Skip to content

Instantly share code, notes, and snippets.

@ksose

ksose/emeaiutati

Created January 16, 2012 22:19
Show Gist options
  • Save ksose/1623349 to your computer and use it in GitHub Desktop.
Save ksose/1623349 to your computer and use it in GitHub Desktop.
Download ZIP
memaiutati
Raw
emeaiutati
#!/usr/bin/python
import sys
import subprocess
import winappdbg
from winappdbg import win32
winappdbg.System.request_debug_privileges()
system = winappdbg.System()
system.request_debug_privileges()
system.scan_processes()
if len(sys.argv) < 3:
print "Usage: ./ pid start end"
sys.exit(1)
pid = int(sys.argv[1])
start = int(sys.argv[2], 16)
end = int(sys.argv[3], 16)
print "start: 0x%08x, end: 0x%08x" %(start, end)
process = system.get_process(pid);
while end > start:
address = process.read_uint(start)
for m in process.iter_modules():
if address > m.get_base() and address < m.get_base() + m.get_size():
address -= m.get_base()
func = None
for line in subprocess.check_output(["dumpbin", "/exports", m.get_filename()]).split("\r\n"):
if line.find(("%08x"%address).upper()) != -1:
func = line.split()[-1]
break
if func:
#print "%s %08x => %s" %(m.get_name(), address+m.get_base(), func)
print "MakeName(0x%08x, \"%s_%s\");" %(start, m.get_name(), func)
else:
print "%s %08x not found" %(m.get_name(), address+m.get_base())
start += 4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment