标题: 字节流与UUID互转的Python实现
创建: 2021-11-12 12:29 更新: 2021-11-12 14:57 链接: https://scz.617.cn/python/202111121229.txt
假设内存数据如下
db poi(poi(@rdx))+4 l 0x10 00007fff`84893914 01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29 .kwEVY.D...(...)
不考虑"dt ntdll!_GUID",可用如下Python脚本转成
{45776b01-5956-4485-9f80-f428f7d60129}
x = '01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29' x = x.replace( '-', '' ).replace( ' ', '' ) y = x[0:8] x0 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) y = x[8:12] x1 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) y = x[12:16] x2 = ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) x3 = x[16:20] x4 = x[20:] print( x0 + '-' + x1 + '-' + x2 + '-' + x3 + '-' + x4 )
上面的办法蠢透了,bluerust演示了uuid模块的正确用法
import uuid x = '01 6b 77 45 56 59 85 44-9f 80 f4 28 f7 d6 01 29' x = bytes.fromhex( x.replace( '-', '' ).replace( ' ', '' ) ) print( uuid.UUID( bytes_le=x ) )
之前测过Python的uuid模块,测过bytes,bytes什么都没转,完全是顺序的,想当然 地以为bytes_le是整体逆序,那没意义啊,谁知它实际上符合预期。没认真看文档, 也没认真实测。
已知UUID,将之转换成两个64位整数,windbg条件断点用得上
x = '45776b01-5956-4485-9f80-f428f7d60129' x = x.replace( '-', '' ) y = x[16:] print( x[12:16] + x[8:12] + x[0:8] ) print( ''.join( map( str.add, y[-2::-2], y[-1::-2] ) ) )
$ python3 -c "import sys;x=sys.argv[1].replace('-','');y=x[16:];print(x[12:16]+x[8:12]+x[0:8]);print(''.join(map(str.add,y[-2::-2],y[-1::-2])))" 45776b01-5956-4485-9f80-f428f7d60129 4485595645776b01 2901d6f728f4809f
下面是uuid模块的正确用法
import uuid x = '45776b01-5956-4485-9f80-f428f7d60129' x = x.replace( '-', '' ) x = uuid.UUID( x ).bytes_le.hex() x = ''.join( map( str.add, x[-2::-2], x[-1::-2] ) ) print( x[16:] ) print( x[0:16] )
4485595645776b01 2901d6f728f4809f
bluerust就字节流转64位整数又给了另外几种实现
import uuid, hexdump x = '45776b01-5956-4485-9f80-f428f7d60129' y = uuid.UUID( x ).bytes_le z1 = int.from_bytes( y[:8], byteorder='little' ) z2 = int.from_bytes( y[8:], byteorder='little' ) hexdump.hexdump( y ) print( '%#x, %#x' % (z1, z2 ) )
import uuid, hexdump x = '45776b01-5956-4485-9f80-f428f7d60129' y = uuid.UUID( x ).bytes_le z = [ y[i:i+8] for i in range( 0, len( y ), 8 ) ] zz = [ '%#x' % int.from_bytes( x, byteorder='little' ) for x in z ] hexdump.hexdump( y ) print( zz )
最后一种实现可以处理更长的字节流,虽然UUID就是128位,对UUID没啥意义,但确 实有长字节流转64位整数的需求,最后一种可用。