逆向工程 - 在 immlib 中使用 FastLogHook 函数？ - 吾爱随笔录

我是 Python 调试的新手。我写了一个代码，用于在 immlib 中使用函数 FastLogHook() 但我无法找出我的代码的确切问题，因为它不起作用:(

这是我的代码

#!/usr/bin/env python

import immlib
from immlib import FastLogHook

DESC = "FastLogHook Basic Demo"

def showresult(imm, a,addr):
if a[0]==addr:
    imm.Log("(0x%08x >> 0x%08x , 0x%08x)%(a[1][0], a[1][1], a[1][2]) ")
    return "done"

def main(args):
imm = immlib.Debugger()
Name = 'fasty'
fast = imm.getKnowledge( Name )

functionToHook = "msvcrt.strcpy"
functionAddress = imm.getAddress(functionToHook)
imm.log(str(functionAddress) + 'pf')
if fast:
    hook_list = fast.getAllLog()
    imm.log(str(hook_list))
    for a in hook_list:
        ret = showresult( imm, a, functionAddress )
    return"Logged: %d hook hits." % len(hook_list)
imm.pause()
fast = FastLogHook(imm)
fast.logFunction(functionAddress)
fast.logBaseDisplacement('ESP', 0x4)
fast.logBaseDisplacement('ESP', 0x8)
fast.logRegister("ESP")
fast.Hook()
imm.addKnowledge(Name, fast, force_add = 1)

return "Success!!"

我在 Immunity Debugger 中运行此代码但不断收到错误。我搜索过，用谷歌搜索过，但由于相关文档的限制，我无法更正它。

' #!/usr/bin/env python import immlib import struct from immlib import STDCALLFastLogHook DESC="FastLoogHook" def main(args): """ Will hook and run its own assembly code then return to the process Usage: First run the script to install hook, then run it again to get results ^^ """ imm = immlib.Debugger() Name = "hippie" # Get stored data on second script run fast = imm.getKnowledge(Name) if fast: # Get a list of all the things we saved hook_list = fast.getAllLog() # Log result imm.log(str(hook_list)) # unpack list (func_addr, (esp1, esp2)) = hook_list[0] # Log argument imm.log(imm.readString(esp2)) return "Parsing results done" # Find strcpy address strcpy = imm.getAddress("msvcrt.strcpy") # Building the hook fast = immlib.FastLogHook(imm) # This function is required and returns # the address of the original instruction fast.logFunction(strcpy) # Offset fast.logBaseDisplacement("ESP", 4) fast.logBaseDisplacement("ESP", 8) # Set hook fast.Hook() # Save data for later use imm.addKnowledge(Name, fast, force_add = 1) return "FastLogHook installed for strcpy"'