e3prom · March 9, 2018 13:56
diff --git a/win-x86-loadaddr.py b/win-x86-loadaddr.py
 '''
 This script allow you to load a DLL using the Windows API 'LoadLibrary()' function
 and returns it's load and relative text section virtual memory address.
 
 You can specifiy multiple DLL files at once using the wildcard (globbing) character.
 Note to self: next time use argparse instead of the *limited* getopt.
 
 Coded with some love by e3prom <github.com/e3prom
 '''
 from ctypes import windll
 import getopt
 import sys
 import glob
 import string

 kernel32 = windll.kernel32
 hbar = '-' * 70
 tab = '\t'

 def usage():
 	print "%s Usage:" % sys.argv[0]
 	print "-d, --dll=DLL" + tab + tab + 'Specify .DLL file(s) to load in memory'
 	print "-s, --start=ADDR" + tab + 'Only report DLL loaded after memory address'
 	print "-e, --end=ADDR" + tab + tab + 'Only report DLL loaded before memory address'
 	print "    --verbose" + tab + tab + 'Turn verbosity on'
 	print "    --help" + tab + tab + 'Print this help information'
 	
 def loadDLL(dll_name, addr_s, addr_e):
 	try:
 		windll.LoadLibrary(dll_name)
 	except WindowsError:
 		print "An error occured during the library load."
 	
 	load_addr = kernel32.GetModuleHandleA(dll_name)
 	
 	if addr_s < hex(load_addr) < addr_e:
 		return load_addr
 	else:
 		return -1
 	
 def printAddr(dll_name, dll_loadaddr):
 	print hbar
 	print "Dynamic Link Library: " + string.upper(dll_name)
 	print hbar
 	print "Load Address: %s" % hex(dll_loadaddr)
 	print "Text Section: %s\n" % hex(dll_loadaddr + 0x1000)
 	
 def main():
 	try:
 		opts, args = getopt.getopt(sys.argv[1:], "hs:e:d:", ["verbose", "help", "start=", "end=", "dll="])
 	except getopt.GetoptError as err:
 		print str(err)
 		usage()
 		sys.exit(2)
 	
 	verbose = False
 	addr_s = 0
 	addr_e = 0xffffffff
 	for opt, arg in opts:
 		if opt in ("--verbose"):
 			verbose = True
 		elif opt in ("-h", "--help"):
 			usage()
 			sys.exit()
 		elif opt in ("-s", "--start"):
 			addr_s = arg
 		elif opt in ("-e", "--end"):
 			addr_e = arg
 		elif opt in ("-d", "--dll"):
 			if (verbose == True):
 				print "[*] Printing memory information for specified DLL(s)...\n"
 				if addr_s and addr_e:
 					print "[+] Only output DLL(s) where load address is between %s - %s\n" % (addr_s, addr_e)
 			for dll in glob.glob(arg):
 				dll_loadaddr = loadDLL(dll, addr_s, addr_e)
 				if dll_loadaddr != -1:
 					printAddr(dll, dll_loadaddr)
 			sys.exit()
 		else:
 			assert False, "unhandled command-line option."
 		
 if __name__ == "__main__":
 	main()
	'''
	This script allow you to load a DLL using the Windows API 'LoadLibrary()' function
	and returns it's load and relative text section virtual memory address.

	You can specifiy multiple DLL files at once using the wildcard (globbing) character.
	Note to self: next time use argparse instead of the limited getopt.

	Coded with some love by e3prom <github.com/e3prom
	'''
	from ctypes import windll
	import getopt
	import sys
	import glob
	import string

	kernel32 = windll.kernel32
	hbar = '-' * 70
	tab = '\t'

	def usage():
	print "%s Usage:" % sys.argv[0]
	print "-d, --dll=DLL" + tab + tab + 'Specify .DLL file(s) to load in memory'
	print "-s, --start=ADDR" + tab + 'Only report DLL loaded after memory address'
	print "-e, --end=ADDR" + tab + tab + 'Only report DLL loaded before memory address'
	print " --verbose" + tab + tab + 'Turn verbosity on'
	print " --help" + tab + tab + 'Print this help information'

	def loadDLL(dll_name, addr_s, addr_e):
	try:
	windll.LoadLibrary(dll_name)
	except WindowsError:
	print "An error occured during the library load."

	load_addr = kernel32.GetModuleHandleA(dll_name)

	if addr_s < hex(load_addr) < addr_e:
	return load_addr
	else:
	return -1

	def printAddr(dll_name, dll_loadaddr):
	print hbar
	print "Dynamic Link Library: " + string.upper(dll_name)
	print hbar
	print "Load Address: %s" % hex(dll_loadaddr)
	print "Text Section: %s\n" % hex(dll_loadaddr + 0x1000)

	def main():
	try:
	opts, args = getopt.getopt(sys.argv[1:], "hs:e:d:", ["verbose", "help", "start=", "end=", "dll="])
	except getopt.GetoptError as err:
	print str(err)
	usage()
	sys.exit(2)

	verbose = False
	addr_s = 0
	addr_e = 0xffffffff
	for opt, arg in opts:
	if opt in ("--verbose"):
	verbose = True
	elif opt in ("-h", "--help"):
	usage()
	sys.exit()
	elif opt in ("-s", "--start"):
	addr_s = arg
	elif opt in ("-e", "--end"):
	addr_e = arg
	elif opt in ("-d", "--dll"):
	if (verbose == True):
	print "[*] Printing memory information for specified DLL(s)...\n"
	if addr_s and addr_e:
	print "[+] Only output DLL(s) where load address is between %s - %s\n" % (addr_s, addr_e)
	for dll in glob.glob(arg):
	dll_loadaddr = loadDLL(dll, addr_s, addr_e)
	if dll_loadaddr != -1:
	printAddr(dll, dll_loadaddr)
	sys.exit()
	else:
	assert False, "unhandled command-line option."

	if __name__ == "__main__":
	main()