本案例將學習運用LyScript計算特定程序中特定某些片段的Hash特徵值,並通過xlsxwriter這個第三方模塊將計算到的hash值存儲成一個excel表格,本例中的知識點可以說已經具備了簡單的表格輸出能力,如果時間充裕完全可以實現自動化報告生成。
第一步實現計算特定片段的特徵值,此類代碼實現原理用戶傳入一個rva相對地址以及讀入指令長度,並通過內置的hashlib庫實現計算內存段內指令的特徵,如下代碼先來實現計算兩段指令特徵。
import hashlib
import zlib,binascii
from LyScript32 import MyDebug
# 計算哈希
def calc_hash(dbg, rva,size):
read_list = bytearray()
ref_hash = { "va": None, "size": None, "md5":None, "sha256":None, "sha512":None, "crc32":None }
# 得到基地址
base = dbg.get_local_module_base()
# 讀入數據
for index in range(0,size):
readbyte = dbg.read_memory_byte(base + rva + index)
read_list.append(readbyte)
# 計算特徵
md5hash = hashlib.md5(read_list)
sha512hash = hashlib.sha512(read_list)
sha256hash = hashlib.sha256(read_list)
# crc32hash = binascii.crc32(read_list) & 0xffffffff
ref_hash["va"] = hex(base+rva)
ref_hash["size"] = size
ref_hash["md5"] = md5hash.hexdigest()
ref_hash["sha256"] = sha256hash.hexdigest()
ref_hash["sha512"] = sha512hash.hexdigest()
ref_hash["crc32"] = hex(zlib.crc32(read_list))
return ref_hash
if __name__ == "__main__":
dbg = MyDebug()
connect = dbg.connect()
# 傳入相對地址,計算計算字節
ref = calc_hash(dbg,0x19fd,10)
print(ref)
# 計算第二段
ref = calc_hash(dbg,0x1030,26)
print(ref)
dbg.close()
計算後輸出字典格式:
第二部使用第三方庫,將讀入的hash參數寫出到表格內,並在下方生成hash圖例,方便觀察。
import hashlib
import time
import zlib,binascii
from LyScript32 import MyDebug
import xlsxwriter
# 計算哈希
def calc_hash(dbg, rva,size):
read_list = bytearray()
ref_hash = { "va": None, "size": None, "md5":None, "sha256":None, "sha512":None, "crc32":None }
# 得到基地址
base = dbg.get_local_module_base()
# 讀入數據
for index in range(0,size):
readbyte = dbg.read_memory_byte(base + rva + index)
read_list.append(readbyte)
# 計算特徵
md5hash = hashlib.md5(read_list)
sha512hash = hashlib.sha512(read_list)
sha256hash = hashlib.sha256(read_list)
# crc32hash = binascii.crc32(read_list) & 0xffffffff
ref_hash["va"] = hex(base+rva)
ref_hash["size"] = size
ref_hash["md5"] = md5hash.hexdigest()
ref_hash["sha256"] = sha256hash.hexdigest()
ref_hash["sha512"] = sha512hash.hexdigest()
ref_hash["crc32"] = hex(zlib.crc32(read_list))
return ref_hash
if __name__ == "__main__":
dbg = MyDebug()
connect = dbg.connect()
# 打開一個被調試進程
dbg.open_debug("D:\\Win32Project.exe")
# 傳入相對地址,計算計算字節
ref = calc_hash(dbg,0x19fd,10)
print(ref)
ref2 = calc_hash(dbg,0x1030,26)
print(ref2)
ref3 = calc_hash(dbg,0x15EB,46)
print(ref3)
ref4 = calc_hash(dbg,0x172B,8)
print(ref4)
# 寫出表格
workbook = xlsxwriter.Workbook("pe_hash.xlsx")
worksheet = workbook.add_worksheet()
headings = ["VA地址", "計算長度", "MD5", "SHA256", "SHA512","CRC32"]
data = [
[ref.get("va"),ref.get("size"),ref.get("md5"),ref.get("sha256"),ref.get("sha512"),ref.get("crc32")],
[ref2.get("va"), ref2.get("size"), ref2.get("md5"), ref2.get("sha256"), ref2.get("sha512"), ref2.get("crc32")],
[ref3.get("va"), ref3.get("size"), ref3.get("md5"), ref3.get("sha256"), ref3.get("sha512"), ref3.get("crc32")],
[ref4.get("va"), ref4.get("size"), ref4.get("md5"), ref4.get("sha256"), ref4.get("sha512"), ref4.get("crc32")]
]
# 定義表格樣式
head_style = workbook.add_format({"bold": True, "align": "center", "fg_color": "#D7E4BC"})
worksheet.set_column("A1:F1", 15)
# 逐條寫入數據
worksheet.write_row("A1", headings, head_style)
for i in range(0, len(data)):
worksheet.write_row("A{}".format(i + 2), data[i])
# 添加條形圖,顯示前十個元素
chart = workbook.add_chart({"type": "line"})
chart.add_series({
"name": "=Sheet1!$B$1", # 圖例項
"categories": "=Sheet1!$A$2:$A$10", # X軸 Item名稱
"values": "=Sheet1!$B$2:$B$10" # X軸Item值
})
chart.add_series({
"name": "=Sheet1!$C$1",
"categories": "=Sheet1!$A$2:$A$10",
"values": "=Sheet1!$C$2:$C$10"
})
chart.add_series({
"name": "=Sheet1!$D$1",
"categories": "=Sheet1!$A$2:$A$10",
"values": "=Sheet1!$D$2:$D$10"
})
# 添加柱狀圖標題
chart.set_title({"name": "計算HASH統計圖"})
# chart.set_style(8)
chart.set_size({'width': 500, 'height': 250})
chart.set_legend({'position': 'top'})
# 在F2處繪製
worksheet.insert_chart("H2", chart)
workbook.close()
# 關閉被調試進程
time.sleep(1)
dbg.close_debug()
dbg.close()
生成後的圖例效果如下:
