Skip to content

标题: 字节流与UUID互转的Python实现

创建: 2021-11-12 12:29 更新: 2021-11-12 14:57 链接: https://scz.617.cn/python/202111121229.txt

假设内存数据如下

db poi(poi(@rdx))+4 l 0x10 00007fff`84893914 01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29 .kwEVY.D...(...)

不考虑"dt ntdll!_GUID",可用如下Python脚本转成

{45776b01-5956-4485-9f80-f428f7d60129}


x = '01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29' x = x.replace( '-', '' ).replace( ' ', '' ) y = x[0:8] x0 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) y = x[8:12] x1 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) y = x[12:16] x2 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) x3 = x[16:20] x4 = x[20:] print( x0 + '-' + x1 + '-' + x2 + '-' + x3 + '-' + x4 )


上面的办法蠢透了,bluerust演示了uuid模块的正确用法


import uuid x = '01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29' x = bytes.fromhex( x.replace( '-', '' ).replace( ' ', '' ) ) print( uuid.UUID( bytes_le=x ) )


之前测过Python的uuid模块,测过bytes,bytes什么都没转,完全是顺序的,想当然 地以为bytes_le是整体逆序,那没意义啊,谁知它实际上符合预期。没认真看文档, 也没认真实测。

已知UUID,将之转换成两个64位整数,windbg条件断点用得上


x = '45776b01-5956-4485-9f80-f428f7d60129' x = x.replace( '-', '' ) y = x[16:] print( x[12:16] + x[8:12] + x[0:8] ) print( ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) )


$ python3 -c "import sys;x=sys.argv[1].replace('-','');y=x[16:];print(x[12:16]+x[8:12]+x[0:8]);print(''.join(map(str.add,y[-2::-2],y[-1::-2])))" 45776b01-5956-4485-9f80-f428f7d60129 4485595645776b01 2901d6f728f4809f

下面是uuid模块的正确用法


import uuid x = '45776b01-5956-4485-9f80-f428f7d60129' x = x.replace( '-', '' ) x = uuid.UUID( x ).bytes_le.hex() x = ''.join( map( str.add, x[-2::-2], x[-1::-2] ) ) print( x[16:] ) print( x[0:16] )


4485595645776b01 2901d6f728f4809f

bluerust就字节流转64位整数又给了另外几种实现


import uuid, hexdump x = '45776b01-5956-4485-9f80-f428f7d60129' y = uuid.UUID( x ).bytes_le z1 = int.from_bytes( y[:8], byteorder='little' ) z2 = int.from_bytes( y[8:], byteorder='little' ) hexdump.hexdump( y ) print( '%#x, %#x' % (z1, z2 ) )


import uuid, hexdump x = '45776b01-5956-4485-9f80-f428f7d60129' y = uuid.UUID( x ).bytes_le z = [ y[i:i+8] for i in range( 0, len( y ), 8 ) ] zz = [ '%#x' % int.from_bytes( x, byteorder='little' ) for x in z ] hexdump.hexdump( y ) print( zz )


最后一种实现可以处理更长的字节流,虽然UUID就是128位,对UUID没啥意义,但确 实有长字节流转64位整数的需求,最后一种可用。