From 4cb44525dc7b4acdda3574f70280d8dae2456ce0 Mon Sep 17 00:00:00 2001 From: JoYo <> Date: Tue, 19 Feb 2019 03:33:56 +0000 Subject: [PATCH] reorganizing functions --- sins/mutation.py | 49 +++++++++++++++++++++++++++++++++++++++++++++ sins/run.py | 52 +++--------------------------------------------- 2 files changed, 52 insertions(+), 49 deletions(-) create mode 100644 sins/mutation.py diff --git a/sins/mutation.py b/sins/mutation.py new file mode 100644 index 0000000..7c3d290 --- /dev/null +++ b/sins/mutation.py @@ -0,0 +1,49 @@ +#! /usr/bin/env python3 +from multiprocessing import Queue +from random import randint +import ctypes +import mmap + +template_shell = b''.join([ + b'\x55', # push rbp + b'\x48\x89\xe5', # mov rbp,rsp + b'\x48\x89\x7d\xf8', # mov QWORD [rbp-0x8],rdi + b'\x48\x8b\x45\xf8', # mov rax,QWORD [rbp-0x8] + b'\x5d', # pop rbp + b'\xc3']) # ret + +seed_shell = b''.join([ + b'\x55', + b'\x48\x89\xe5', + b'\x90' * randint(8, 64), + b'\x48\x89\x7d\xf8', + b'\x90' * randint(8, 64), + b'\x48\x8b\x45\xf8', + b'\x5d', + b'\xc3']) + + +def flip(shellcode: bytes): + shellcode = bytearray(shellcode) + offset = randint(0, len(shellcode) - 1) + flip = randint(0, 255) + shellcode[offset] ^= flip + return bytes(shellcode) + + +def generation(queue: Queue, shellcode: bytes): + prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC + flags = mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE + exec_mem = mmap.mmap(-1, len(shellcode), prot=prot, flags=flags) + + exec_mem.write(shellcode) + ctypes_buffer = ctypes.c_int.from_buffer(exec_mem) + addr = ctypes.addressof(ctypes_buffer) + + function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(addr) + function._avoid_gc_for_mmap = exec_mem + + shellcode_len = ctypes.c_uint(len(shellcode)) + result = function(shellcode_len) + + queue.put(result) diff --git a/sins/run.py b/sins/run.py index 836d654..3f7fdc7 100755 --- a/sins/run.py +++ b/sins/run.py @@ -1,58 +1,12 @@ #! /usr/bin/env python3 from argparse import ArgumentParser from datetime import datetime -from pathlib import Path -from random import randint from multiprocessing import Process, Queue +from pathlib import Path from queue import Empty -import binascii -import ctypes import logging -import mmap -template_shell = b''.join([ - b'\x55', # push rbp - b'\x48\x89\xe5', # mov rbp,rsp - b'\x48\x89\x7d\xf8', # mov QWORD [rbp-0x8],rdi - b'\x48\x8b\x45\xf8', # mov rax,QWORD [rbp-0x8] - b'\x5d', # pop rbp - b'\xc3']) # ret - -seed_shell = b''.join([ - b'\x55', - b'\x48\x89\xe5', - b'\x90' * randint(8, 64), - b'\x48\x89\x7d\xf8', - b'\x90' * randint(8, 64), - b'\x48\x8b\x45\xf8', - b'\x5d', - b'\xc3']) - - -def flip(shellcode: bytes): - shellcode = bytearray(shellcode) - offset = randint(0, len(shellcode) -1) - flip = randint(0, 255) - shellcode[offset] ^= flip - return bytes(shellcode) - - -def generation(queue: Queue, shellcode: bytes): - prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC - flags = mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE - exec_mem = mmap.mmap(-1, len(shellcode), prot=prot, flags=flags) - - exec_mem.write(shellcode) - ctypes_buffer = ctypes.c_int.from_buffer(exec_mem) - addr = ctypes.addressof(ctypes_buffer) - - function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(addr) - function._avoid_gc_for_mmap = exec_mem - - shellcode_len = ctypes.c_uint(len(shellcode)) - result = function(shellcode_len) - - queue.put(result) +from .mutation import generation, flip, seed_shell def sins(): @@ -63,7 +17,7 @@ def sins(): parser.add_argument('-s', '--seed', help='path to PIC image.') parser.add_argument('-o', '--output', help='path to results directory.') parser.add_argument('-l', '--lineage', default=10, - help='max count of unsuccessful generation.') + help='max count of unsuccessful generation.') args = parser.parse_args() log_level = logging.INFO