Example/UnpackUPX: comment GetProcAddress hook

author: Ajax <commial@gmail.com> 2015-11-06 17:26:58 +0100
committer: Ajax <commial@gmail.com> 2015-11-06 17:31:44 +0100
commit: 20d61892896d3d2e766dc7801d9c9b6154276fd1 (patch)
tree: e9ec23ed96a3f26e257c08e413fe37cce005214e /example/jitter/unpack_upx.py
parent: f1783d86be0593de00782b75c10c54ef3ce35a79 (diff)
download: miasm-20d61892896d3d2e766dc7801d9c9b6154276fd1.tar.gz
miasm-20d61892896d3d2e766dc7801d9c9b6154276fd1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py
index 808dd134..f22dd445 100644
--- a/example/jitter/unpack_upx.py
+++ b/example/jitter/unpack_upx.py
@@ -13,15 +13,19 @@ if filename and os.path.isfile(filename):
 # User defined methods
 
 def kernel32_GetProcAddress(jitter):
+    """Hook on GetProcAddress to note where UPX store imports pointer"""
     ret_ad, args = jitter.func_args_stdcall(["libbase", "fname"])
 
+    # When the function is called, EBX is a pointer on the destination buffer
     dst_ad = jitter.cpu.EBX
     logging.info('EBX ' + hex(dst_ad))
 
+    # Handle ordinal imports
     fname = (args.fname if args.fname < 0x10000
              else jitter.get_str_ansi(args.fname))
     logging.info(fname)
 
+    # Get the generated address of the library, and store it in memory to dst_ad
     ad = sb.libs.lib_get_add_func(args.libbase, fname, dst_ad)
     jitter.func_ret_stdcall(ret_ad, ad)
author	Ajax <commial@gmail.com>	2015-11-06 17:26:58 +0100
committer	Ajax <commial@gmail.com>	2015-11-06 17:31:44 +0100
commit	20d61892896d3d2e766dc7801d9c9b6154276fd1 (patch)
tree	e9ec23ed96a3f26e257c08e413fe37cce005214e /example/jitter/unpack_upx.py
parent	f1783d86be0593de00782b75c10c54ef3ce35a79 (diff)
download	miasm-20d61892896d3d2e766dc7801d9c9b6154276fd1.tar.gz miasm-20d61892896d3d2e766dc7801d9c9b6154276fd1.zip