ssdeep的fuzzy_compare始终返回从ctypes python加载的0

2024-05-12 19:57:27 发布

您现在位置:Python中文网/ 问答频道 /正文
898 3

在获取fuzzy_compare函数以返回正确的比较值时遇到问题。它应该返回0~100,但始终返回0。在

from ctypes import *
fuzzy = CDLL('fuzzy.dll')
out1 = create_string_buffer('\x00'*512)
out2 = create_string_buffer('\x00'*512)
print fuzzy.fuzzy_hash_buf('hashme', len('hashme'), out1)
print fuzzy.fuzzy_hash_buf('hashme2', len('hashme2'), out2)
print out1.value
print out2.value
print fuzzy.fuzzy_compare(out1, out2)
# output
#    0
#    0
#    3:cA:x <-- correct hash
#    3:cy:R <-- correct hash
#    0      <-- fuzzy_compare returning 0...

我尝试过用out1.value调用fuzzy compare,将其转换为c\u char_p()和create_string_buffer(),但它始终返回0。我在调试器中看过它(在fuzzy_compare函数上设置一个bp,它正确地传递值,我不知道它为什么总是返回0。我是不是用错了函数?在


Tags: 函数stringlenvaluebuffercreatehashfuzzy
1条回答
网友
1楼 · 发布于 2024-05-12 19:57:27

我编译了包含的sample.c,它似乎可以工作。所以我在Python中尝试了类似的方法。注意,它使用一个非常大的输入缓冲区(0x50000),并且只修改16个字节,得到了99个非常接近的匹配。在

import ctypes
from random import randrange, seed

seed(42)

SPAMSUM_LENGTH = 64
FUZZY_MAX_RESULT = SPAMSUM_LENGTH + SPAMSUM_LENGTH // 2 + 20
SIZE = 0x50000

fuzzy = ctypes.CDLL('fuzzy.dll')

fuzzy_hash_buf = fuzzy.fuzzy_hash_buf
fuzzy_hash_buf.restype = ctypes.c_int
fuzzy_hash_buf.argtypes = [
    ctypes.c_char_p, #buf
    ctypes.c_uint32, #buf_len
    ctypes.c_char_p, #result
]
fuzzy_compare = fuzzy.fuzzy_compare
fuzzy_compare.restype = ctypes.c_int
fuzzy_compare.argtypes = [
    ctypes.c_char_p, #sig1
    ctypes.c_char_p, #sig2
]

out1 = ctypes.create_string_buffer('\x00' * FUZZY_MAX_RESULT)
out2 = ctypes.create_string_buffer('\x00' * FUZZY_MAX_RESULT)

in1 = ''.join(chr(randrange(256)) for x in xrange(SIZE))
in2 = ''.join(c if (i < 0x100 or i >= 0x110) else '\x25'
              for i, c in enumerate(in1))

print fuzzy_hash_buf(in1, len(in1), out1)
print fuzzy_hash_buf(in2, len(in2), out2)
print out1.value
print out2.value
print fuzzy_compare(out1, out2)

输出:

^{pr2}$

相关问题 更多 >

    编程相关推荐