Python中的内存地址生成器

1 投票

4 回答

1485 浏览

提问于 2025-04-18 02:11

我需要用Python来暴力破解一些地址空间。目前我的代码是：

offsets = [
"\x00","\x01","\x02","\x03","\x04","\x05","\x06","\x07","\x08","\x09","\x0a","\x0b","\x0c","\x0d","\x0e","\x0f"
,"\x10","\x11","\x12","\x13","\x14","\x15","\x16","\x17","\x18","\x19","\x1a","\x1b","\x1c","\x1d","\x1e","\x1f"
,"\x20","\x21","\x22","\x23","\x24","\x25","\x26","\x27","\x28","\x29","\x2a","\x2b","\x2c","\x2d","\x2e","\x2f"
,"\x30","\x31","\x32","\x33","\x34","\x35","\x36","\x37","\x38","\x39","\x3a","\x3b","\x3c","\x3d","\x3e","\x3f"
,"\x40","\x41","\x42","\x43","\x44","\x45","\x46","\x47","\x48","\x49","\x4a","\x4b","\x4c","\x4d","\x4e","\x4f"
,"\x50","\x51","\x52","\x53","\x54","\x55","\x56","\x57","\x58","\x59","\x5a","\x5b","\x5c","\x5d","\x5e","\x5f"
,"\x60","\x61","\x62","\x63","\x64","\x65","\x66","\x67","\x68","\x69","\x6a","\x6b","\x6c","\x6d","\x6e","\x6f"
,"\x70","\x71","\x72","\x73","\x74","\x75","\x76","\x77","\x78","\x79","\x7a","\x7b","\x7c","\x7d","\x7e","\x7f"
,"\x80","\x81","\x82","\x83","\x84","\x85","\x86","\x87","\x88","\x89","\x8a","\x8b","\x8c","\x8d","\x8e","\x8f"
,"\x90","\x91","\x92","\x93","\x94","\x95","\x96","\x97","\x98","\x99","\x9a","\x9b","\x9c","\x9d","\x9e","\x9f"
,"\xa0","\xa1","\xa2","\xa3","\xa4","\xa5","\xa6","\xa7","\xa8","\xa9","\xaa","\xab","\xac","\xad","\xae","\xaf"
,"\xb0","\xb1","\xb2","\xb3","\xb4","\xb5","\xb6","\xb7","\xb8","\xb9","\xba","\xbb","\xbc","\xbd","\xbe","\xbf"
,"\xc0","\xc1","\xc2","\xc3","\xc4","\xc5","\xc6","\xc7","\xc8","\xc9","\xca","\xcb","\xcc","\xcd","\xce","\xcf"
,"\xd0","\xd1","\xd2","\xd3","\xd4","\xd5","\xd6","\xd7","\xd8","\xd9","\xda","\xdb","\xdc","\xdd","\xde","\xdf"
,"\xe0","\xe1","\xe2","\xe3","\xe4","\xe5","\xe6","\xe7","\xe8","\xe9","\xea","\xeb","\xec","\xed","\xee","\xef"
,"\xf0","\xf1","\xf2","\xf3","\xf4","\xf5","\xf6","\xf7","\xf8","\xf9","\xfa","\xfb","\xfc","\xfd","\xfe","\xff"]


for i in xrange(110, 256):
    num = offsets[i]
    address = "\xee" + num + "\xff\xbf"
    print `address`

然后输出的最后一部分是：

'\xee\xfa\xff\xbf'
'\xee\xfb\xff\xbf'
'\xee\xfc\xff\xbf'
'\xee\xfd\xff\xbf'
'\xee\xfe\xff\xbf'
'\xee\xff\xff\xbf'

我的问题是，是否可以不使用“offsets”这个数组，换一种更简洁的方式来实现？

内存管理暴力破解编程优化地址空间

4 个回答

你可以用一行代码来生成偏移量数组：

offsets = ["0x{:02x}".format(_) for _ in range(0x100)]

回答于 2025-04-18 由 Python大师

分享举报

在编程中，有时候我们会遇到一些问题，像是代码运行不正常或者出现错误。这种情况下，我们需要去查找原因，通常可以在一些技术论坛上找到答案，比如StackOverflow。在这些论坛上，很多人会分享他们的经验和解决方案，帮助其他人解决类似的问题。

如果你在编程时遇到困难，不妨去这些地方看看，可能会找到你需要的帮助。记得把你的问题描述清楚，这样别人才能更好地理解你的情况，给出有效的建议。

总之，编程是一条不断学习的路，遇到问题是很正常的，关键是要积极寻找解决办法。

for i in xrange(110, 256):
    address = "\xee" + "\\" + hex(i)[1:] + "\xff\xbf"
    print `address`

回答于 2025-04-18 由 Python大师

分享举报

你可以直接算一下，让 struct 来生成这个4字节的序列。

base = b'\xee\x00\xff\xbf' #assuming little-endian for the math coming up

struct.unpack('I',base)
Out[89]: (3221160174,)

#showing they're the same, no magic involved
int('ee',16) + int('ff',16)*(16**4) + int('bf',16)*(16**6)
Out[90]: 3221160174

#equivalent to bitshifting, if you prefer
int('ee',16) + (int('ff',16) << 16) + (int('bf',16) << 24)
Out[91]: 3221160174

这样就得到了

start = 3221160174

[struct.pack('I', start + (x<<8)) for x in range(256)]
Out[93]: 
[b'\xee\x00\xff\xbf',
 b'\xee\x01\xff\xbf',
 b'\xee\x02\xff\xbf',
 b'\xee\x03\xff\xbf',
 b'\xee\x04\xff\xbf',
 b'\xee\x05\xff\xbf',
 b'\xee\x06\xff\xbf',
 #snip...
 b'\xee\xff\xff\xbf']

回答于 2025-04-18 由 Python大师

分享举报

当然可以，只需要遍历一下 xrange，然后对当前的项调用 chr() 函数就行：

>>> for i in xrange(110, 256):
...     print "\xee" + chr(i) + "\xff\xbf"

注意，这样会打印出实际的字符。如果你只是想打印出数值，可以使用反引号，不过更符合 Python 风格的方法是用 repr()：

>>> for i in xrange(110, 256):
...    print(repr("\xee" + chr(i) + "\xff\xbf"))
...
    -- SNIP --
'\xee\xfa\xff\xbf'
'\xee\xfb\xff\xbf'
'\xee\xfc\xff\xbf'
'\xee\xfd\xff\xbf'
'\xee\xfe\xff\xbf'
'\xee\xff\xff\xbf'

回答于 2025-04-18 由 Python大师

分享举报

Python中的内存地址生成器

4 个回答

撰写回答