我在 hashcat 恢复文件的二进制文件中有以下结构输出:
typedef struct
{
uint32_t version_bin;
char cwd[256];
uint32_t argc;
char **argv;
uint32_t pid;
uint32_t devices_cnt;
uint32_t dictpos;
uint32_t maskpos;
uint64_t *pw_off;
uint64_t *pw_num;
uint64_t pw_cur;
uint32_t digests_cnt;
uint32_t digests_done;
uint *digests_shown;
uint32_t salts_cnt;
uint32_t salts_done;
uint *salts_shown;
float ms_running;
} restore_data_t;
我正在尝试导入原始数据并使用 ctypes 数据结构使用 Python 脚本解析它,如下所示:
class RestoreStruct(Structure):
_fields_ = [
("version_bin", c_uint32),
("cwd", c_char*256),
("argc", c_uint32),
("argv", POINTER(POINTER(c_char))),
("pid", c_uint32),
("devices_cnt", c_uint32),
("dictpos", c_uint32),
("maskpos", c_uint32),
("pw_off", POINTER(c_uint64)),
("pw_NUM", POINTER(c_uint64)),
("pw_CUR", c_uint64),
("digests_cnt", c_uint32),
("digests_done", c_uint32),
("digests_shown", POINTER(c_uint32)),
("salts_cnt", c_uint32),
("salts_done", c_uint32),
("salts_shown", POINTER(c_uint*30)),
("ms_running", c_float)
]
with open("cudaHashcat.restore", "rb") as restore_file:
status = []
struct = RestoreStruct()
while restore_file.readinto(struct) == sizeof(struct):
status.append((struct.version_bin, struct.cwd, struct.argc, struct.argv, \
struct.pid, struct.devices_cnt, struct.dictpos, struct.maskpos, struct.pw_off, \
struct.pw_NUM, struct.pw_CUR, struct.digests_cnt, struct.digests_done, struct.digests_shown, \
struct.salts_cnt, struct.salts_done, struct.salts_shown, struct.ms_running))
print struct._fields_[0][0], status[0][0]
print struct._fields_[1][0], status[0][1]
print struct._fields_[2][0], status[0][2]
print struct._fields_[3][0], status[0][3]
print struct._fields_[4][0], status[0][4]
print struct._fields_[5][0], status[0][5]
print struct._fields_[6][0], status[0][6]
print struct._fields_[7][0], status[0][7]
print struct._fields_[8][0], status[0][8]
print struct._fields_[9][0], status[0][9]
print struct._fields_[10][0], status[0][10]
print struct._fields_[11][0], status[0][11]
print struct._fields_[12][0], status[0][12]
print struct._fields_[13][0], status[0][13]
print struct._fields_[14][0], status[0][14]
print struct._fields_[15][0], status[0][15]
print struct._fields_[16][0], status[0][16]
print struct._fields_[17][0], status[0][17]
我遇到的这个问题是如何访问指针 ctypes(argv、pw_off 等)中的数据?我试过“内容”,但出现“空指针访问”错误。 argv 应该是一个 char 数组,其他的应该是一个指向 int 的简单指针。
我如何访问指针寻址的实际数据?我完全不了解自己的处理方式吗?
这是恢复文件的 base64 编码版本:
ZQAAAEU6XG9jbEhhc2hjYXQtMS4wMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAAAACBdvAHwiAAABAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAABACgBAAAAAA8AAAAFAAAAAAAAAAEAAAAAAAAAAAAAAEDPnkYAAAAAY3VkYUhh c2hjYXQzMgotbQoxMDAwCi1hCjAKLXIKcnVsZXNccmljaF9wd19ydWxlcy5ydWxlCi4uXHBsYWlu X3RleHRfaGFzaC50eHQKLi5cMTZfV2Fsa19taW4udHh0Cv//JwEAAAAAAAAIAAAAAAAAAAAAAQAA AAAAAAABAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
正如评论中指出的那样,argv 值似乎以纯文本形式存储在文件中。我的问题仍然是如何正确地将此信息读入结构。恢复结构中的所有其他值都被读入并正确存储在 python 对象中,但上面的代码。尽管任何指针结构都不会那么容易读入。
最佳答案
在这里采纳了 eryksun 的建议,我做了什么来获得 argv 值。
class RestoreStruct(Structure):
_fields_ = [
("version_bin", c_uint32),
("cwd", c_char*256),
("argc", c_uint32),
("argv", POINTER(POINTER(c_char))),
("pid", c_uint32),
("devices_cnt", c_uint32),
("dictpos", c_uint32),
("maskpos", c_uint32),
("pw_off", POINTER(c_uint64)),
("pw_NUM", POINTER(c_uint64)),
("pw_CUR", c_uint64),
("digests_cnt", c_uint32),
("digests_done", c_uint32),
("digests_shown", POINTER(c_uint32)),
("salts_cnt", c_uint32),
("salts_done", c_uint32),
("salts_shown", POINTER(c_uint*30)),
("ms_running", c_float)
]
with open("cudaHashcat.restore", "rb") as restore_file:
status = []
struct = RestoreStruct()
restore_file.readinto(struct)
rest = restore_file.read()
print struct.version_bin
# Print rest of variables that are not pointers
print rest.splitlines()[0:struct.argc] # Prints a list structure of argv values
关于python - 通过 Python 从二进制文件访问 ctypes **argv,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23021250/