资源简介
恶意代码分析实战 课后练习配套完整文件。
代码片段和文件信息
from idautils import *
from idc import *
heads = Heads(SegStart(ScreenEA()) SegEnd(ScreenEA()))
antiVM = []
for i in heads:
if (GetMnem(i) == “sidt“ or GetMnem(i) == “sgdt“ or GetMnem(i) == “sldt“ or GetMnem(i) == “smsw“ or GetMnem(i) == “str“ or GetMnem(i) == “in“ or GetMnem(i) == “cpuid“):
antiVM.append(i)
print “Number of potential Anti-VM instructions: %d“ % (len(antiVM))
for i in antiVM:
SetColor(i CIC_ITEM 0x0000ff)
Message(“Anti-VM: %08x\n“ % i)属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
目录 0 2012-02-06 23:03 Practical Malware Analysis Labs\
目录 0 2012-02-06 23:00 Practical Malware Analysis Labs\BinaryCollection\
目录 0 2012-02-06 22:56 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\
文件 28672 2011-03-11 05:55 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\Lab10-01.exe
文件 3712 2012-01-14 04:13 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\Lab10-01.sys
文件 32768 2010-12-31 10:33 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\Lab10-02.exe
文件 24576 2011-11-22 05:38 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\Lab10-03.exe
文件 3584 2012-01-14 06:30 Practical Malware Analysis Labs\BinaryCollection\Chapter_10L\Lab10-03.sys
目录 0 2012-02-06 22:56 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\
文件 53248 2011-11-20 18:00 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\Lab11-01.exe
文件 20480 2011-11-06 19:48 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\Lab11-02.dll
文件 29 2011-11-06 11:03 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\Lab11-02.ini
文件 49152 2011-11-08 17:33 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\Lab11-03.dll
文件 49152 2011-11-19 11:34 Practical Malware Analysis Labs\BinaryCollection\Chapter_11L\Lab11-03.exe
目录 0 2012-02-06 22:56 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\
文件 49152 2011-03-26 17:16 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\Lab12-01.dll
文件 36864 2011-11-05 17:28 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\Lab12-01.exe
文件 53248 2011-04-08 12:54 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\Lab12-02.exe
文件 24576 2011-03-16 01:00 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\Lab12-03.exe
文件 36864 2011-03-12 16:35 Practical Malware Analysis Labs\BinaryCollection\Chapter_12L\Lab12-04.exe
目录 0 2012-02-06 22:57 Practical Malware Analysis Labs\BinaryCollection\Chapter_13L\
文件 32768 2011-11-08 18:03 Practical Malware Analysis Labs\BinaryCollection\Chapter_13L\Lab13-01.exe
文件 32768 2011-11-14 15:47 Practical Malware Analysis Labs\BinaryCollection\Chapter_13L\Lab13-02.exe
文件 77824 2011-11-17 18:04 Practical Malware Analysis Labs\BinaryCollection\Chapter_13L\Lab13-03.exe
目录 0 2012-02-06 22:57 Practical Malware Analysis Labs\BinaryCollection\Chapter_14L\
文件 28672 2011-02-27 12:54 Practical Malware Analysis Labs\BinaryCollection\Chapter_14L\Lab14-01.exe
文件 6656 2011-02-25 06:09 Practical Malware Analysis Labs\BinaryCollection\Chapter_14L\Lab14-02.exe
文件 36864 2011-08-22 00:08 Practical Malware Analysis Labs\BinaryCollection\Chapter_14L\Lab14-03.exe
目录 0 2012-02-06 22:57 Practical Malware Analysis Labs\BinaryCollection\Chapter_15L\
文件 16384 2011-02-04 10:22 Practical Malware Analysis Labs\BinaryCollection\Chapter_15L\Lab15-01.exe
文件 16384 2011-11-16 17:11 Practical Malware Analysis Labs\BinaryCollection\Chapter_15L\Lab15-02.exe
............此处省略63个文件信息
川公网安备 51152502000135号
评论
共有 条评论