This commit is contained in:
恍兮惚兮 2024-06-25 20:16:57 +08:00
parent d3383afb28
commit c5d195a2f7
2 changed files with 17 additions and 13 deletions

View File

@ -155,6 +155,7 @@ MEM_COMMIT = 0x00001000
MEM_DECOMMIT = 0x00004000 MEM_DECOMMIT = 0x00004000
PAGE_READWRITE = 0x04 PAGE_READWRITE = 0x04
IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10B IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10B
IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B
IMAGE_DIRECTORY_ENTRY_IMPORT = 1 IMAGE_DIRECTORY_ENTRY_IMPORT = 1
@ -181,6 +182,8 @@ def Rva2Offset(rva, psh, pnt, IMAGE_NT_HEADERS):
break break
pSeh += sizeof(IMAGE_SECTION_HEADER) pSeh += sizeof(IMAGE_SECTION_HEADER)
pSeh = cast(pSeh, POINTER(IMAGE_SECTION_HEADER)).contents pSeh = cast(pSeh, POINTER(IMAGE_SECTION_HEADER)).contents
if pSeh.VirtualAddress == 0 or pSeh.PointerToRawData == 0:
return -1
return rva - pSeh.VirtualAddress + pSeh.PointerToRawData return rva - pSeh.VirtualAddress + pSeh.PointerToRawData
@ -200,6 +203,10 @@ def importanalysis(fname):
if magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC: if magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC:
ntheaders = cast(ntheaders_addr, POINTER(IMAGE_NT_HEADERS64)).contents ntheaders = cast(ntheaders_addr, POINTER(IMAGE_NT_HEADERS64)).contents
IMAGE_NT_HEADERS = IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS = IMAGE_NT_HEADERS64
magic = ntheaders.OptionalHeader.Magic
if magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC:
# 无效的文件
return []
pSech = ( pSech = (
ntheaders_addr ntheaders_addr
+ sizeof(DWORD) + sizeof(DWORD)
@ -223,6 +230,9 @@ def importanalysis(fname):
offset = Rva2Offset( offset = Rva2Offset(
pImportDescriptor_data.Name, pSech, ntheaders_addr, IMAGE_NT_HEADERS pImportDescriptor_data.Name, pSech, ntheaders_addr, IMAGE_NT_HEADERS
) )
if offset == -1:
# python3.dll无导入
return []
name = virtualpointer + offset name = virtualpointer + offset
collect.append((cast(name, c_char_p).value.decode(), offset)) collect.append((cast(name, c_char_p).value.decode(), offset))
pImportDescriptor += sizeof(IMAGE_IMPORT_DESCRIPTOR) pImportDescriptor += sizeof(IMAGE_IMPORT_DESCRIPTOR)

View File

@ -2,6 +2,7 @@ import modulefinder, shutil, os, sys
import builtins, platform import builtins, platform
import sys import sys
from importanalysis import importanalysis from importanalysis import importanalysis
pyversion = platform.python_version() pyversion = platform.python_version()
pyversion2 = "".join(pyversion.split(".")[:2]) pyversion2 = "".join(pyversion.split(".")[:2])
x86 = platform.architecture()[0] == "32bit" x86 = platform.architecture()[0] == "32bit"
@ -30,16 +31,6 @@ print(py37Path)
py37Pathwebview = os.path.join(py37Path, webviewappendix) py37Pathwebview = os.path.join(py37Path, webviewappendix)
def get_import_table(file_path):
pe = pefile.PE(file_path)
import_dlls = []
if hasattr(pe, "DIRECTORY_ENTRY_IMPORT"):
for entry in pe.DIRECTORY_ENTRY_IMPORT:
dll_name = entry.dll.decode("utf-8")
import_dlls.append(dll_name)
return import_dlls
def get_dependencies(filename): def get_dependencies(filename):
saveopen = builtins.open saveopen = builtins.open
@ -224,6 +215,7 @@ for f in collect:
elif f.endswith(".exe") or f.endswith(".pyd") or f.endswith(".dll"): elif f.endswith(".exe") or f.endswith(".pyd") or f.endswith(".dll"):
if f.endswith("Magpie.Core.exe"): if f.endswith("Magpie.Core.exe"):
continue continue
print(f)
imports = importanalysis(f) imports = importanalysis(f)
print(f, imports) print(f, imports)
if len(imports) == 0: if len(imports) == 0:
@ -241,7 +233,9 @@ for f in collect:
_dll = _dll.encode() _dll = _dll.encode()
_target = _target.encode() _target = _target.encode()
# print(len(bs)) # print(len(bs))
bs[offset : offset + len(_dll)] = _target + b"\0" * (len(_dll) - len(_target)) bs[offset : offset + len(_dll)] = _target + b"\0" * (
len(_dll) - len(_target)
)
# print(len(bs)) # print(len(bs))
with open(f, "wb") as ff: with open(f, "wb") as ff:
ff.write(bs) ff.write(bs)