from LyScript32 import MyDebug

# 將shellcode讀入內(nèi)存
def read_shellcode(path):
    shellcode_list = []
    with open(path,"r",encoding="utf-8") as fp:
        for index in fp.readlines():
            shellcode_line = index.replace('"',"").replace(" ","").replace("\n","").replace(";","")
            for code in shellcode_line.split("\\x"):
                if code != "" and code != "\\n":
                    shellcode_list.append("0x" + code)
    return shellcode_list

if __name__ == "__main__":
    dbg = MyDebug()
    dbg.connect()

    # 開辟堆空間
    address = dbg.create_alloc(1024)
    print("開辟堆空間: {}".format(hex(address)))
    if address == False:
        exit()

    # 設(shè)置內(nèi)存可執(zhí)行屬性
    dbg.set_local_protect(address,32,1024)

    # 從文本中讀取shellcode
    shellcode = read_shellcode("d://shellcode.txt")

    # 循環(huán)寫入到內(nèi)存
    for code_byte in range(0,len(shellcode)):
        bytef = int(shellcode[code_byte],16)
        dbg.write_memory_byte(code_byte + address, bytef)

    # 設(shè)置EIP位置
    dbg.set_register("eip",address)
    
    input()
    dbg.delete_alloc(address)

    dbg.close()

from LyScript32 import MyDebug

# 將特定內(nèi)存保存到文本中
def write_shellcode(dbg,address,size,path):
    with open(path,"a+",encoding="utf-8") as fp:
        for index in range(0, size - 1):
            # 讀取機(jī)器碼
            read_code = dbg.read_memory_byte(address + index)

            if (index+1) % 16 == 0:
                print("\\x" + str(read_code))
                fp.write("\\x" + str(read_code) + "\n")
            else:
                print("\\x" + str(read_code),end="")
                fp.write("\\x" + str(read_code))

if __name__ == "__main__":
    dbg = MyDebug()
    dbg.connect()

    eip = dbg.get_register("eip")
    write_shellcode(dbg,eip,128,"d://lyshark.txt")
    dbg.close()