The LyScript plug-in can be used to export ShellCode code to a specific location or insert a piece of ShellCode code stored in text into the program heap by using memory read/write. This feature can be used to quickly inject your own ShellCode into the target process for subsequent testing.
LyScript project address:/lyshark/LyScript
Injects local ShellCode into the heap:. The first use is to import ShellCode code from a local text into the heap.
First prepare a text file and put the generated shellcode inside the file.
Then you can loop through the text and inject the shellcode into the target heap space one by one.
from LyScript32 import MyDebug
# Read shellcode into memory
def read_shellcode(path):
shellcode_list = []
with open(path,"r",encoding="utf-8") as fp:
for index in ():
shellcode_line = ('"',"").replace(" ","").replace("\n","").replace(";","")
for code in shellcode_line.split("\\x"):
if code != "" and code != "\\n":
shellcode_list.append("0x" + code)
return shellcode_list
if __name__ == "__main__":
dbg = MyDebug()
()
# Open up the heap space
address = dbg.create_alloc(1024)
print("Open up heap space: {}".format(hex(address)))
if address == False:
exit()
# Setting memory executable attributes
dbg.set_local_protect(address,32,1024)
# Read shellcode from text
shellcode = read_shellcode("d://")
# Cyclic writes to memory
for code_byte in range(0,len(shellcode)):
bytef = int(shellcode[code_byte],16)
dbg.write_memory_byte(code_byte + address, bytef)
# Setting the EIP location
dbg.set_register("eip",address)
input()
dbg.delete_alloc(address)
()
After execution, the heap space is automatically filled.
If you reverse the process, you are saving the assembly code in a specific location locally.
from LyScript32 import MyDebug
# Save specific memory to text
def write_shellcode(dbg,address,size,path):
with open(path,"a+",encoding="utf-8") as fp:
for index in range(0, size - 1):
# Read the machine code
read_code = dbg.read_memory_byte(address + index)
if (index+1) % 16 == 0:
print("\\x" + str(read_code))
("\\x" + str(read_code) + "\n")
else:
print("\\x" + str(read_code),end="")
("\\x" + str(read_code))
if __name__ == "__main__":
dbg = MyDebug()
()
eip = dbg.get_register("eip")
write_shellcode(dbg,eip,128,"d://")
()
The file after writing out is as follows:
to this article on the realization of this article through LyScript read and write ShellCode from text is introduced to this, more related to LyScript text read and write ShellCode content, please search for my previous articles or continue to browse the following articles hope that you will support me in the future!