hamano · October 1, 2012 04:41
diff --git a/psum.py b/psum.py
 #!/usr/bin/python
 from ctypes import *

 x86_64 = [
 0x48,0x81,0xec,0xa0,0x7c,0x03,0x00,# sub    $0x37ca0,%rsp
 0x66,0x0f,0xef,0xc0,# pxor   %xmm0,%xmm0
 0x48,0x8d,0x44,0x24,0x88,# lea    -0x78(%rsp),%rax
 0x48,0x8d,0x94,0x24,0x88,0x7c,0x03,# lea    0x37c88(%rsp),%rdx
 0x00,#
 0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,# nopl   0x0(%rax,%rax,1)
 0x00,#
 0x66,0x0f,0x7f,0x00,# movdqa %xmm0,(%rax)
 0x48,0x83,0xc0,0x10,# add    $0x10,%rax
 0x48,0x39,0xd0,# cmp    %rdx,%rax
 0x75,0xf3,# jne    400820 <psum+0x20>
 0x8b,0x54,0x24,0x8c,# mov    -0x74(%rsp),%edx
 0xc7,0x84,0x24,0x88,0x7c,0x03,0x00,# movl   $0x0,0x37c88(%rsp)
 0x00,0x00,0x00,0x00,#
 0x41,0xb8,0x01,0x00,0x00,0x00,# mov    $0x1,%r8d
 0xbe,0x01,0x00,0x00,0x00,# mov    $0x1,%esi
 0xb8,0x02,0x00,0x00,0x00,# mov    $0x2,%eax
 0x85,0xd2,# test   %edx,%edx
 0x75,0x48,# jne    400898 <psum+0x98>
 0x44,0x8d,0x4c,0x36,0x01,# lea    0x1(%rsi,%rsi,1),%r9d
 0x41,0x83,0xc0,0x01,# add    $0x1,%r8d
 0x44,0x01,0xc8,# add    %r9d,%eax
 0x41,0x39,0xf8,# cmp    %edi,%r8d
 0x7d,0x43,# jge    4008a4 <psum+0xa4>
 0x81,0xfe,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%esi
 0x7f,0xec,# jg     400855 <psum+0x55>
 0x89,0xf2,# mov    %esi,%edx
 0x0f,0x1f,0x44,0x00,0x00,# nopl   0x0(%rax,%rax,1)
 0x48,0x63,0xca,# movslq %edx,%rcx
 0x44,0x01,0xca,# add    %r9d,%edx
 0x81,0xfa,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%edx
 0xc7,0x44,0x8c,0x88,0x01,0x00,0x00,# movl   $0x1,-0x78(%rsp,%rcx,4)
 0x00,#
 0x7e,0xea,# jle    400870 <psum+0x70>
 0x48,0x63,0xd6,# movslq %esi,%rdx
 0x8b,0x54,0x94,0x88,# mov    -0x78(%rsp,%rdx,4),%edx
 0x85,0xd2,# test   %edx,%edx
 0x74,0xbf,# je     400850 <psum+0x50>
 0x0f,0x1f,0x80,0x00,0x00,0x00,0x00,# nopl   0x0(%rax)
 0x83,0xc6,0x01,# add    $0x1,%esi
 0x48,0x63,0xd6,# movslq %esi,%rdx
 0x8b,0x54,0x94,0x88,# mov    -0x78(%rsp,%rdx,4),%edx
 0xeb,0xe9,# jmp    40088d <psum+0x8d>
 0x48,0x81,0xc4,0xa0,0x7c,0x03,0x00,# add    $0x37ca0,%rsp
 0xc3,# retq
 0x90,# nop
 0x90,# nop
 0x90,# nop
 0x90,# nop
 ]

 x86 = [
 0x55,# push   %ebp
 0x89,0xe5,# mov    %esp,%ebp
 0x57,# push   %edi
 0x56,# push   %esi
 0x53,# push   %ebx
 0x81,0xec,0x18,0x7d,0x03,0x00,# sub    $0x37d18,%esp
 0x8d,0x85,0xf0,0x82,0xfc,0xff,# lea    -0x37d10(%ebp),%eax
 0x8d,0xb6,0x00,0x00,0x00,0x00,# lea    0x0(%esi),%esi
 0xc7,0x00,0x00,0x00,0x00,0x00,# movl   $0x0,(%eax)
 0x8d,0x55,0xf4,# lea    -0xc(%ebp),%edx
 0x83,0xc0,0x04,# add    $0x4,%eax
 0x39,0xd0,# cmp    %edx,%eax
 0x75,0xf0,# jne    8048578 <psum+0x18>
 0x8b,0x85,0xf4,0x82,0xfc,0xff,# mov    -0x37d0c(%ebp),%eax
 0xbf,0x01,0x00,0x00,0x00,# mov    $0x1,%edi
 0xc7,0x85,0xdc,0x82,0xfc,0xff,0x02,# movl   $0x2,-0x37d24(%ebp)
 0x00,0x00,0x00,#
 0xc7,0x85,0xe0,0x82,0xfc,0xff,0x01,# movl   $0x1,-0x37d20(%ebp)
 0x00,0x00,0x00,#
 0x85,0xc0,# test   %eax,%eax
 0x75,0x5d,# jne    8048608 <psum+0xa8>
 0x90,# nop
 0x8d,0x74,0x26,0x00,# lea    0x0(%esi),%esi
 0x8d,0x04,0x3f,# lea    (%edi,%edi,1),%eax
 0x8d,0x58,0x01,# lea    0x1(%eax),%ebx
 0x83,0x85,0xe0,0x82,0xfc,0xff,0x01,# addl   $0x1,-0x37d20(%ebp)
 0x8b,0x55,0x08,# mov    0x8(%ebp),%edx
 0x01,0x9d,0xdc,0x82,0xfc,0xff,# add    %ebx,-0x37d24(%ebp)
 0x39,0x95,0xe0,0x82,0xfc,0xff,# cmp    %edx,-0x37d20(%ebp)
 0x7d,0x46,# jge    8048614 <psum+0xb4>
 0x81,0xff,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%edi
 0x7f,0xe0,# jg     80485b6 <psum+0x56>
 0x8d,0x4c,0x07,0x01,# lea    0x1(%edi,%eax,1),%ecx
 0x8d,0x34,0x9d,0x00,0x00,0x00,0x00,# lea    0x0(,%ebx,4),%esi
 0x8d,0x94,0xbd,0xf0,0x82,0xfc,0xff,# lea    -0x37d10(%ebp,%edi,4),%edx
 0x01,0xd9,# add    %ebx,%ecx
 0x89,0xc8,# mov    %ecx,%eax
 0x29,0xd8,# sub    %ebx,%eax
 0xc7,0x02,0x01,0x00,0x00,0x00,# movl   $0x1,(%edx)
 0x01,0xf2,# add    %esi,%edx
 0x3d,0x40,0xdf,0x00,0x00,# cmp    $0xdf40,%eax
 0x7e,0xeb,# jle    80485e8 <psum+0x88>
 0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov    -0x37d10(%ebp,%edi,4),%eax
 0x85,0xc0,# test   %eax,%eax
 0x74,0xa8,# je     80485b0 <psum+0x50>
 0x83,0xc7,0x01,# add    $0x1,%edi
 0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov    -0x37d10(%ebp,%edi,4),%eax
 0xeb,0xf0,# jmp    8048604 <psum+0xa4>
 0x8b,0x85,0xdc,0x82,0xfc,0xff,# mov    -0x37d24(%ebp),%eax
 0x81,0xc4,0x18,0x7d,0x03,0x00,# add    $0x37d18,%esp
 0x5b,# pop    %ebx
 0x5e,# pop    %esi
 0x5f,# pop    %edi
 0x5d,# pop    %ebp
 0xc3,# ret
 0x8d,0x74,0x26,0x00,# lea    0x0(%esi),%esi
 0x8d,0xbc,0x27,0x00,0x00,0x00,0x00,# lea    0x0(%edi),%edi
 ]

 if sizeof(c_long) == 8:
    code = create_string_buffer(''.join(map(chr, x86_64)))
 else:
    code = create_string_buffer(''.join(map(chr, x86)))

 ps=pythonapi.getpagesize()
 pythonapi.mprotect.restype = c_int
 pythonapi.mprotect.argtypes = (c_void_p, c_size_t, c_int)
 if pythonapi.mprotect(~(ps-1)&addressof(code), ps, 7) < 0:
    print "mprotect error"
    exit()
 print cast(code, CFUNCTYPE(c_int, c_int))(10000)
	#!/usr/bin/python
	from ctypes import *

	x86_64 = [
	0x48,0x81,0xec,0xa0,0x7c,0x03,0x00,# sub $0x37ca0,%rsp
	0x66,0x0f,0xef,0xc0,# pxor %xmm0,%xmm0
	0x48,0x8d,0x44,0x24,0x88,# lea -0x78(%rsp),%rax
	0x48,0x8d,0x94,0x24,0x88,0x7c,0x03,# lea 0x37c88(%rsp),%rdx
	0x00,#
	0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,# nopl 0x0(%rax,%rax,1)
	0x00,#
	0x66,0x0f,0x7f,0x00,# movdqa %xmm0,(%rax)
	0x48,0x83,0xc0,0x10,# add $0x10,%rax
	0x48,0x39,0xd0,# cmp %rdx,%rax
	0x75,0xf3,# jne 400820 <psum+0x20>
	0x8b,0x54,0x24,0x8c,# mov -0x74(%rsp),%edx
	0xc7,0x84,0x24,0x88,0x7c,0x03,0x00,# movl $0x0,0x37c88(%rsp)
	0x00,0x00,0x00,0x00,#
	0x41,0xb8,0x01,0x00,0x00,0x00,# mov $0x1,%r8d
	0xbe,0x01,0x00,0x00,0x00,# mov $0x1,%esi
	0xb8,0x02,0x00,0x00,0x00,# mov $0x2,%eax
	0x85,0xd2,# test %edx,%edx
	0x75,0x48,# jne 400898 <psum+0x98>
	0x44,0x8d,0x4c,0x36,0x01,# lea 0x1(%rsi,%rsi,1),%r9d
	0x41,0x83,0xc0,0x01,# add $0x1,%r8d
	0x44,0x01,0xc8,# add %r9d,%eax
	0x41,0x39,0xf8,# cmp %edi,%r8d
	0x7d,0x43,# jge 4008a4 <psum+0xa4>
	0x81,0xfe,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%esi
	0x7f,0xec,# jg 400855 <psum+0x55>
	0x89,0xf2,# mov %esi,%edx
	0x0f,0x1f,0x44,0x00,0x00,# nopl 0x0(%rax,%rax,1)
	0x48,0x63,0xca,# movslq %edx,%rcx
	0x44,0x01,0xca,# add %r9d,%edx
	0x81,0xfa,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%edx
	0xc7,0x44,0x8c,0x88,0x01,0x00,0x00,# movl $0x1,-0x78(%rsp,%rcx,4)
	0x00,#
	0x7e,0xea,# jle 400870 <psum+0x70>
	0x48,0x63,0xd6,# movslq %esi,%rdx
	0x8b,0x54,0x94,0x88,# mov -0x78(%rsp,%rdx,4),%edx
	0x85,0xd2,# test %edx,%edx
	0x74,0xbf,# je 400850 <psum+0x50>
	0x0f,0x1f,0x80,0x00,0x00,0x00,0x00,# nopl 0x0(%rax)
	0x83,0xc6,0x01,# add $0x1,%esi
	0x48,0x63,0xd6,# movslq %esi,%rdx
	0x8b,0x54,0x94,0x88,# mov -0x78(%rsp,%rdx,4),%edx
	0xeb,0xe9,# jmp 40088d <psum+0x8d>
	0x48,0x81,0xc4,0xa0,0x7c,0x03,0x00,# add $0x37ca0,%rsp
	0xc3,# retq
	0x90,# nop
	0x90,# nop
	0x90,# nop
	0x90,# nop
	]

	x86 = [
	0x55,# push %ebp
	0x89,0xe5,# mov %esp,%ebp
	0x57,# push %edi
	0x56,# push %esi
	0x53,# push %ebx
	0x81,0xec,0x18,0x7d,0x03,0x00,# sub $0x37d18,%esp
	0x8d,0x85,0xf0,0x82,0xfc,0xff,# lea -0x37d10(%ebp),%eax
	0x8d,0xb6,0x00,0x00,0x00,0x00,# lea 0x0(%esi),%esi
	0xc7,0x00,0x00,0x00,0x00,0x00,# movl $0x0,(%eax)
	0x8d,0x55,0xf4,# lea -0xc(%ebp),%edx
	0x83,0xc0,0x04,# add $0x4,%eax
	0x39,0xd0,# cmp %edx,%eax
	0x75,0xf0,# jne 8048578 <psum+0x18>
	0x8b,0x85,0xf4,0x82,0xfc,0xff,# mov -0x37d0c(%ebp),%eax
	0xbf,0x01,0x00,0x00,0x00,# mov $0x1,%edi
	0xc7,0x85,0xdc,0x82,0xfc,0xff,0x02,# movl $0x2,-0x37d24(%ebp)
	0x00,0x00,0x00,#
	0xc7,0x85,0xe0,0x82,0xfc,0xff,0x01,# movl $0x1,-0x37d20(%ebp)
	0x00,0x00,0x00,#
	0x85,0xc0,# test %eax,%eax
	0x75,0x5d,# jne 8048608 <psum+0xa8>
	0x90,# nop
	0x8d,0x74,0x26,0x00,# lea 0x0(%esi),%esi
	0x8d,0x04,0x3f,# lea (%edi,%edi,1),%eax
	0x8d,0x58,0x01,# lea 0x1(%eax),%ebx
	0x83,0x85,0xe0,0x82,0xfc,0xff,0x01,# addl $0x1,-0x37d20(%ebp)
	0x8b,0x55,0x08,# mov 0x8(%ebp),%edx
	0x01,0x9d,0xdc,0x82,0xfc,0xff,# add %ebx,-0x37d24(%ebp)
	0x39,0x95,0xe0,0x82,0xfc,0xff,# cmp %edx,-0x37d20(%ebp)
	0x7d,0x46,# jge 8048614 <psum+0xb4>
	0x81,0xff,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%edi
	0x7f,0xe0,# jg 80485b6 <psum+0x56>
	0x8d,0x4c,0x07,0x01,# lea 0x1(%edi,%eax,1),%ecx
	0x8d,0x34,0x9d,0x00,0x00,0x00,0x00,# lea 0x0(,%ebx,4),%esi
	0x8d,0x94,0xbd,0xf0,0x82,0xfc,0xff,# lea -0x37d10(%ebp,%edi,4),%edx
	0x01,0xd9,# add %ebx,%ecx
	0x89,0xc8,# mov %ecx,%eax
	0x29,0xd8,# sub %ebx,%eax
	0xc7,0x02,0x01,0x00,0x00,0x00,# movl $0x1,(%edx)
	0x01,0xf2,# add %esi,%edx
	0x3d,0x40,0xdf,0x00,0x00,# cmp $0xdf40,%eax
	0x7e,0xeb,# jle 80485e8 <psum+0x88>
	0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov -0x37d10(%ebp,%edi,4),%eax
	0x85,0xc0,# test %eax,%eax
	0x74,0xa8,# je 80485b0 <psum+0x50>
	0x83,0xc7,0x01,# add $0x1,%edi
	0x8b,0x84,0xbd,0xf0,0x82,0xfc,0xff,# mov -0x37d10(%ebp,%edi,4),%eax
	0xeb,0xf0,# jmp 8048604 <psum+0xa4>
	0x8b,0x85,0xdc,0x82,0xfc,0xff,# mov -0x37d24(%ebp),%eax
	0x81,0xc4,0x18,0x7d,0x03,0x00,# add $0x37d18,%esp
	0x5b,# pop %ebx
	0x5e,# pop %esi
	0x5f,# pop %edi
	0x5d,# pop %ebp
	0xc3,# ret
	0x8d,0x74,0x26,0x00,# lea 0x0(%esi),%esi
	0x8d,0xbc,0x27,0x00,0x00,0x00,0x00,# lea 0x0(%edi),%edi
	]

	if sizeof(c_long) == 8:
	code = create_string_buffer(''.join(map(chr, x86_64)))
	else:
	code = create_string_buffer(''.join(map(chr, x86)))

	ps=pythonapi.getpagesize()
	pythonapi.mprotect.restype = c_int
	pythonapi.mprotect.argtypes = (c_void_p, c_size_t, c_int)
	if pythonapi.mprotect(~(ps-1)&addressof(code), ps, 7) < 0:
	print "mprotect error"
	exit()
	print cast(code, CFUNCTYPE(c_int, c_int))(10000)