本帖最后由 Dlan 于 2014-9-25 10:00 编辑
反混淆的python代码,代码出自一位希腊研究员[Asm] 纯文本查看 复制代码 111.py jqanjzruzb.PBS clean.au3
[Asm] 纯文本查看 复制代码 import sys, os
import sys, os
def progress(n, total):
sys.stdout.write("\r[+] Cleaned: %d%%" % (n*100/total))
sys.stdout.flush()
def remove_from_list(string_to_remove, list):
while True:
try:
list.remove(string_to_remove)
# print ".",
except:
# print "done"
break
def clean_from_dummystring_newlines(dummyfilename, newfilename):
f = open(dummyfilename)
with f as lines:
content = lines.readlines()
f.close()
for mem in content:
string_to_remove = mem
print "\n[+] dummy string to be removed, seems to be: "+string_to_remove
break
if content.count(string_to_remove) > 10:
# print "String to be removed, seems to be: \""+string_to_remove+"\""
remove_from_list(string_to_remove, content)
if content.count(' \n') > 5:
print "[+] Removing \" \\n\""
remove_from_list(" \n", content)
f = open(newfilename, 'wb')
f.write(''.join(content))
f.close()
info = os.stat(sys.argv[1])# get file size
filesz = info.st_size
f = open(sys.argv[1], 'rb')#.. now open file to read
l = open(sys.argv[2], 'wb')
b = f.read(1)
datatowrite = ""
list1 = []
i = 0
k = 0
print "\n[+] cleaning the tab chars.."
while b != '':# read file till EOF.. :)
while b == '\t':# tabs are the chars i want to ignore...
i += 1
k += 1
b = f.read(1)
if i>0:
# print "There were "+str(i)+" tabs.."
if i<10:# writeable tabs
for j in range (0,i):
datatowrite = '\t'
l.write(datatowrite)
i = 0
progress(k, filesz)# give progress status
if b == '\n':# write \n to file...
# print "NL"
k += 1
datatowrite = '\n'
l.write(datatowrite)
elif b == '\r':# write \r to file
# print "CR"
k += 1
datatowrite = '\r'
l.write(datatowrite)
else:
while b >= ' ' and b <= '}':# printable char? write it..
k += 1
list1.append(b)
b = f.read(1)
# print "".join(list1)
datatowrite = ''.join(list1)# write to file
l.write(datatowrite)
list1 = []
b = f.read(1)
f.close()
l.close()
# Now clean a bit more.. clear the 1) dummy comment strings and 2) the dummy new lines.
clean_from_dummystring_newlines(sys.argv[2], sys.argv[2])
print "Done!"
| 
发表于 2014-9-25 09:58
