x01,0x00,0x00,0x00,# mov    $0x1,%edi
0xc7,0x85,0xdc,0x82,0xfc,0xff,0x02,# movl   $0x2,-0x37d24(%ebp)
0x00,0x00,0x00,#
0xc7,0x85,0xe0,0x82,0xfc,0xff,0x01,# movl   $0x1,-0x37d20(%ebp)
0x00,0x00,0x00,#
0x85,0xc0,# test   %eax,%eax
0x75,0x5d,# jne    8048608 <psum+0xa8>
0x90,# nop
0x8d,0x74,0x26,0x00,# lea    0x0(%esi),%esi
0x8d,0x04,0x3f,# lea    (%edi,%edi,1),%eax
0x8d,0x58,0x01,# lea    0x1(%eax),%ebx
0x83,0x85,0xe0,0x82,0xfc,0xff,0x01,# addl   $0x1,-0x37d20(%ebp)
0x8b,0x55,0x08,# mov    0x8(%ebp),%edx
0x01,0x9d,0xdc,0x82,0xfc,0xff,# add    %ebx,-0x37d24(%ebp)
0x39,0x95,0xe0,0x82,0xfc,0xff,# cmp    %edx,-0x37d20(%ebp)
0x7d,0x46,# jge    8048614 <psum+0xb4>
0x81,0xff,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%edi
0x7f,0xe0,# jg     80485b6 <psum+0x56>
0x8d,0x4c,0x07,0x01,# lea    0x1(%edi,%eax,1),%ecx
0x8d,0x34,0x9d,0x00,0x00,0x00,0x00,# lea    0x0(,%ebx,4),%esi
0x8d,0x94,0xbd,0xf0,0x82,0xfc,0xff,# lea    -0x37d10(%ebp,%edi,4),%edx
0x01,0xd9,# add    %ebx,%ecx
0x89,0xc8,# mov    %ecx,%eax
0x29,0xd8,# sub    %ebx,%eax
0xc7,0x02,0x01,0x00,0x00,0x00,# movl   $0x1,(%edx)
0x01,0xf2,# add    %esi,%edx
0x3d,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%eax
0x7e,0xeb,# jle    80485e8 <psum+0x88>
0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov    -0x37d10(%ebp,%edi,4),%eax
0x85,0xc0,# test   %eax,%eax
0x74,0xa8,# je     80485b0 <psum+0x50>
0x83,0xc7,0x01,# add    $0x1,%edi
0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov    -0x37d10(%ebp,%edi,4),%eax
0xeb,0xf0,# jmp    8048604 <psum+0xa4>
0x8b,0x85,0xdc,0x82,0xfc,0xff,# mov    -0x37d24(%ebp),%eax
0x81,0xc4,0x18,0x7d,0x03,0x00,# add    $0x37d18,%esp
0x5b,# pop    %ebx
0x5e,# pop    %esi
0x5f,# pop    %edi
0x5d,# pop    %ebp
0xc3,# ret
0x8d,0x74,0x26,0x00,# lea    0x0(%esi),%esi
0x8d,0xbc,0x27,0x00,0x00,0x00,0x00,# lea    0x0(%edi),%edi
]

if sizeof(c_long) == 8:
    code = create_string_buffer(''.join(map(chr, x86_64)))
else:
    code = create_string_buffer(''.join(map(chr, x86)))

ps=pythonapi.getpagesize()
pythonapi.mprotect.restype = c_int
pythonapi.mprotect.argtypes = (c_void_p, c_size_t, c_int)
if pythonapi.mprotect(~(ps-1)&addressof(code), ps, 7) < 0:
    print "mprotect error"
    exit()
print cast(code, CFUNCTYPE(c_int, c_int))(10000)
	#!/usr/bin/python
	from ctypes import *

	x86_64 = [
	0x48,0x81,0xec,0xa0,0x7c,0x03,0x00,# sub $0x37ca0,%rsp
	0x66,0x0f,0xef,0xc0,# pxor %xmm0,%xmm0
	0x48,0x8d,0x44,0x24,0x88,# lea -0x78(%rsp),%rax
	0x48,0x8d,0x94,0x24,0x88,0x7c,0x03,# lea 0x37c88(%rsp),%rdx
	0x00,#
	0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,# nopl 0x0(%rax,%rax,1)
	0x00,#
	0x66,0x0f,0x7f,0x00,# movdqa %xmm0,(%rax)
	0x48,0x83,0xc0,0x10,# add $0x10,%rax
	0x48,0x39,0xd0,# cmp %rdx,%rax
	0x75,0xf3,# jne 400820 <psum+0x20>
	0x8b,0x54,0x24,0x8c,# mov -0x74(%rsp),%edx
	0xc7,0x84,0x24,0x88,0x7c,0x03,0x00,# movl $0x0,0x37c88(%rsp)
	0x00,0x00,0x00,0x00,#
	0x41,0xb8,0x01,0x00,0x00,0x00,# mov $0x1,%r8d
	0xbe,0x01,0x00,0x00,0x00,# mov $0x1,%esi
	0xb8,0x02,0x00,0x00,0x00,# mov $0x2,%eax
	0x85,0xd2,# test %edx,%edx
	0x75,0x48,# jne 400898 <psum+0x98>
	0x44,0x8d,0x4c,0x36,0x01,# lea 0x1(%rsi,%rsi,1),%r9d
	0x41,0x83,0xc0,0x01,# add $0x1,%r8d
	0x44,0x01,0xc8,# add %r9d,%eax
	0x41,0x39,0xf8,# cmp %edi,%r8d
	0x7d,0x43,# jge 4008a4 <psum+0xa4>
	0x81,0xfe,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%esi
	0x7f,0xec,# jg 400855 <psum+0x55>
	0x89,0xf2,# mov %esi,%edx
	0x0f,0x1f,0x44,0x00,0x00,# nopl 0x0(%rax,%rax,1)
	0x48,0x63,0xca,# movslq %edx,%rcx
	0x44,0x01,0xca,# add %r9d,%edx
	0x81,0xfa,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%edx
	0xc7,0x44,0x8c,0x88,0x01,0x00,0x00,# movl $0x1,-0x78(%rsp,%rcx,4)
	0x00,#
	0x7e,0xea,# jle 400870 <psum+0x70>
	0x48,0x63,0xd6,# movslq %esi,%rdx
	0x8b,0x54,0x94,0x88,# mov -0x78(%rsp,%rdx,4),%edx
	0x85,0xd2,# test %edx,%edx
	0x74,0xbf,# je 400850 <psum+0x50>
	0x0f,0x1f,0x80,0x00,0x00,0x00,0x00,# nopl 0x0(%rax)
	0x83,0xc6,0x01,# add $0x1,%esi
	0x48,0x63,0xd6,# movslq %esi,%rdx
	0x8b,0x54,0x94,0x88,# mov -0x78(%rsp,%rdx,4),%edx
	0xeb,0xe9,# jmp 40088d <psum+0x8d>
	0x48,0x81,0xc4,0xa0,0x7c,0x03,0x00,# add $0x37ca0,%rsp
	0xc3,# retq
	0x90,# nop
	0x90,# nop
	0x90,# nop
	0x90,# nop
	]

	x86 = [
	0x55,# push %ebp
	0x89,0xe5,# mov %esp,%ebp
	0x57,# push %edi
	0x56,# push %esi
	0x53,# push %ebx
	0x81,0xec,0x18,0x7d,0x03,0x00,# sub $0x37d18,%esp
	0x8d,0x85,0xf0,0x82,0xfc,0xff,# lea -0x37d10(%ebp),%eax
	0x8d,0xb6,0x00,0x00,0x00,0x00,# lea 0x0(%esi),%esi
	0xc7,0x00,0x00,0x00,0x00,0x00,# movl $0x0,(%eax)
	0x8d,0x55,0xf4,# lea -0xc(%ebp),%edx
	0x83,0xc0,0x04,# add $0x4,%eax
	0x39,0xd0,# cmp %edx,%eax
	0x75,0xf0,# jne 8048578 <psum+0x18>
	0x8b,0x85,0xf4,0x82,0xfc,0xff,# mov -0x37d0c(%ebp),%eax
	0xbf,0x01,0x00,0x00,0x00,# mov $0x1,%edi
	0xc7,0x85,0xdc,0x82,0xfc,0xff,0x02,# movl $0x2,-0x37d24(%ebp)
	0x00,0x00,0x00,#
	0xc7,0x85,0xe0,0x82,0xfc,0xff,0x01,# movl $0x1,-0x37d20(%ebp)
	0x00,0x00,0x00,#
	0x85,0xc0,# test %eax,%eax
	0x75,0x5d,# jne 8048608 <psum+0xa8>
	0x90,# nop
	0x8d,0x74,0x26,0x00,# lea 0x0(%esi),%esi
	0x8d,0x04,0x3f,# lea (%edi,%edi,1),%eax
	0x8d,0x58,0x01,# lea 0x1(%eax),%ebx
	0x83,0x85,0xe0,0x82,0xfc,0xff,0x01,# addl $0x1,-0x37d20(%ebp)
	0x8b,0x55,0x08,# mov 0x8(%ebp),%edx
	0x01,0x9d,0xdc,0x82,0xfc,0xff,# add %ebx,-0x37d24(%ebp)
	0x39,0x95,0xe0,0x82,0xfc,0xff,# cmp %edx,-0x37d20(%ebp)
	0x7d,0x46,# jge 8048614 <psum+0xb4>
	0x81,0xff,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%edi
	0x7f,0xe0,# jg 80485b6 <psum+0x56>
	0x8d,0x4c,0x07,0x01,# lea 0x1(%edi,%eax,1),%ecx
	0x8d,0x34,0x9d,0x00,0x00,0x00,0x00,# lea 0x0(,%ebx,4),%esi
	0x8d,0x94,0xbd,0xf0,0x82,0xfc,0xff,# lea -0x37d10(%ebp,%edi,4),%edx
	0x01,0xd9,# add %ebx,%ecx
	0x89,0xc8,# mov %ecx,%eax
	0x29,0xd8,# sub %ebx,%eax
	0xc7,0x02,0x01,0x00,0x00,0x00,# movl $0x1,(%edx)
	0x01,0xf2,# add %esi,%edx
	0x3d,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%eax
	0x7e,0xeb,# jle 80485e8 <psum+0x88>
	0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov -0x37d10(%ebp,%edi,4),%eax
	0x85,0xc0,# test %eax,%eax
	0x74,0xa8,# je 80485b0 <psum+0x50>
	0x83,0xc7,0x01,# add $0x1,%edi
	0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov -0x37d10(%ebp,%edi,4),%eax
	0xeb,0xf0,# jmp 8048604 <psum+0xa4>
	0x8b,0x85,0xdc,0x82,0xfc,0xff,# mov -0x37d24(%ebp),%eax
	0x81,0xc4,0x18,0x7d,0x03,0x00,# add $0x37d18,%esp
	0x5b,# pop %ebx
	0x5e,# pop %esi
	0x5f,# pop %edi
	0x5d,# pop %ebp
	0xc3,# ret
	0x8d,0x74,0x26,0x00,# lea 0x0(%esi),%esi
	0x8d,0xbc,0x27,0x00,0x00,0x00,0x00,# lea 0x0(%edi),%edi
	]

	if sizeof(c_long) == 8:
	code = create_string_buffer(''.join(map(chr, x86_64)))
	else:
	code = create_string_buffer(''.join(map(chr, x86)))

	ps=pythonapi.getpagesize()
	pythonapi.mprotect.restype = c_int
	pythonapi.mprotect.argtypes = (c_void_p, c_size_t, c_int)
	if pythonapi.mprotect(~(ps-1)&addressof(code), ps, 7) < 0:
	print "mprotect error"
	exit()
	print cast(code, CFUNCTYPE(c_int, c_int))(10000)