Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opcode extraction fails #12

Closed
jemik opened this issue Nov 15, 2016 · 1 comment
Closed

opcode extraction fails #12

jemik opened this issue Nov 15, 2016 · 1 comment

Comments

@jemik
Copy link

jemik commented Nov 15, 2016

when .text section is not named .text (in case its randomize) function extract_opcodes fails.
Please add the following to the function.

`def extract_opcodes(filePath):
# String list
opcodes = []

# Read file data
try:
    print "[-] Extracting OpCodes: %s" % filePath

    pe = pefile.PE(filePath)
    name = ""
    ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint
    pos = 0
    for sec in pe.sections:
        if (ep >= sec.VirtualAddress) and \
           (ep < (sec.VirtualAddress + sec.Misc_VirtualSize)):
            name = sec.Name.replace('\x00', '')
            break
        else:
            pos += 1

    for section in pe.sections:
        if section.Name.rstrip("\x00") == name:
            text = section.get_data()
            # Split text into subs
            text_parts = re.split("[\x00]{3,}", text)
            # Now truncate and encode opcodes
            for text_part in text_parts:
                if text_part == '' or len(text_part) < 8:
                    continue
                opcodes.append(text_part[:16].encode('hex'))

except Exception,e:
    if args.debug:
        traceback.print_exc()
    pass

return opcodes

`
Neo23x0 pushed a commit that referenced this issue Nov 15, 2016
Opcode extraction improvement by @jemik
7df70c3 
#12
@Neo23x0
Copy link
Owner

Neo23x0 commented Nov 15, 2016

Tested and merged, thank you

@Neo23x0 Neo23x0 closed this as completed Nov 15, 2016
Neo23x0 pushed a commit that referenced this issue Jul 15, 2020
Opcode extraction improvement by @jemik
c214281 
#12

Former-commit-id: 7df70c3
Neo23x0 pushed a commit that referenced this issue Jul 15, 2020
Opcode extraction improvement by @jemik
f3f2c14 
#12

Former-commit-id: e0dff63 [formerly 7df70c3]
Former-commit-id: c214281
@bhijay bhijay mentioned this issue Mar 25, 2023
Open
williamaiworld added a commit to williamaiworld/yar-gen that referenced this issue Mar 14, 2024
@williamaiworld
Opcode extraction improvement by @jemik
0cd82c3 
Neo23x0/yarGen#12

Former-commit-id: e0dff63ef5b61b13e1f2373d96e816aeea3ad99d [formerly 7df70c3f701defaed3d66754f8ff14b91445c1db]
Former-commit-id: c21428198b2a2eb721075adb156bbd856e82ef64
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Neo23x0 @jemik