Hi,
My company just started application whitelisting. Now a new version of a
(benign!!) dll does not work as it (or rather, its file hash, if I understood
it correctly) is not whitelisted. Is there any way I can use the same dll of a
newer version? I know this sounds like a hacking request, but my intentions are
sincere. My only purpose is to use ctypes to use the functions that are present
in the new, but not the old, dll version.
The code below is probably simplistic/naive, but it's a product of my
frustration + curiosity. The strategy was to generate a dll that has the same
file hash as the original dll by right-padding it with zero until the desired
checksum is found. Why a zero? No idea. ;-)
PS: I guess virtual environment also cannot be used for this, right?
import hashlib
import contextlib
def generateFile(infile, desired_hash, hashtype="md5"):
outfile = infile[:-4] + "_adjusted.dll"
hashlib_ = hashlib.new(hashtype)
with contextlib.nested(open(infile, "rb"), open(outfile, "wb")) as (f_in,
f_out):
observed_hash = hashlib_(f_in.read())
found = observed_hash.hexdigest() == desired_hash
counter = 0
while True:
counter += 1
observed_hash.update("0")
if found:
f_out.write(f_in.read() + (counter * "0"))
print "Got it: '%s'" f_out.name
break
infile = r"D:\temp\myown.dll"
generateFile(infile, '4151e067c17a753fc5c4ec1c507d28c9')
Regards,
Albert-Jan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
All right, but apart from the sanitation, the medicine, education, wine, public
order, irrigation, roads, a
fresh water system, and public health, what have the Romans ever done for us?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________
Tutor maillist - [email protected]
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
