Home >Java >javaTutorial >java unidbg Ollvm string encryption and parsing method
java unidbg Ollvm string encryption and parsing method
- WBOYforward
- 2023-05-18 19:19:121642browse
unidbg Ollvm String Encryption Analysis
Rewritten sentence: The principle is to use unicorn's "mem hook" function to dump the pure data after so is loaded into memory. There are two methods:
Core method
Method 1: Use
getBackend()to copy Unicorn’s memory hook method.Method 2: Use
traceCode()to trace the specified memory segment and hook the memory data.
Note that getBackend is driven by Unicorn, so it can only be used on the unicorn engine of dbg
WithgetBackend For example
emulator.getBackend().hook_add_new(new WriteHook() {
@Override
public void hook(Backend backend, long address, int size, long value, Object user) {
System.out.println(Long.toHexString(address) + "----" + size + "----" + value);
byte[] bytes = long2Bytes(value, size);
modifyMap.put(address, bytes);
}
}, 0, Long.MAX_VALUE, null);
Java
_ Copy_
This way you can hook the memory data at the specified time.
Derived
Of course, it can be encapsulated into a GUI so that the work can be completed with just a click of the mouse
The above is the detailed content of java unidbg Ollvm string encryption and parsing method. For more information, please follow other related articles on the PHP Chinese website!