LyScript 计算片段Hash并写出Excel - 成就云开发者社区

本案例将学习运用LyScript计算特定程序中特定某些片段的Hash特征值，并通过xlsxwriter这个第三方模块将计算到的hash值存储成一个excel表格，本例中的知识点可以说已经具备了简单的表格输出能力，如果时间充裕完全可以实现自动化报告生成。

插件地址：https://github.com/lyshark/LyScript

第一步实现计算特定片段的特征值，此类代码实现原理用户传入一个rva相对地址以及读入指令长度，并通过内置的hashlib库实现计算内存段内指令的特征，如下代码先来实现计算两段指令特征。

代码语言：javascript

复制

import hashlib
import zlib,binascii
from LyScript32 import MyDebug
计算哈希
def calc_hash(dbg, rva,size):

read_list = bytearray()

ref_hash = { "va": None, "size": None, "md5":None, "sha256":None, "sha512":None, "crc32":None }
# 得到基地址
base = dbg.get_local_module_base()

# 读入数据
for index in range(0,size):
    readbyte = dbg.read_memory_byte(base + rva + index)
    read_list.append(readbyte)

# 计算特征
md5hash = hashlib.md5(read_list)
sha512hash = hashlib.sha512(read_list)
sha256hash = hashlib.sha256(read_list)
# crc32hash = binascii.crc32(read_list) &amp; 0xffffffff

ref_hash[&#34;va&#34;] = hex(base+rva)
ref_hash[&#34;size&#34;] = size
ref_hash[&#34;md5&#34;] = md5hash.hexdigest()
ref_hash[&#34;sha256&#34;] = sha256hash.hexdigest()
ref_hash[&#34;sha512&#34;] = sha512hash.hexdigest()
ref_hash[&#34;crc32&#34;] = hex(zlib.crc32(read_list))
return ref_hash

if name == "main":

dbg = MyDebug()

connect = dbg.connect()
# 传入相对地址,计算计算字节
ref = calc_hash(dbg,0x19fd,10)
print(ref)

# 计算第二段
ref = calc_hash(dbg,0x1030,26)
print(ref)

dbg.close()</code></pre></div></div><p>计算后输出字典格式：</p><figure class=""><div class="rno-markdown-img-url" style="text-align:center"><div class="rno-markdown-img-url-inner" style="width:100%"><div style="width:100%"><img src="https://cdn.static.attains.cn/app/developer-bbs/upload/1723266038454635015.png" /></div></div></div></figure><p>第二部使用第三方库，将读入的hash参数写出到表格内，并在下方生成hash图例，方便观察。</p><div class="rno-markdown-code"><div class="rno-markdown-code-toolbar"><div class="rno-markdown-code-toolbar-info"><div class="rno-markdown-code-toolbar-item is-type"><span class="is-m-hidden">代码语言：</span>javascript</div></div><div class="rno-markdown-code-toolbar-opt"><div class="rno-markdown-code-toolbar-copy"><i class="icon-copy"></i><span class="is-m-hidden">复制</span></div></div></div><div class="developer-code-block"><pre class="prism-token token line-numbers language-javascript"><code class="language-javascript" style="margin-left:0">import hashlib

import time

import zlib,binascii

from LyScript32 import MyDebug

import xlsxwriter
计算哈希
def calc_hash(dbg, rva,size):

read_list = bytearray()

ref_hash = { "va": None, "size": None, "md5":None, "sha256":None, "sha512":None, "crc32":None }
# 得到基地址
base = dbg.get_local_module_base()

# 读入数据
for index in range(0,size):
    readbyte = dbg.read_memory_byte(base + rva + index)
    read_list.append(readbyte)

# 计算特征
md5hash = hashlib.md5(read_list)
sha512hash = hashlib.sha512(read_list)
sha256hash = hashlib.sha256(read_list)
# crc32hash = binascii.crc32(read_list) &amp; 0xffffffff

ref_hash[&#34;va&#34;] = hex(base+rva)
ref_hash[&#34;size&#34;] = size
ref_hash[&#34;md5&#34;] = md5hash.hexdigest()
ref_hash[&#34;sha256&#34;] = sha256hash.hexdigest()
ref_hash[&#34;sha512&#34;] = sha512hash.hexdigest()
ref_hash[&#34;crc32&#34;] = hex(zlib.crc32(read_list))
return ref_hash

if name == "main":

dbg = MyDebug()

connect = dbg.connect()
# 打开一个被调试进程
dbg.open_debug(&#34;D:\\Win32Project.exe&#34;)

# 传入相对地址,计算计算字节
ref = calc_hash(dbg,0x19fd,10)
print(ref)

ref2 = calc_hash(dbg,0x1030,26)
print(ref2)

ref3 = calc_hash(dbg,0x15EB,46)
print(ref3)

ref4 = calc_hash(dbg,0x172B,8)
print(ref4)

# 写出表格
workbook = xlsxwriter.Workbook(&#34;pe_hash.xlsx&#34;)
worksheet = workbook.add_worksheet()

headings = [&#34;VA地址&#34;, &#34;计算长度&#34;, &#34;MD5&#34;, &#34;SHA256&#34;, &#34;SHA512&#34;,&#34;CRC32&#34;]
data = [
    [ref.get(&#34;va&#34;),ref.get(&#34;size&#34;),ref.get(&#34;md5&#34;),ref.get(&#34;sha256&#34;),ref.get(&#34;sha512&#34;),ref.get(&#34;crc32&#34;)],
    [ref2.get(&#34;va&#34;), ref2.get(&#34;size&#34;), ref2.get(&#34;md5&#34;), ref2.get(&#34;sha256&#34;), ref2.get(&#34;sha512&#34;), ref2.get(&#34;crc32&#34;)],
    [ref3.get(&#34;va&#34;), ref3.get(&#34;size&#34;), ref3.get(&#34;md5&#34;), ref3.get(&#34;sha256&#34;), ref3.get(&#34;sha512&#34;), ref3.get(&#34;crc32&#34;)],
    [ref4.get(&#34;va&#34;), ref4.get(&#34;size&#34;), ref4.get(&#34;md5&#34;), ref4.get(&#34;sha256&#34;), ref4.get(&#34;sha512&#34;), ref4.get(&#34;crc32&#34;)]
]

# 定义表格样式
head_style = workbook.add_format({&#34;bold&#34;: True, &#34;align&#34;: &#34;center&#34;, &#34;fg_color&#34;: &#34;#D7E4BC&#34;})
worksheet.set_column(&#34;A1:F1&#34;, 15)

# 逐条写入数据
worksheet.write_row(&#34;A1&#34;, headings, head_style)
for i in range(0, len(data)):
    worksheet.write_row(&#34;A{}&#34;.format(i + 2), data[i])

# 添加条形图，显示前十个元素
chart = workbook.add_chart({&#34;type&#34;: &#34;line&#34;})
chart.add_series({
    &#34;name&#34;: &#34;=Sheet1!$B$1&#34;,              # 图例项
    &#34;categories&#34;: &#34;=Sheet1!$A$2:$A$10&#34;,  # X轴 Item名称
    &#34;values&#34;: &#34;=Sheet1!$B$2:$B$10&#34;       # X轴Item值
})
chart.add_series({
    &#34;name&#34;: &#34;=Sheet1!$C$1&#34;,
    &#34;categories&#34;: &#34;=Sheet1!$A$2:$A$10&#34;,
    &#34;values&#34;: &#34;=Sheet1!$C$2:$C$10&#34;
})
chart.add_series({
    &#34;name&#34;: &#34;=Sheet1!$D$1&#34;,
    &#34;categories&#34;: &#34;=Sheet1!$A$2:$A$10&#34;,
    &#34;values&#34;: &#34;=Sheet1!$D$2:$D$10&#34;
})

# 添加柱状图标题
chart.set_title({&#34;name&#34;: &#34;计算HASH统计图&#34;})
# chart.set_style(8)

chart.set_size({&#39;width&#39;: 500, &#39;height&#39;: 250})
chart.set_legend({&#39;position&#39;: &#39;top&#39;})

# 在F2处绘制
worksheet.insert_chart(&#34;H2&#34;, chart)
workbook.close()


# 关闭被调试进程
time.sleep(1)
dbg.close_debug()
dbg.close()</code></pre></div></div><p>生成后的图例效果如下：</p><figure class=""><div class="rno-markdown-img-url" style="text-align:center"><div class="rno-markdown-img-url-inner" style="width:100%"><div style="width:100%"><img src="https://cdn.static.attains.cn/app/developer-bbs/upload/1723266038790573997.png" /></div></div></div></figure>