Wrapper round x86 Assembler

Thomas Heller theller at python.net
Thu Apr 15 16:10:18 EDT 2004 

michael at foord.net (Fuzzyman) writes:

> There might be a really good reason why this hasn't been done *or*
> someone might have done it and I just can't find it..... *but*
>
> what about a wrapper to an assembler (presumably for x86 assembly !)
> !!
> I just wrote some code doing binary operations which would have been
> about a zillion times faster in a few lines of assembly code.
>
> I also have fond memories of programming in BBC Basic which had an
> inline assembler - so you could wrap your assembly program in Basic.
> It meant some commercial games started with Basic !
>
> Anyway - it would be easy to reserve some memory with a string like
> object to pass to an 'assembly object' and allow some really nifty
> (and fast) stuff ?? For simple algorithms it would be very neat.
> Avoiding memory overflow etc would be up to the assembly code 'chunk'
> of course.


The following has been reposted by Bradley Schatz to the ctypes mailing
list, it may indeed contain what you want, and it *is* very
interesting.  The original post was to the bugtraq mailing list (or so):

from oliver.lavery at sympatico.ca

Today marks another solar cycle I've spent on this planet. To celebrate I'd
like to share one of my toys with all of you.

Adder is a tool I wrote for myself, so that I could experiment with runtime
modification of binary applications. I've found it really useful for
prototyping run-time patches, understanding the effects and possibilities of
call-hooking and other run-time program tweaks; that sort of thing. I hope
you might find it useful too...


Binary:
http://www.rootkit.com/vault/x3nophi1e/adder-0.3.3-win32.zip
( NT 4 / 2000 / XP / 2003 )

Source:
http://www.rootkit.com/vault/x3nophi1e/adder-0.3.3-src.zip

Documentation:
http://www.rootkit.com/vault/x3nophi1e/adder-manual.zip
( please read the installation instructions in here. )


The way it works is fairly simple. Adder allows you to inject a python
interpreter into any win32 process. That interpreter then runs a script
within the context of your target process which is able to instrument and
modify the target in any way it sees fit. Included are a extensions to the
python language that provide:

- safe pointer support
- execution path hooking in python and C++. Hooks can be installed at
something close to instruction granularity.
- x86 instruction manipulation. (based on z0mbie's ADE32 engine)
- programmable x86 instruction disassembler. (a win32 port of libdisasm from
The Bastard)
- x86 assembler. (Dave Aitel's Mosdef 1.1)

These features make it easy to play with the deep majik of really low-level
code hacking in an efficient, sophisticated, high-level language. So adder
is a sort of meta-tool which you might use to script things like:

- dynamic analysis. Hook every function in jscript.dll and graph which ones
execute when a HTML page's script runs.
- API interception. Should IE really be allowed to open an .exe straight of
the web?
- run-time patching. Get rid of those pesky bugs.
- binary forensics. Packers aren't so hard to crack when they run.

Performance and stability are pretty good at this point. Since it's a tool I
wrote for my own use, there are lots of rough edges that need to be cleaned
up. I've been waiting to find the time to fix these for ages and never seem
to. So you'll excuse the occasional glitch. Please tell me if you find
something really horrid.

Hope you all find this interesting, and maybe even useful.

~x

----------

More information about the Python-list mailing list