Home > Java > javaTutorial > body text

java unidbg Ollvm string encryption and parsing method

WBOY
Release: 2023-05-18 19:19:12
forward
1598 people have browsed it

unidbg Ollvm String Encryption Analysis

Rewritten sentence: The principle is to use unicorn's "mem hook" function to dump the pure data after so is loaded into memory. There are two methods:

Core method

  • Method 1: Use getBackend() to copy Unicorn’s memory hook method.

  • Method 2: Use traceCode() to trace the specified memory segment and hook the memory data.

Note that getBackend is driven by Unicorn, so it can only be used on the unicorn engine of dbg
WithgetBackend For example

emulator.getBackend().hook_add_new(new WriteHook() {
    @Override
    public void hook(Backend backend, long address, int size, long value, Object user) {
        System.out.println(Long.toHexString(address) + "----" + size + "----" + value);
        byte[] bytes = long2Bytes(value, size);
        modifyMap.put(address, bytes);
    }
}, 0, Long.MAX_VALUE, null);
Copy after login

Java
_ Copy_
This way you can hook the memory data at the specified time.

Derived

Of course, it can be encapsulated into a GUI so that the work can be completed with just a click of the mouse
java unidbg Ollvm字符串加密解析的方法
java unidbg Ollvm字符串加密解析的方法java unidbg Ollvm字符串加密解析的方法java unidbg Ollvm字符串加密解析的方法

The above is the detailed content of java unidbg Ollvm string encryption and parsing method. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template