-
Notifications
You must be signed in to change notification settings - Fork 1
/
extract_bytecode.py
56 lines (47 loc) · 1.5 KB
/
extract_bytecode.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#extract_bytecode.py
#Author : tUn4
#email : [email protected]
#Extract bytecode from text file that output of objdump -d
import sys
FIX_LEN = 60
count = 0
chk = 0
def extract(name_file):
global count
global chk
f = open(name_file, "r")
f1 = f.read()
if(f1.find("Disassembly of section .text:") != -1):
chk = 1
print f1[75:]
f.close()
f2 = f1.replace(" ", "")
f2 = f2.split("\t")
l = len(f2)
if(l&1):
l -= 1
shell = ""
for i in xrange(1, l, 2):
f3 = f2[i].rstrip().split(" ")
for j in xrange(len(f3)):
if(f3[j] == "00" or f3[j] == "0A" or f3[j] == "0D"):
count += 1
shell += "\\x" + f3[j]
return shell
def format(sh):
last_sh = ""
if(not chk):
print "\n[-]Waring: Invalid text file. Check your text file again."
return ""
print "\n[+]Your shellcode after format is:\n"
if(len(sh) > FIX_LEN):
for i in xrange(0, len(sh), FIX_LEN):
last_sh += "\"" + sh[i: i+FIX_LEN] + "\"\n"
return last_sh
if __name__ == "__main__":
if(len(sys.argv) < 2):
print "Input agrv[1] is file name, please.\nUsage: \n\tpython extract_bytecode.py <ten_file>.txt\n\nex: \tpython extract_bytecode.py shellcode.txt"
sys.exit(-1)
print format(extract(sys.argv[1]))
if(count > 0):
print "[-]Warning: Dectect {0} common bad char\nShellcode has contain common bad char \\x0A, \\x0D, \\x00. Check shellcode again.!".format(count)