Posted by Anonymous on Fri 17 Jul 23:09
- #!/usr/bin/env python
- __VERSION__ = '0.1'
- import immlib
- import getopt
- from immlib import MemoryProtection
- from immutils import prettyhexprint
- DESC= "Immunity PyCommand isexec"
- USAGE = "!isexec address"
- def usage(imm):
- imm.Log("!isexec")
- imm.Log(USAGE, focus=1)
- def main(args):
- imm = immlib.Debugger()
- imm.Log(' '.join(["###", DESC, "###"]))
- if len(args) == 0:
- imm.Log(USAGE, focus=1)
- return USAGE
- addr = int(args[0], 16)
- imm.Log("Retrieving page information for %x" % addr)
- page = imm.getMemoryPagebyAddress(addr)
- if page == None:
- return "Invalid address: %x" % addr
- execute = False;
- for acc in [MemoryProtection["PAGE_EXECUTE"],
- MemoryProtection["PAGE_EXECUTE_READ"],
- MemoryProtection["PAGE_EXECUTE_READWRITE"],
- MemoryProtection["PAGE_EXECUTE_WRITECOPY"]]:
- if acc == page.access:
- execute = True;
- if execute:
- imm.Log("Address %x, in page %x, is executable"% (addr, page.getBaseAddress()))
- return "%x is executable" % addr
- else:
- imm.Log("Address %x, in page %x, is not executable" % (addr, page.getBaseAddress()))
- return "%x is not executable" % addr
- =========================
- 0BADF00D ### Immunity PyCommand isexec ###
- 0BADF00D Retrieving page information for 12ffd0
- 0BADF00D Address 12ffd0, in page 126000, is not executable
- 0BADF00D ### Immunity PyCommand isexec ###
- 0BADF00D Retrieving page information for 40133a
- 0BADF00D Address 40133a, in page 401000, is marked as executable
The pastebin: http://python.pastebin.com/mb25963a
Bookmark this post with:
Subscribe to this blog!
Follow on Twitter!