diff options
| author | Camille Mougey <camille.mougey@cea.fr> | 2015-01-22 17:59:11 +0100 |
|---|---|---|
| committer | Camille Mougey <camille.mougey@cea.fr> | 2015-01-23 17:24:43 +0100 |
| commit | 8b9047402913c46a545aadeea10fce1011ddd6bd (patch) | |
| tree | ef3f66c76e5f46096b0d26d92e08b3fe3b856629 | |
| parent | 9bec8ef1242d03a791014d71eaf896fc11def3fa (diff) | |
| download | focaccia-miasm-8b9047402913c46a545aadeea10fce1011ddd6bd.tar.gz focaccia-miasm-8b9047402913c46a545aadeea10fce1011ddd6bd.zip | |
Example/ASM: Avoid duplicating code by using a common script shellcode.py
| -rw-r--r-- | example/asm/arm.py | 82 | ||||
| -rw-r--r-- | example/asm/armt.py | 90 | ||||
| -rw-r--r-- | example/asm/box_x86_32.py | 61 | ||||
| -rw-r--r-- | example/asm/box_x86_32_enc.py | 104 | ||||
| -rw-r--r-- | example/asm/mips32.py | 67 | ||||
| -rw-r--r-- | example/asm/msp430_sc.py | 52 | ||||
| -rw-r--r-- | example/asm/shellcode.py | 110 | ||||
| -rw-r--r-- | example/asm/x86.py | 88 | ||||
| -rw-r--r-- | test/test_all.py | 103 |
9 files changed, 171 insertions, 586 deletions
diff --git a/example/asm/arm.py b/example/asm/arm.py deleted file mode 100644 index 28af59fb..00000000 --- a/example/asm/arm.py +++ /dev/null @@ -1,82 +0,0 @@ -#! /usr/bin/env python -from elfesteem.strpatchwork import StrPatchwork - -from miasm2.core.cpu import parse_ast -from miasm2.arch.arm.arch import mn_arm, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr -from miasm2.core import asmbloc - -my_mn = mn_arm - -reg_and_id = dict(mn_arm.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - -txt = ''' -main: - STMFD SP!, {R4, R5, LR} - MOV R0, mystr & 0xffff - ORR R0, R0, mystr & 0xffff0000 - MOV R4, R0 - MOV R1, mystrend & 0xffff - ORR R1, R1, mystrend & 0xffff0000 -xxx: - LDRB R2, [PC, key-$] -loop: - LDRB R3, [R0] - EOR R3, R3, R2 - STRB R3, [R0], 1 - CMP R0, R1 - BNE loop -end: - MOV R0, R4 - LDMFD SP!, {R4, R5, PC} -key: -.byte 0x11 -mystr: -.string "test string" -mystrend: -.long 0 -''' - -blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) -blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt) - - -# fix shellcode addr -symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0x0) -symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0x0) - -# graph sc#### -g = asmbloc.bloc2graph(blocs_l[0]) -open("graph.txt", "w").write(g) - -s_b = StrPatchwork() -s_l = StrPatchwork() - -print "symbols" -print symbol_pool_l -# dont erase from start to shell code padading -resolved_b, patches_b = asmbloc.asm_resolve_final( - my_mn, blocs_b[0], symbol_pool_b) -resolved_l, patches_l = asmbloc.asm_resolve_final( - my_mn, blocs_l[0], symbol_pool_l) -print patches_b - -for offset, raw in patches_b.items(): - s_b[offset] = raw -for offset, raw in patches_l.items(): - s_l[offset] = raw - -open('demo_arm_b.bin', 'w').write(str(s_b)) -open('demo_arm_l.bin', 'w').write(str(s_l)) diff --git a/example/asm/armt.py b/example/asm/armt.py deleted file mode 100644 index f4ce6d2d..00000000 --- a/example/asm/armt.py +++ /dev/null @@ -1,90 +0,0 @@ -#! /usr/bin/env python - -from pdb import pm - -from elfesteem.strpatchwork import StrPatchwork - -from miasm2.core.cpu import parse_ast -from miasm2.arch.arm.arch import mn_armt, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr -from miasm2.core import asmbloc - -my_mn = mn_armt - -reg_and_id = dict(mn_armt.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - -txt = ''' -memcpy: - PUSH {R0-R3, LR} - B test_end -loop: - LDRB R3, [R1] - STRB R3, [R0] - ADDS R0, R0, 1 - ADDS R1, R1, 1 - SUBS R2, R2, 1 -test_end: - CMP R2, 0 - BNE loop - POP {R0-R3, PC} -main: - PUSH {LR} - SUB SP, 0x100 - MOV R0, SP - ADD R1, PC, mystr-$+6 - MOV R0, R0 - EORS R2, R2 - ADDS R2, R2, 0x4 - BL memcpy - ADD SP, 0x100 - POP {PC} - -mystr: -.string "toto" -''' - -blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) -blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt) - -# fix shellcode addr -symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0) -symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0) - -# graph sc#### -g = asmbloc.bloc2graph(blocs_b[0]) -open("graph.txt", "w").write(g) - -s_b = StrPatchwork() -s_l = StrPatchwork() - -print "symbols" -print symbol_pool_b -# dont erase from start to shell code padading -resolved_b, patches_b = asmbloc.asm_resolve_final( - my_mn, blocs_b[0], symbol_pool_b) -resolved__l, patches_l = asmbloc.asm_resolve_final( - my_mn, blocs_l[0], symbol_pool_l) -print patches_b -print patches_l - - - -for offset, raw in patches_b.items(): - s_b[offset] = raw -for offset, raw in patches_l.items(): - s_l[offset] = raw - -open('demo_armt_b.bin', 'wb').write(str(s_b)) -open('demo_armt_l.bin', 'wb').write(str(s_l)) diff --git a/example/asm/box_x86_32.py b/example/asm/box_x86_32.py deleted file mode 100644 index def7af99..00000000 --- a/example/asm/box_x86_32.py +++ /dev/null @@ -1,61 +0,0 @@ -#! /usr/bin/env python -from argparse import ArgumentParser -from pdb import pm - -from elfesteem import pe_init - -from miasm2.core.cpu import parse_ast -from miasm2.arch.x86.arch import mn_x86, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr -from miasm2.core import asmbloc - -parser = ArgumentParser("x86 32bits assembler") -parser.add_argument("source", help="Source to assemble") -args = parser.parse_args() - -pe = pe_init.PE() -s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000) -s_iat = pe.SHList.add_section(name="iat", rawsize=0x100) -new_dll = [({"name": "USER32.dll", - "firstthunk": s_iat.addr}, ["MessageBoxA"])] -pe.DirImport.add_dlldesc(new_dll) -s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport)) -pe.DirImport.set_rva(s_myimp.addr) - -reg_and_id = dict(mn_x86.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - -with open(args.source) as fstream: - source = fstream.read() - -blocs, symbol_pool = parse_asm.parse_txt(mn_x86, 32, source) - -# fix shellcode addr -symbol_pool.set_offset(symbol_pool.getby_name("main"), pe.rva2virt(s_text.addr)) -symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"), - pe.DirImport.get_funcvirt('MessageBoxA')) -pe.Opthdr.AddressOfEntryPoint = s_text.addr - -for bloc in blocs[0]: - print bloc - -resolved_b, patches = asmbloc.asm_resolve_final( - mn_x86, blocs[0], symbol_pool) -print patches - -for offset, raw in patches.items(): - pe.virt[offset] = raw - -output = args.source.replace(".S", ".bin") -open(output, 'wb').write(str(pe)) diff --git a/example/asm/box_x86_32_enc.py b/example/asm/box_x86_32_enc.py deleted file mode 100644 index ec4d70ea..00000000 --- a/example/asm/box_x86_32_enc.py +++ /dev/null @@ -1,104 +0,0 @@ -#! /usr/bin/env python -from pdb import pm - -from elfesteem import pe_init - -from miasm2.core import asmbloc -from miasm2.core.cpu import parse_ast -from miasm2.arch.x86.arch import mn_x86, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr - -pe = pe_init.PE() -s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000) -s_iat = pe.SHList.add_section(name="iat", rawsize=0x100) -new_dll = [({"name": "USER32.dll", - "firstthunk": s_iat.addr}, ["MessageBoxA"])] -pe.DirImport.add_dlldesc(new_dll) -s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport)) -pe.DirImport.set_rva(s_myimp.addr) - -reg_and_id = dict(mn_x86.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - -blocs, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' -main: - CALL cipher_code - CALL msgbox_encrypted_start - CALL cipher_code - RET - -cipher_code: - PUSH EBP - MOV EBP, ESP - - LEA ESI, DWORD PTR [msgbox_encrypted_start] - LEA EDI, DWORD PTR [msgbox_encrypted_stop] - -loop: - XOR BYTE PTR [ESI], 0x42 - INC ESI - CMP ESI, EDI - JBE loop - - MOV ESP, EBP - POP EBP - RET - -msgbox_encrypted_start: - PUSH 0 - PUSH title - PUSH msg - PUSH 0 - CALL DWORD PTR [ MessageBoxA ] - RET -.dontsplit -msgbox_encrypted_stop: -.long 0 - -title: -.string "Hello!" -msg: -.string "World!" -''') - - -# fix shellcode addr -symbol_pool.set_offset(symbol_pool.getby_name("main"), pe.rva2virt(s_text.addr)) -symbol_pool.set_offset(symbol_pool.getby_name_create( - "MessageBoxA"), pe.DirImport.get_funcvirt('MessageBoxA')) -pe.Opthdr.AddressOfEntryPoint = s_text.addr - -for b in blocs[0]: - print b - -print "symbols" -print symbol_pool - -resolved_b, patches = asmbloc.asm_resolve_final( - mn_x86, blocs[0], symbol_pool) -print patches - -ad_start = symbol_pool.getby_name_create("msgbox_encrypted_start").offset -ad_stop = symbol_pool.getby_name_create("msgbox_encrypted_stop").offset - -# cipher code -new_patches = dict(patches) -for ad, val in patches.items(): - if ad_start <= ad < ad_stop: - new_patches[ad] = "".join([chr(ord(x) ^ 0x42) for x in val]) - -for offset, raw in new_patches.items(): - pe.virt[offset] = raw - -open('box_x86_32_enc.bin', 'wb').write(str(pe)) diff --git a/example/asm/mips32.py b/example/asm/mips32.py deleted file mode 100644 index fc050f1f..00000000 --- a/example/asm/mips32.py +++ /dev/null @@ -1,67 +0,0 @@ -#! /usr/bin/env python -from pdb import pm - -from elfesteem.strpatchwork import StrPatchwork - -from miasm2.core.cpu import parse_ast -from miasm2.arch.mips32.arch import mn_mips32, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr -from miasm2.core import asmbloc - -reg_and_id = dict(mn_mips32.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - - -st_l = StrPatchwork() -st_b = StrPatchwork() - -txt = ''' -main: - ADDIU A0, ZERO, 0x10 - ADDIU A1, ZERO, 0 -loop: - ADDIU A1, A1, 0x1 - BNE A0, ZERO, loop - ADDIU A0, A0, 0xFFFFFFFF - - ADDIU A2, A2, 0x1 - MOVN A1, ZERO, ZERO - JR RA - ADDIU A2, A2, 0x1 -''' - -blocs_b, symbol_pool_b = parse_asm.parse_txt(mn_mips32, "b", txt) -blocs_l, symbol_pool_l = parse_asm.parse_txt(mn_mips32, "l", txt) - -# fix shellcode addr -symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0) -symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0) - -for b in blocs_b[0]: - print b - -resolved_b, patches_b = asmbloc.asm_resolve_final( - mn_mips32, blocs_b[0], symbol_pool_b) -resolved_l, patches_l = asmbloc.asm_resolve_final( - mn_mips32, blocs_l[0], symbol_pool_l) -print patches_b -print patches_l - -for offset, raw in patches_b.items(): - st_b[offset] = raw -for offset, raw in patches_l.items(): - st_l[offset] = raw - -open('mips32_sc_b.bin', 'wb').write(str(st_l)) -open('mips32_sc_l.bin', 'wb').write(str(st_l)) diff --git a/example/asm/msp430_sc.py b/example/asm/msp430_sc.py deleted file mode 100644 index de488803..00000000 --- a/example/asm/msp430_sc.py +++ /dev/null @@ -1,52 +0,0 @@ -#! /usr/bin/env python -from pdb import pm - -from elfesteem.strpatchwork import StrPatchwork - -from miasm2.core import asmbloc -from miasm2.core.cpu import parse_ast -from miasm2.arch.msp430.arch import mn_msp430, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr - -reg_and_id = dict(mn_msp430.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - - -st = StrPatchwork() - -blocs, symbol_pool = parse_asm.parse_txt(mn_msp430, None, ''' -main: - mov.w 0x10, R10 - mov.w 0x0, R11 -loop: - add.w 1, R11 - sub.w 1, R10 - jnz loop - mov.w @SP+, PC -''') - -# fix shellcode addr -symbol_pool.set_offset(symbol_pool.getby_name("main"), 0) - -for b in blocs[0]: - print b - -resolved_b, patches = asmbloc.asm_resolve_final( - mn_msp430, blocs[0], symbol_pool) -print patches - -for offset, raw in patches.items(): - st[offset] = raw - -open('msp430_sc.bin', 'wb').write(str(st)) diff --git a/example/asm/shellcode.py b/example/asm/shellcode.py new file mode 100644 index 00000000..89914b6d --- /dev/null +++ b/example/asm/shellcode.py @@ -0,0 +1,110 @@ +#! /usr/bin/env python +from argparse import ArgumentParser +from pdb import pm + +from elfesteem import pe_init +from elfesteem.strpatchwork import StrPatchwork + +from miasm2.core.cpu import parse_ast +from miasm2.core import parse_asm, asmbloc +import miasm2.expression.expression as m2_expr +from miasm2.analysis.machine import Machine + +parser = ArgumentParser("Multi-arch (32 bits) assembler") +parser.add_argument('architecture', help="architecture: " + \ + ",".join(Machine.available_machine())) +parser.add_argument("source", help="Source file to assemble") +parser.add_argument("output", help="Output file") +parser.add_argument("--PE", help="Create a PE with a few imports", + action="store_true") +parser.add_argument("-e", "--encrypt", + help="Encrypt the code between <label_start> <label_stop>", + nargs=2) +args = parser.parse_args() + +# Get architecture-dependent parameters +machine = Machine(args.architecture) +try: + attrib = machine.dis_engine.attrib + size = int(attrib) +except AttributeError: + attrib = None + size = 32 +except ValueError: + size = 32 +reg_and_id = dict(machine.mn.regs.all_regs_ids_byname) +base_expr = machine.base_expr + +# Output format +if args.PE: + pe = pe_init.PE(wsize=size) + s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000) + s_iat = pe.SHList.add_section(name="iat", rawsize=0x100) + new_dll = [({"name": "USER32.dll", + "firstthunk": s_iat.addr}, ["MessageBoxA"])] + pe.DirImport.add_dlldesc(new_dll) + s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport)) + pe.DirImport.set_rva(s_myimp.addr) + pe.Opthdr.AddressOfEntryPoint = s_text.addr + + addr_main = pe.rva2virt(s_text.addr) + virt = pe.virt + output = pe + +else: + st = StrPatchwork() + + addr_main = 0 + virt = st + output = st + +# Fix the AST parser +def my_ast_int2expr(a): + return m2_expr.ExprInt_fromsize(size, a) + +def my_ast_id2expr(t): + return reg_and_id.get(t, m2_expr.ExprId(t, size=size)) + +my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) +base_expr.setParseAction(my_var_parser) + +# Get and parse the source code +with open(args.source) as fstream: + source = fstream.read() + +blocs, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source) + +# Fix shellcode addrs +symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main) + +if args.PE: + symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"), + pe.DirImport.get_funcvirt('MessageBoxA')) + +# Print and graph firsts blocs before patching it +for bloc in blocs[0]: + print bloc +graph = asmbloc.bloc2graph(blocs[0]) +open("graph.txt", "w").write(graph) + +# Apply patches +resolved_b, patches = asmbloc.asm_resolve_final(machine.mn, + blocs[0], + symbol_pool) +if args.encrypt: + # Encrypt code + ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset + ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset + + new_patches = dict(patches) + for ad, val in patches.items(): + if ad_start <= ad < ad_stop: + new_patches[ad] = "".join([chr(ord(x) ^ 0x42) for x in val]) + patches = new_patches + +print patches +for offset, raw in patches.items(): + virt[offset] = raw + +# Produce output +open(args.output, 'wb').write(str(output)) diff --git a/example/asm/x86.py b/example/asm/x86.py deleted file mode 100644 index d877ceaa..00000000 --- a/example/asm/x86.py +++ /dev/null @@ -1,88 +0,0 @@ -#! /usr/bin/env python - -from miasm2.core.cpu import parse_ast -from miasm2.arch.x86.arch import mn_x86, base_expr -from miasm2.core import parse_asm -import miasm2.expression.expression as m2_expr -from miasm2.core import asmbloc -from elfesteem.strpatchwork import StrPatchwork - -reg_and_id = dict(mn_x86.regs.all_regs_ids_byname) - - -def my_ast_int2expr(a): - return m2_expr.ExprInt32(a) - - -def my_ast_id2expr(t): - return reg_and_id.get(t, m2_expr.ExprId(t, size=32)) - -my_var_parser = parse_ast(my_ast_id2expr, my_ast_int2expr) -base_expr.setParseAction(my_var_parser) - -blocs, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' -main: - PUSH EBP - MOV EBP, ESP - SUB ESP, 0x100 - MOV EAX, 0x1337 - ; test ptr manip - LEA ESI, DWORD PTR [mystr^toto] - CALL toto -mystr: -.string "test string" - toto: - POP EDI - - PUSH EDI - ; test scasb - XOR EAX, EAX - XOR ECX, ECX - DEC ECX - REPNE SCASB - NOT ECX - DEC ECX - - ; test movsb - POP ESI - LEA EDI, DWORD PTR [EBP-0x100] - REPE MOVSB - - ; test float - PUSH 0 - FLD1 - FLD1 - FADD ST, ST(1) - FIST DWORD PTR [ESP] - POP EAX - - ; test cond mnemo - NOP - NOP - CMOVZ EAX, EBX - ; test shr - NOP - SHR EAX, 1 - NOP - NOP - SHR EAX, CL - NOP - - MOV ESP, EBP - POP EBP - RET - - -''') - -# fix shellcode addr -symbol_pool.set_offset(symbol_pool.getby_name("main"), 0x0) -s = StrPatchwork() -resolved_b, patches = asmbloc.asm_resolve_final( - mn_x86, blocs[0], symbol_pool) -for offset, raw in patches.items(): - s[offset] = raw - -print patches - -open('demo_x86_32.bin', 'wb').write(str(s)) diff --git a/test/test_all.py b/test/test_all.py index 65172a2d..38793b9b 100644 --- a/test/test_all.py +++ b/test/test_all.py @@ -108,32 +108,52 @@ class ExampleAssembler(ExampleDir): """ example_dir = "asm" +class ExampleShellcode(Example): + """Specificities: + - script: asm/shellcode.py + - @products: graph.txt + 3rd arg + - apply get_sample on each products (!= graph.txt) + - apply get_sample on the 2nd and 3rd arg (source, output) + """ + + def __init__(self, *args, **kwargs): + super(ExampleShellcode, self).__init__(*args, **kwargs) + self.command_line = [os.path.join(ExampleAssembler.example_dir, + "shellcode.py"), + self.command_line[0]] + \ + map(Example.get_sample, self.command_line[1:3]) + \ + self.command_line[3:] + self.products = [self.command_line[3], "graph.txt"] + + +testset += ExampleShellcode(['x86_32', 'x86_32_manip_ptr.S', "demo_x86_32.bin"]) -testset += ExampleAssembler(['x86.py'], products=["demo_x86_32.bin"]) -test_arm = ExampleAssembler(["arm.py"], - products=["demo_arm_l.bin", "demo_arm_b.bin"]) -test_armt = ExampleAssembler(["armt.py"], products=["demo_armt_l.bin", - "demo_armt_b.bin"]) +test_armb = ExampleShellcode(["armb", "arm_simple.S", "demo_arm_b.bin"]) +test_arml = ExampleShellcode(["arml", "arm_simple.S", "demo_arm_l.bin"]) +test_armtb = ExampleShellcode(["armtb", "armt.S", "demo_armt_b.bin"]) +test_armtl = ExampleShellcode(["armtl", "armt.S", "demo_armt_l.bin"]) test_box = {} -test_box_names = ["mod", "mod_self", "repmod", "simple"] +test_box_names = ["mod", "mod_self", "repmod", "simple", "enc"] for source in test_box_names: - sample_base = Example.get_sample("x86_32_" + source) - test_box[source] = ExampleAssembler(["box_x86_32.py", sample_base + ".S"], - products=[sample_base + ".bin"]) + sample_base = "x86_32_" + source + args = ["x86_32", sample_base + ".S", sample_base + ".bin", "--PE"] + if source == "enc": + args += ["--encrypt","msgbox_encrypted_start", "msgbox_encrypted_stop"] + test_box[source] = ExampleShellcode(args) testset += test_box[source] -test_box_enc = ExampleAssembler(["box_x86_32_enc.py"], - products=["box_x86_32_enc.bin"]) -test_msp430 = ExampleAssembler(["msp430_sc.py"], products=["msp430_sc.bin"]) -test_mips32 = ExampleAssembler(["mips32.py"], products=["mips32_sc_b.bin", - "mips32_sc_l.bin"]) +test_msp430 = ExampleShellcode(["msp430", "msp430.S", "msp430_sc.bin"]) +test_mips32b = ExampleShellcode(["mips32b", "mips32.S", "mips32_sc_b.bin"]) +test_mips32l = ExampleShellcode(["mips32l", "mips32.S", "mips32_sc_l.bin"]) -testset += test_arm -testset += test_armt -testset += test_box_enc +testset += test_armb +testset += test_arml +testset += test_armtb +testset += test_armtl testset += test_msp430 -testset += test_mips32 +testset += test_mips32b +testset += test_mips32l class ExampleDisassembler(ExampleDir): @@ -166,23 +186,22 @@ class ExampleDisasmFull(Example): "out.txt"] -testset += ExampleDisasmFull(["arml", "demo_arm_l.bin", "0"], - depends=[test_arm]) -testset += ExampleDisasmFull(["armb", "demo_arm_b.bin", "0"], - depends=[test_arm]) -testset += ExampleDisasmFull(["armtl", "demo_armt_l.bin", "0"], - depends=[test_armt]) -testset += ExampleDisasmFull(["armtb", "demo_armt_b.bin", "0"], - depends=[test_armt]) +testset += ExampleDisasmFull(["arml", Example.get_sample("demo_arm_l.bin"), + "0"], depends=[test_arml]) +testset += ExampleDisasmFull(["armb", Example.get_sample("demo_arm_b.bin"), + "0"], depends=[test_armb]) +testset += ExampleDisasmFull(["armtl", Example.get_sample("demo_armt_l.bin"), + "0"], depends=[test_armtl]) +testset += ExampleDisasmFull(["armtb", Example.get_sample("demo_armt_b.bin"), + "0"], depends=[test_armtb]) testset += ExampleDisasmFull(["x86_32", Example.get_sample("x86_32_simple.bin"), - "0x401000"], - depends=[test_box["simple"]]) -testset += ExampleDisasmFull(["msp430", "msp430_sc.bin", "0"], - depends=[test_msp430]) -testset += ExampleDisasmFull(["mips32l", "mips32_sc_l.bin", "0"], - depends=[test_mips32]) -testset += ExampleDisasmFull(["mips32b", "mips32_sc_b.bin", "0"], - depends=[test_mips32]) + "0x401000"], depends=[test_box["simple"]]) +testset += ExampleDisasmFull(["msp430", Example.get_sample("msp430_sc.bin"), + "0"], depends=[test_msp430]) +testset += ExampleDisasmFull(["mips32l", Example.get_sample("mips32_sc_l.bin"), + "0"], depends=[test_mips32l]) +testset += ExampleDisasmFull(["mips32b", Example.get_sample("mips32_sc_b.bin"), + "0"], depends=[test_mips32b]) ## Expression @@ -240,14 +259,14 @@ for jitter in ExampleJitter.jitter_engines: for script, dep in [(["x86_32.py", Example.get_sample("x86_32_sc.bin")], []), (["arm.py", Example.get_sample("md5_arm"), "-a", "A684"], []), - (["msp430.py", "msp430_sc.bin", "0"], [test_msp430]), - (["mips32.py", "mips32_sc_l.bin", "0"], [test_mips32]), - (["arm_sc.py", "0", "demo_arm_b.bin", "b", "-a", "0"], - [test_arm]), - (["arm_sc.py", "0", "demo_arm_l.bin", "l", "-a", "0"], - [test_arm]), - (["sandbox_pe_x86_32.py", "box_x86_32_enc.bin"], - [test_box_enc]), + (["msp430.py", Example.get_sample("msp430_sc.bin"), "0"], + [test_msp430]), + (["mips32.py", Example.get_sample("mips32_sc_l.bin"), "0"], + [test_mips32l]), + (["arm_sc.py", "0", Example.get_sample("demo_arm_b.bin"), + "b", "-a", "0"], [test_armb]), + (["arm_sc.py", "0", Example.get_sample("demo_arm_l.bin"), + "l", "-a", "0"], [test_arml]), ] + [(["sandbox_pe_x86_32.py", Example.get_sample("x86_32_" + name + ".bin")], [test_box[name]]) |