-
-
[下载]快捷搜索多个so的字符串工具
-
发表于: 2023-6-12 20:41
-
一个快捷搜索多个so字符串的脚本工具
简介
1 2 3 | 前段时间需要快速过滤一遍多个so的字符串,以期望能快速找到一些逆向分析的线索,原本想写一个解析elf来达到多个so搜索的目的,结果有大佬告诉我有现成的在mac linux Windows下都有一个strings的命令行工具+python强大的数据处理支持产生了这工具.能简单一点绝对不搞复杂的. |
核心逻辑就是通过解析strings的字符串搜索结果进行搜索
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | def searchso(sopath, s): """ 搜索so文件字符串 :param s: 需要搜索的字符串 """ if 'nt' == os.name: commad = os.path.join(os.path.split(sys.argv[0])[0], "commad/strings64.exe") else: commad = 'strings' process = subprocess.Popen([commad, '-a', sopath], stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = process.communicate(timeout=5) arrayStr = [] result = None if out is not None: print("> {}:开始分析!".format(os.path.split(sopath)[1])) print("> commad: strings -a {} | grep {}".format(sopath, s)) result = out.decode('utf-8') if args.saveall is not None and result is not None: with open(args.saveall, 'a') as f: f.write('<====' + os.path.split(sopath)[1] + "====\n") f.write(result) f.write("====" + os.path.split(sopath)[1] + "====>\n") f.close() try: if args.ignorecase == 1: print("> -i 1 默认忽略大小写") items = re.finditer(s, result, re.IGNORECASE) else: items = re.finditer(s, result) print("> -i 0 区分大小写") for i in items: arg = result[i.start():-1] print(arg[:arg.find('\n')]) if args.output: arrayStr.append(arg[:arg.find('\n')]) except Exception as e: print(e) print("> {}:分析完成!".format(os.path.split(sopath)[1])) if args.output is not None and len(arrayStr): with open(args.output, 'a') as f: f.write('<====' + os.path.split(sopath)[1] + "====\n") for i in arrayStr: f.write(i + '\n') f.write("====" + os.path.split(sopath)[1] + "====>\n") f.close() print("> 分析结果:", args.output) else: print("> {}:分析超时 ".format(os.path.split(sopath)[1]), err) |
- 目前仅编译了mac arm版
可安装python3+pip install pyinstaller看readme自行编译其它平台
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
最后于 2023-6-12 20:43
被iyue_t编辑
,原因: 添加源码链接
|
|
|---|---|
