diff options
| author | Camille Mougey <commial@gmail.com> | 2023-04-23 11:15:10 +0200 |
|---|---|---|
| committer | Camille Mougey <commial@gmail.com> | 2023-04-23 11:18:45 +0200 |
| commit | 9e39991a6586ccdf22b5230d4e4229bead52ca3e (patch) | |
| tree | e5f070c0b9cbe1052b5ca3358f6b55712261f99b | |
| parent | 2a392ad25075990d31e83f0a5e3319fd7b0c4494 (diff) | |
| download | focaccia-miasm-9e39991a6586ccdf22b5230d4e4229bead52ca3e.tar.gz focaccia-miasm-9e39991a6586ccdf22b5230d4e4229bead52ca3e.zip | |
Doc: add Sandbox + Disassembler/Lifter cheatsheet
| -rw-r--r-- | doc/README.md | 3 | ||||
| -rw-r--r-- | doc/cheatsheets/reminder_disassembler.drawio | 342 | ||||
| -rw-r--r-- | doc/cheatsheets/reminder_disassembler.pdf | bin | 0 -> 46296 bytes | |||
| -rw-r--r-- | doc/cheatsheets/reminder_sandbox.drawio | 456 | ||||
| -rw-r--r-- | doc/cheatsheets/reminder_sandbox.pdf | bin | 0 -> 50576 bytes |
5 files changed, 801 insertions, 0 deletions
diff --git a/doc/README.md b/doc/README.md index 006d0321..e9c1c9d2 100644 --- a/doc/README.md +++ b/doc/README.md @@ -40,3 +40,6 @@ class LocationDB(builtins.object) - Lifting from assembly to IR: [notebook](ir/lift.ipynb) - `LocationDB` usage, the database for locations: [notebook](locationdb/locationdb.ipynb) - more complex examples through blog posts on [miasm.re](https://miasm.re) +- cheatsheets: + - `Sandbox` and associated emulation options: [cheatsheet](cheatsheets/reminder_sandbox.pdf) + - Disassembler, lifter and associated structures: [cheatsheet](cheatsheets/reminder_disassembler.pdf) diff --git a/doc/cheatsheets/reminder_disassembler.drawio b/doc/cheatsheets/reminder_disassembler.drawio new file mode 100644 index 00000000..ea2c29fc --- /dev/null +++ b/doc/cheatsheets/reminder_disassembler.drawio @@ -0,0 +1,342 @@ +<mxfile modified="2023-04-15T10:15:28.799Z" host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/21.1.2 Chrome/106.0.5249.199 Electron/21.4.3 Safari/537.36" etag="qgN_X3-ZCatMDyOE7X7L" compressed="false" version="21.1.2" type="device"> + <diagram id="Ht1M8jgEwFfnCIfOTk4-" name="Page-1"> + <mxGraphModel dx="1432" dy="865" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0"> + <root> + <mxCell id="0" /> + <mxCell id="1" parent="0" /> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-12" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-2" target="EN-Cfjzu8_hMJSnQrrUf-5" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-2" value="ELF" style="verticalLabelPosition=bottom;html=1;verticalAlign=top;align=center;strokeColor=none;fillColor=#00BEF2;shape=mxgraph.azure.file;pointerEvents=1;" parent="1" vertex="1"> + <mxGeometry x="30" y="110" width="47.5" height="50" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-11" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0.063;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-3" target="EN-Cfjzu8_hMJSnQrrUf-5" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-3" value="PE" style="verticalLabelPosition=bottom;html=1;verticalAlign=top;align=center;strokeColor=none;fillColor=#00BEF2;shape=mxgraph.azure.file_2;pointerEvents=1;" parent="1" vertex="1"> + <mxGeometry x="30" y="30" width="47.5" height="50" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-10" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-4" target="EN-Cfjzu8_hMJSnQrrUf-5" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-4" value="Raw" style="verticalLabelPosition=bottom;html=1;verticalAlign=top;align=center;strokeColor=none;fillColor=#00BEF2;shape=mxgraph.azure.startup_task;pointerEvents=1;" parent="1" vertex="1"> + <mxGeometry x="30" y="190" width="47.5" height="50" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-15" value=".bin_stream" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-5" target="EN-Cfjzu8_hMJSnQrrUf-14" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="250" y="135" /> + <mxPoint x="250" y="40" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-17" value=".arch&nbsp;" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-5" edge="1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="440" y="160" as="targetPoint" /> + <Array as="points"> + <mxPoint x="440" y="135" /> + <mxPoint x="440" y="160" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-18" value=".entry_point" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-5" target="EN-Cfjzu8_hMJSnQrrUf-19" edge="1"> + <mxGeometry x="0.466" relative="1" as="geometry"> + <mxPoint x="250" y="180.0000000000001" as="targetPoint" /> + <Array as="points"> + <mxPoint x="250" y="135" /> + </Array> + <mxPoint as="offset" /> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-5" value="Container" style="verticalLabelPosition=top;html=1;verticalAlign=bottom;align=right;strokeColor=none;fillColor=#00BEF2;shape=mxgraph.azure.dropbox_code_source;labelPosition=left;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="170" y="111.25" width="50" height="47.5" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-25" value=".dis_engine().dis_multiblock()" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;" parent="1" source="EN-Cfjzu8_hMJSnQrrUf-7" target="EN-Cfjzu8_hMJSnQrrUf-24" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="418" y="260" /> + <mxPoint x="200" y="260" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-28" value=".lifter()" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;" parent="1" edge="1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="418" y="550" as="targetPoint" /> + <mxPoint x="417.98765432098764" y="240" as="sourcePoint" /> + <Array as="points"> + <mxPoint x="418" y="320" /> + <mxPoint x="418" y="320" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-7" value="Machine("x86_32")" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#232F3D;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.external_toolkit;labelPosition=center;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="390" y="176" width="55.79" height="64" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-14" value="<blockquote><font face="Courier New">00000000 4d 5a 90 00 03 ...<br>00000010 b8 00 00 00 00 ...&nbsp;</font></blockquote>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=1;spacing=0;fontStyle=1" parent="1" vertex="1"> + <mxGeometry x="320" y="20" width="280" height="40" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-19" value="0x11223344" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="220" y="200" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-24" value="AsmCFG" style="swimlane;rounded=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="40" y="320" width="310" height="350" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-17" value="AsmBlock" style="swimlane;horizontal=0;startSize=23;" parent="EN-Cfjzu8_hMJSnQrrUf-24" vertex="1"> + <mxGeometry x="10" y="40" width="290" height="300" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-19" value="instruction_x86" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" parent="u1IDXeuR2jZR7SlRlDwS-17" vertex="1"> + <mxGeometry x="90" y="10" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-20" value="MOV EAX, EBX" style="text;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;spacingLeft=4;spacingRight=4;overflow=hidden;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;rotatable=0;fontFamily=Courier New;" parent="u1IDXeuR2jZR7SlRlDwS-19" vertex="1"> + <mxGeometry y="30" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-23" value=".lines" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="u1IDXeuR2jZR7SlRlDwS-17" vertex="1"> + <mxGeometry x="27.5" y="6" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-24" value="instruction_x86" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#fff2cc;strokeColor=#d6b656;" parent="u1IDXeuR2jZR7SlRlDwS-17" vertex="1"> + <mxGeometry x="89.5" y="87" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-25" value="XCHG ECX, EDX" style="text;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;spacingLeft=4;spacingRight=4;overflow=hidden;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;rotatable=0;fontFamily=Courier New;" parent="u1IDXeuR2jZR7SlRlDwS-24" vertex="1"> + <mxGeometry y="30" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-25" value="instruction_x86" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#dae8fc;strokeColor=#6c8ebf;" vertex="1" parent="u1IDXeuR2jZR7SlRlDwS-17"> + <mxGeometry x="87.5" y="166" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-26" value="CMOVZ EAX, EBX" style="text;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;spacingLeft=4;spacingRight=4;overflow=hidden;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;rotatable=0;fontFamily=Courier New;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-25"> + <mxGeometry y="30" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-26" value="IRCFG" style="swimlane;rounded=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="504" y="280" width="310" height="535" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-1" value="IRBlock" style="swimlane;horizontal=0;startSize=23;" vertex="1" parent="EN-Cfjzu8_hMJSnQrrUf-26"> + <mxGeometry x="6" y="40" width="290" height="320" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-27" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="250" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-17" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="149" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-2" value=" AssignBlock" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="10" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-4" value=".assignblks" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="37.5" y="6" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-15" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="40" width="140" height="70" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-11" value="EAX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="145" y="58" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-12" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="205" y="71" as="sourcePoint" /> + <mxPoint x="175" y="71" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-13" value="EBX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="205" y="58" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-16" value=" AssignBlock" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#fff2cc;strokeColor=#d6b656;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="119" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-18" value="ECX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="145" y="153" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="205" y="166" as="sourcePoint" /> + <mxPoint x="175" y="166" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-20" value="EDX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="205" y="153" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-22" value="EDX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="145" y="173" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-23" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="205" y="186" as="sourcePoint" /> + <mxPoint x="175" y="186" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-24" value="ECX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="205" y="173" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-28" value=" AssignBlock" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#dae8fc;strokeColor=#6c8ebf;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="120" y="220" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-66" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;strokeWidth=2;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-1" source="uIXO0tNmTaMb2hlezsOI-29"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="230" y="490" as="targetPoint" /> + <Array as="points"> + <mxPoint x="155" y="320" /> + <mxPoint x="230" y="320" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-29" value="IRDst" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="140" y="266" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-31" value="2" style="text;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fillStyle=auto;rounded=0;glass=0;sketch=1;curveFitting=1;jiggle=2;align=center;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="205" y="254" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-34" value="3" style="text;whiteSpace=wrap;html=1;align=center;fillColor=#e1d5e7;strokeColor=#9673a6;sketch=1;curveFitting=1;jiggle=2;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="205" y="283" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-36" value="zf?" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="184" y="260" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-107" value="as dict()" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="117.5" y="36" width="85" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-108" value=".instr" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-1"> + <mxGeometry x="123" y="80" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-39" value="IRBlock" style="swimlane;horizontal=0;startSize=23;" vertex="1" parent="EN-Cfjzu8_hMJSnQrrUf-26"> + <mxGeometry x="6" y="370" width="190" height="130" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-42" value=" AssignBlock" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;fillColor=#dae8fc;strokeColor=#6c8ebf;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="37" y="32" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-44" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="37" y="62" width="140" height="60" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-45" value="EAX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="62" y="66" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-46" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="122" y="79" as="sourcePoint" /> + <mxPoint x="92" y="79" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-47" value="EBX" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="122" y="66" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-67" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;strokeWidth=2;" edge="1" parent="uIXO0tNmTaMb2hlezsOI-39" source="uIXO0tNmTaMb2hlezsOI-60"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="200" y="159" as="targetPoint" /> + <Array as="points"> + <mxPoint x="72" y="139" /> + <mxPoint x="200" y="139" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-60" value="IRDst" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="57" y="86" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-62" value="3" style="text;whiteSpace=wrap;html=1;align=center;verticalAlign=middle;fillColor=#e1d5e7;strokeColor=#9673a6;sketch=1;curveFitting=1;jiggle=2;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="122" y="88" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-63" value=".loc_key =" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="37" y="2" width="83" height="30" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-68" value="2" style="text;whiteSpace=wrap;html=1;align=center;fillColor=#e1d5e7;strokeColor=#9673a6;sketch=1;curveFitting=1;jiggle=2;verticalAlign=middle;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-39"> + <mxGeometry x="118" y="6" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-61" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="EN-Cfjzu8_hMJSnQrrUf-26"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="127" y="469" as="sourcePoint" /> + <mxPoint x="97" y="469" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-65" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;strokeWidth=2;" edge="1" parent="EN-Cfjzu8_hMJSnQrrUf-26"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="145" y="320" as="sourcePoint" /> + <mxPoint x="88.5" y="376" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-27" value="" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;fontFamily=Courier New;" parent="1" edge="1"> + <mxGeometry width="50" height="50" relative="1" as="geometry"> + <mxPoint x="352" y="560" as="sourcePoint" /> + <mxPoint x="502" y="560" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-29" value="<br style="font-size: 10px;"><span style="font-size: 10px; background-color: rgb(255, 255, 255);">.new_ircfg_from_asmcfg()</span>" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontFamily=Courier New;fontSize=10;" parent="1" vertex="1"> + <mxGeometry x="347" y="564" width="160" height="30" as="geometry" /> + </mxCell> + <mxCell id="EN-Cfjzu8_hMJSnQrrUf-38" value="<div style="text-align: left">loc_db = LocationDB()</div><div style="text-align: left">cont = Container.from_stream(fdesc, loc_db)</div><div style="text-align: left">machine = Machine(cont.arch)</div><div style="text-align: left"><br></div><div style="text-align: left">mdis = machine.dis_engine(</div><div style="text-align: left"><span> </span><span style="white-space: pre"> </span>cont.bin_stream,</div><div style="text-align: left"><span> </span><span style="white-space: pre"> </span>loc_db=cont.loc_db</div><div style="text-align: left">)</div><div style="text-align: left"><br></div><div style="text-align: left">addr = cont.entry_point</div><div style="text-align: left">asmcfg = mdis.dis_multiblock(addr)</div><div style="text-align: left"><br></div><div style="text-align: left">lifter = machine.lifter(mdis.loc_db)<br></div><div style="text-align: left"><br></div><div style="text-align: left">ircfg = lifter.new_ircfg_from_asmcfg(asmcfg)</div>" style="shape=ext;double=1;rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;fontSize=12;" parent="1" vertex="1"> + <mxGeometry x="800" y="14" width="350" height="254" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-4" value="LocationDB" style="shape=table;startSize=30;container=1;collapsible=0;childLayout=tableLayout;fixedRows=1;rowLines=0;fontStyle=1;" parent="1" vertex="1"> + <mxGeometry x="550" y="100" width="180" height="130" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-5" value="" style="shape=tableRow;horizontal=0;startSize=0;swimlaneHead=0;swimlaneBody=0;top=0;left=0;bottom=0;right=0;collapsible=0;dropTarget=0;fillColor=none;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;" parent="u1IDXeuR2jZR7SlRlDwS-4" vertex="1"> + <mxGeometry y="30" width="180" height="30" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-6" value="" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;overflow=hidden;pointerEvents=1;" parent="u1IDXeuR2jZR7SlRlDwS-5" vertex="1"> + <mxGeometry width="40" height="30" as="geometry"> + <mxRectangle width="40" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-7" value="0x112200, main" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;align=left;spacingLeft=6;overflow=hidden;" parent="u1IDXeuR2jZR7SlRlDwS-5" vertex="1"> + <mxGeometry x="40" width="140" height="30" as="geometry"> + <mxRectangle width="140" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-8" value="" style="shape=tableRow;horizontal=0;startSize=0;swimlaneHead=0;swimlaneBody=0;top=0;left=0;bottom=0;right=0;collapsible=0;dropTarget=0;fillColor=none;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;" parent="u1IDXeuR2jZR7SlRlDwS-4" vertex="1"> + <mxGeometry y="60" width="180" height="30" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-9" value="" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;overflow=hidden;" parent="u1IDXeuR2jZR7SlRlDwS-8" vertex="1"> + <mxGeometry width="40" height="30" as="geometry"> + <mxRectangle width="40" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-10" value="" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;align=left;spacingLeft=6;overflow=hidden;" parent="u1IDXeuR2jZR7SlRlDwS-8" vertex="1"> + <mxGeometry x="40" width="140" height="30" as="geometry"> + <mxRectangle width="140" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-11" value="" style="shape=tableRow;horizontal=0;startSize=0;swimlaneHead=0;swimlaneBody=0;top=0;left=0;bottom=0;right=0;collapsible=0;dropTarget=0;fillColor=none;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;" parent="u1IDXeuR2jZR7SlRlDwS-4" vertex="1"> + <mxGeometry y="90" width="180" height="30" as="geometry" /> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-12" value="" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;overflow=hidden;" parent="u1IDXeuR2jZR7SlRlDwS-11" vertex="1"> + <mxGeometry width="40" height="30" as="geometry"> + <mxRectangle width="40" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="u1IDXeuR2jZR7SlRlDwS-13" value="label1, label2" style="shape=partialRectangle;html=1;whiteSpace=wrap;connectable=0;fillColor=none;top=0;left=0;bottom=0;right=0;align=left;spacingLeft=6;overflow=hidden;" parent="u1IDXeuR2jZR7SlRlDwS-11" vertex="1"> + <mxGeometry x="40" width="140" height="30" as="geometry"> + <mxRectangle width="140" height="30" as="alternateBounds" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-38" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="711" y="601" as="sourcePoint" /> + <mxPoint x="681" y="601" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-69" value="1" style="text;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fillStyle=auto;rounded=0;glass=0;sketch=1;curveFitting=1;jiggle=2;align=center;verticalAlign=middle;" vertex="1" parent="1"> + <mxGeometry x="555" y="135" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-70" value="2" style="text;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fillStyle=auto;rounded=0;glass=0;sketch=1;curveFitting=1;jiggle=2;align=center;verticalAlign=middle;" vertex="1" parent="1"> + <mxGeometry x="555" y="165" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-71" value="3" style="text;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;fillStyle=auto;rounded=0;glass=0;sketch=1;curveFitting=1;jiggle=2;align=center;verticalAlign=middle;" vertex="1" parent="1"> + <mxGeometry x="555" y="195" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-100" value="Expr" style="swimlane;whiteSpace=wrap;html=1;" vertex="1" parent="1"> + <mxGeometry x="900" y="281" width="190" height="289" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-101" value="<table style="box-sizing: unset; border-collapse: collapse; border-spacing: 0px; border: none; color: rgba(0, 0, 0, 0.87); font-size: 12px; table-layout: fixed; margin-left: auto; margin-right: auto; margin-bottom: 0.5em; font-family: -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Helvetica, Arial, sans-serif, &quot;Apple Color Emoji&quot;, &quot;Segoe UI Emoji&quot;, &quot;Segoe UI Symbol&quot;; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><thead style="box-sizing: unset; border-bottom: var(--jp-border-width) solid var(--jp-border-color1); vertical-align: bottom;"><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;"><th style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; font-weight: bold;">Word</th><th style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; font-weight: bold;">Meaning</th></tr></thead><tbody style="box-sizing: unset;"><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-layout-color0);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprAssign</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">A&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;B</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-rendermime-table-row-background);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprInt</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">0x18</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-layout-color0);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprId</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">EAX</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-rendermime-table-row-background);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprLoc</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;"><br></td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-layout-color0);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprCond</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">A ? B : C</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-rendermime-table-row-background);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprMem</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">@16[ESI]</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-layout-color0);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprOp</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">A + B</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-rendermime-table-row-background);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprSlice</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">AH = EAX[8 :16]</td></tr><tr style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none; background: var(--jp-layout-color0);"><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">ExprCompose</td><td style="box-sizing: unset; vertical-align: middle; padding: 0.5em; line-height: normal; max-width: none; border: none;">AX = AH.AL</td></tr></tbody></table>" style="text;whiteSpace=wrap;html=1;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-100"> + <mxGeometry y="20" width="220" height="290" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-103" value="1" style="text;whiteSpace=wrap;html=1;align=center;fillColor=#e1d5e7;strokeColor=#9673a6;sketch=1;curveFitting=1;jiggle=2;verticalAlign=middle;" vertex="1" parent="uIXO0tNmTaMb2hlezsOI-100"> + <mxGeometry x="95" y="133" width="30" height="20" as="geometry" /> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-102" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="1036" y="347" as="sourcePoint" /> + <mxPoint x="1006" y="347" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="uIXO0tNmTaMb2hlezsOI-109" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=0.5;entryDx=0;entryDy=0;jumpStyle=arc;" edge="1" parent="1" source="uIXO0tNmTaMb2hlezsOI-108" target="u1IDXeuR2jZR7SlRlDwS-20"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + </root> + </mxGraphModel> + </diagram> +</mxfile> diff --git a/doc/cheatsheets/reminder_disassembler.pdf b/doc/cheatsheets/reminder_disassembler.pdf new file mode 100644 index 00000000..5c2308bb --- /dev/null +++ b/doc/cheatsheets/reminder_disassembler.pdf Binary files differdiff --git a/doc/cheatsheets/reminder_sandbox.drawio b/doc/cheatsheets/reminder_sandbox.drawio new file mode 100644 index 00000000..6378e40c --- /dev/null +++ b/doc/cheatsheets/reminder_sandbox.drawio @@ -0,0 +1,456 @@ +<mxfile host="Electron" modified="2023-04-04T16:32:46.326Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/21.1.2 Chrome/106.0.5249.199 Electron/21.4.3 Safari/537.36" etag="bYIeBCTb6p7O_bb5MGuA" compressed="false" version="21.1.2" type="device"> + <diagram id="ASb568PI5aclqPhagqz0" name="Page-1"> + <mxGraphModel dx="1432" dy="865" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0"> + <root> + <mxCell id="0" /> + <mxCell id="1" parent="0" /> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-1" value="<div style=""><span style="background-color: initial;"><font face="Courier New">from miasm.analysis.sandbox import Sandbox_Win_x86_32</font></span></div><font face="Courier New">from miasm.core.locationdb import LocationDB<br><br><div># Parse arguments</div><div>parser = Sandbox_Win_x86_32.parser(description="PE sandboxer")</div><div>parser.add_argument("filename", help="PE Filename")</div><div>options = parser.parse_args()</div><div></div><br></font><div><font face="Courier New"># Create sandbox</font></div><div><font face="Courier New">loc_db = LocationDB()</font></div><div><font face="Courier New">sb = Sandbox_Win_x86_32(loc_db, options.filename, options, globals())</font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New"># Run</font></div><div><font face="Courier New">sb.run()</font></div><div><br></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="10" y="10" width="540" height="263" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-7" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;fontFamily=Courier New;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-2" target="8zZ8r4-26LbBzZc4UFdb-3" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-16" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontFamily=Courier New;dashed=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-2" target="8zZ8r4-26LbBzZc4UFdb-12" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-2" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="749" y="90" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-5" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-3" target="8zZ8r4-26LbBzZc4UFdb-4" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-17" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontFamily=Courier New;dashed=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-3" target="8zZ8r4-26LbBzZc4UFdb-13" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-3" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="749" y="180" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-18" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontFamily=Courier New;dashed=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-4" target="8zZ8r4-26LbBzZc4UFdb-14" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-4" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="749" y="270" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-10" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontFamily=Courier New;exitX=0;exitY=1;exitDx=0;exitDy=0;" parent="1" edge="1"> + <mxGeometry relative="1" as="geometry"> + <mxPoint x="749" y="227" as="sourcePoint" /> + <mxPoint x="749" y="197" as="targetPoint" /> + <Array as="points"> + <mxPoint x="719" y="227" /> + <mxPoint x="719" y="197" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-11" value="<h1>Logging</h1>" style="text;html=1;strokeColor=none;fillColor=none;spacing=5;spacingTop=-20;whiteSpace=wrap;overflow=hidden;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="760" y="10" width="120" height="40" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-12" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="950" y="90" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-13" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="950" y="180" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-14" value="" style="rounded=1;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="950" y="270" width="120" height="60" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-19" value="--dumpblocs (-b)" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="926" y="60" width="170" height="290" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-20" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">dump only never seen before blocks</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="880" y="360" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-22" value="eax=X,ebx=X,...<br>test eax, eax<br><br>eax=X,ebx=Y,...<br>jnz loc_1234<br><br>eax=X,ebx=Y,...<br>inc eax<br><br>eax=X,ebx=Y,...<br>loop loc_6789<br><br>eax=X,ebx=Y<br>inc eax<br><br>eax=X,ebx=Y<br>loop loc_6789" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="586" y="150" width="110" height="140" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-24" value="--singlestep (-z)" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="570" y="60" width="140" height="290" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-25" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">trace all instructions</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="495" y="360" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-26" value="<h1>Emulation cursor: segmentation</h1>" style="text;html=1;strokeColor=none;fillColor=none;spacing=5;spacingTop=-20;whiteSpace=wrap;overflow=hidden;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="51" y="414" width="460" height="40" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-28" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=0;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="528" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-29" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="530" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-30" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="531" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-31" value="<div style=""><font face="Courier New">mov eax, 0x30</font></div><div style=""><font face="Courier New">mov ebx, FS:[eax]</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="520" y="520" width="130" height="38" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-33" value="" style="endArrow=classic;html=1;rounded=0;fontFamily=Courier New;strokeWidth=1;" parent="1" edge="1"> + <mxGeometry width="50" height="50" relative="1" as="geometry"> + <mxPoint x="660" y="540" as="sourcePoint" /> + <mxPoint x="710" y="540" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-34" value="<div style=""><font face="Courier New">mov eax, 0x30</font></div><div style=""><font face="Courier New">mov ebx, BYTE PTR [0x30]</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="730" y="523" width="180" height="38" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-35" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">segment are NOT honored</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="560" y="561" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-36" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=18;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="658" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-37" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="660" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-38" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="661" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-39" value="<div style=""><font face="Courier New">mov eax, 0x30</font></div><div style=""><font face="Courier New">mov ebx, FS:[eax]</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="519" y="650" width="130" height="38" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-40" value="" style="endArrow=classic;html=1;rounded=0;fontFamily=Courier New;strokeWidth=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=0.585;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-39" target="8zZ8r4-26LbBzZc4UFdb-46" edge="1"> + <mxGeometry width="50" height="50" relative="1" as="geometry"> + <mxPoint x="687" y="670" as="sourcePoint" /> + <mxPoint x="737" y="670" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-41" value="<div style=""><font face="Courier New">mov eax, 0x30</font></div><div style=""><font face="Courier New">mov ebx, BYTE PTR [0x7ff12030]</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="757" y="653" width="220" height="38" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-42" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">segment are honored</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="560" y="634" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-43" value="Segments" style="swimlane;fontStyle=0;childLayout=stackLayout;horizontal=1;startSize=30;horizontalStack=0;resizeParent=1;resizeParentMax=0;resizeLast=0;collapsible=1;marginBottom=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="639" y="691" width="140" height="90" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-45" value="DS: 0" style="text;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;spacingLeft=4;spacingRight=4;overflow=hidden;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;rotatable=0;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-43" vertex="1"> + <mxGeometry y="30" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-46" value="FS: 0x7ff12000" style="text;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;spacingLeft=4;spacingRight=4;overflow=hidden;points=[[0,0.5],[1,0.5]];portConstraint=eastwest;rotatable=0;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-43" vertex="1"> + <mxGeometry y="60" width="140" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-47" value="" style="endArrow=classic;html=1;rounded=0;fontFamily=Courier New;strokeWidth=1;entryX=0.75;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-46" target="8zZ8r4-26LbBzZc4UFdb-41" edge="1"> + <mxGeometry width="50" height="50" relative="1" as="geometry"> + <mxPoint x="787" y="790" as="sourcePoint" /> + <mxPoint x="649" y="806" as="targetPoint" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-48" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=37;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="918" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-49" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="920" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-50" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="921" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-59" value="sb.jitter.vm" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="500" y="868" width="200" height="250" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-60" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-59" vertex="1"> + <mxGeometry x="9" y="41" width="181" height="199" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-61" value="<div style=""><font face="Courier New">call HeapAlloc</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-59" vertex="1"> + <mxGeometry x="15" y="48" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-63" value="" style="shape=note;whiteSpace=wrap;html=1;backgroundOutline=1;darkOpacity=0.05;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="740" y="918" width="90" height="100" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-65" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-61" target="8zZ8r4-26LbBzZc4UFdb-63" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-69" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;strokeWidth=1;fontSize=13;fontStyle=2" parent="1" source="8zZ8r4-26LbBzZc4UFdb-66" edge="1"> + <mxGeometry x="1" y="90" relative="1" as="geometry"> + <mxPoint x="830" y="1038" as="targetPoint" /> + <mxPoint x="-90" y="-90" as="offset" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-66" value="<div style=""><font face="Courier New">HeapAlloc</font></div><div style=""><font face="Courier New">0x71110000<br>HeapCreate<br>0x71110004</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="745" y="946" width="80" height="72" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-72" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=0;entryDy=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-68" target="8zZ8r4-26LbBzZc4UFdb-71" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="780" y="1038" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-68" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.x;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="810" y="1028" width="20" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-71" value="kernel32_HeapAlloc(jitter)" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="780" y="1068" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-74" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">sb.libs</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="736" y="918" width="70" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-75" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=71.48;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="1196" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-76" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="1198" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-77" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="1199" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-78" value="sb.jitter.vm" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="500" y="1148" width="210" height="190" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-79" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-78" vertex="1"> + <mxGeometry x="9" y="41" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-80" value="<div style=""><font face="Courier New">call HeapAlloc</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-78" vertex="1"> + <mxGeometry x="15" y="48" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-89" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-78" vertex="1"> + <mxGeometry x="9.5" y="112" width="181" height="58" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-90" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">kernel32.dll</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="8zZ8r4-26LbBzZc4UFdb-78" vertex="1"> + <mxGeometry x="-40.5" y="140" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-81" value="" style="shape=note;whiteSpace=wrap;html=1;backgroundOutline=1;darkOpacity=0.05;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="740" y="1198" width="90" height="100" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-82" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-80" target="8zZ8r4-26LbBzZc4UFdb-81" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-83" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;strokeWidth=1;fontSize=13;fontStyle=2" parent="1" source="8zZ8r4-26LbBzZc4UFdb-84" edge="1"> + <mxGeometry x="1" y="-90" relative="1" as="geometry"> + <mxPoint x="830" y="1318" as="targetPoint" /> + <mxPoint as="offset" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-91" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=13;strokeWidth=1;dashed=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-84" target="8zZ8r4-26LbBzZc4UFdb-89" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-84" value="<div style=""><font face="Courier New">HeapAlloc</font></div><div style=""><font face="Courier New">0x7c820132<br>HeapCreate<br>0x7c820404</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="745" y="1226" width="80" height="72" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-85" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=0;entryDy=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-86" target="8zZ8r4-26LbBzZc4UFdb-87" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="780" y="1318" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-86" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.x;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="810" y="1308" width="20" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-87" value="kernel32_HeapAlloc(jitter)" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="780" y="1348" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-88" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">sb.libs</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="736" y="1198" width="70" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-109" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=47;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="1746" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-110" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="1748" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-111" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="1749" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-112" value="sb.jitter.vm" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="500" y="1693" width="200" height="220" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-113" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-112" vertex="1"> + <mxGeometry x="9.5" y="80" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-114" value="<div style=""><font face="Courier New">call HeapAlloc</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-112" vertex="1"> + <mxGeometry x="20" y="88.5" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-123" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-112" vertex="1"> + <mxGeometry x="9.5" y="30" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-124" value="<div style=""><font face="Courier New">MZ...</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-112" vertex="1"> + <mxGeometry x="20" y="38.5" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-115" value="" style="shape=note;whiteSpace=wrap;html=1;backgroundOutline=1;darkOpacity=0.05;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="740" y="1743" width="90" height="100" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-116" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-114" target="8zZ8r4-26LbBzZc4UFdb-115" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-117" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;strokeWidth=1;fontSize=13;fontStyle=2" parent="1" source="8zZ8r4-26LbBzZc4UFdb-118" edge="1"> + <mxGeometry x="1" y="100" relative="1" as="geometry"> + <mxPoint x="830" y="1863" as="targetPoint" /> + <mxPoint x="-100" as="offset" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-118" value="<div style=""><font face="Courier New">HeapAlloc</font></div><div style=""><font face="Courier New">0x71110000<br>HeapCreate<br>0x71110004</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="745" y="1771" width="80" height="72" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-119" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=0;entryDy=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-120" target="8zZ8r4-26LbBzZc4UFdb-121" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="780" y="1863" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-120" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.x;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="810" y="1853" width="20" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-121" value="kernel32_HeapAlloc(jitter)" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="780" y="1893" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-122" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">sb.libs</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="736" y="1743" width="70" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-126" value="<i>Breakpoint</i>" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Helvetica;fontSize=13;" parent="1" vertex="1"> + <mxGeometry x="717" y="1304" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-127" value="<i>Breakpoint</i>" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Helvetica;fontSize=13;" parent="1" vertex="1"> + <mxGeometry x="710" y="1023" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-128" value="<i>Breakpoint</i>" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Helvetica;fontSize=13;" parent="1" vertex="1"> + <mxGeometry x="710" y="1853" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-147" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=58;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="2009" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-148" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="2011" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-149" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="2012" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-150" value="sb.jitter.vm" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="500" y="1966" width="200" height="220" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-151" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="9.5" y="80" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-152" value="<div style=""><font face="Courier New">call HeapAlloc</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="20" y="88.5" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-153" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="9.5" y="126" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-154" value="<div style=""><font face="Courier New">TEB, ...</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="20" y="134.5" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-164" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="9.5" y="176" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-165" value="<div style=""><font face="Courier New">LdrData</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-150" vertex="1"> + <mxGeometry x="20" y="184.5" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-155" value="" style="shape=note;whiteSpace=wrap;html=1;backgroundOutline=1;darkOpacity=0.05;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="740" y="2016" width="90" height="100" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-156" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-152" target="8zZ8r4-26LbBzZc4UFdb-155" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-157" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;strokeWidth=1;fontSize=13;fontStyle=2" parent="1" source="8zZ8r4-26LbBzZc4UFdb-158" edge="1"> + <mxGeometry x="1" y="100" relative="1" as="geometry"> + <mxPoint x="830" y="2136" as="targetPoint" /> + <mxPoint x="-100" as="offset" /> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-158" value="<div style=""><font face="Courier New">HeapAlloc</font></div><div style=""><font face="Courier New">0x71110000<br>HeapCreate<br>0x71110004</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="745" y="2044" width="80" height="72" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-159" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=0;entryDy=0;fontFamily=Courier New;strokeWidth=1;" parent="1" source="8zZ8r4-26LbBzZc4UFdb-160" target="8zZ8r4-26LbBzZc4UFdb-161" edge="1"> + <mxGeometry relative="1" as="geometry"> + <Array as="points"> + <mxPoint x="780" y="2136" /> + </Array> + </mxGeometry> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-160" value="" style="verticalLabelPosition=bottom;verticalAlign=top;html=1;shape=mxgraph.basic.x;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="810" y="2126" width="20" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-161" value="kernel32_HeapAlloc(jitter)" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="780" y="2166" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-162" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">sb.libs</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="736" y="2016" width="70" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-163" value="<i>Breakpoint</i>" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontFamily=Helvetica;fontSize=13;" parent="1" vertex="1"> + <mxGeometry x="710" y="2126" width="60" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-166" value="" style="dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;shape=mxgraph.gmdl.sliderFocused;barPos=81;strokeColor=#3F51B5;opacity=100;strokeWidth=2;fillColor=#3F51B5;handleSize=30;shadow=0;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="206" y="1430" width="200" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-167" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Fake</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="160" y="1432" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-168" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">Reality</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="416" y="1433" width="40" height="20" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-169" value="sb.jitter.vm" style="swimlane;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="500" y="1391" width="210" height="190" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-170" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-169" vertex="1"> + <mxGeometry x="9" y="41" width="181" height="39" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-171" value="<div style=""><font face="Courier New">call HeapAlloc</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="8zZ8r4-26LbBzZc4UFdb-169" vertex="1"> + <mxGeometry x="15" y="48" width="115" height="22" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-172" value="" style="rounded=0;whiteSpace=wrap;html=1;fontFamily=Courier New;" parent="8zZ8r4-26LbBzZc4UFdb-169" vertex="1"> + <mxGeometry x="9.5" y="112" width="181" height="58" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-173" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">kernel32.dll</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="8zZ8r4-26LbBzZc4UFdb-169" vertex="1"> + <mxGeometry x="-40.5" y="140" width="280" height="30" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-175" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Courier New;strokeWidth=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="8zZ8r4-26LbBzZc4UFdb-169" source="8zZ8r4-26LbBzZc4UFdb-171" target="8zZ8r4-26LbBzZc4UFdb-173" edge="1"> + <mxGeometry relative="1" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-174" value="" style="shape=note;whiteSpace=wrap;html=1;backgroundOutline=1;darkOpacity=0.05;fontFamily=Courier New;" parent="1" vertex="1"> + <mxGeometry x="740" y="1441" width="90" height="100" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-178" value="<div style=""><font face="Courier New">HeapAlloc</font></div><div style=""><font face="Courier New">0x7c820132<br>HeapCreate<br>0x7c820404</font></div>" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1"> + <mxGeometry x="745" y="1469" width="80" height="72" as="geometry" /> + </mxCell> + <mxCell id="8zZ8r4-26LbBzZc4UFdb-182" value="<span style="color: rgb(0, 0, 0); font-family: &quot;Courier New&quot;; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 700; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;">sb.libs</span>" style="text;whiteSpace=wrap;html=1;fontFamily=Courier New;align=center;" parent="1" vertex="1"> + <mxGeometry x="736" y="1441" width="70" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-2" value="<div style=""><font face="Courier New"><b>-s, --usesegm</b></font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="206" y="710" width="110" height="38" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-4" value="<div style=""><font face="Courier New"><b>-i, --dependencies </b>(real dependencies)</font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="200" y="1248" width="280" height="38" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-5" value="<div style=""><font face="Courier New"><b>-l, --loadbasedll </b>(hardcoded list)</font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="200" y="1300" width="280" height="38" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-6" value="<div style=""><font face="Courier New"><b>-o, --load-hdr</b></font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="200" y="1798" width="120" height="38" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-7" value="<div style=""><font face="Courier New"><b>-y, --use-windows-structs</b></font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="200" y="2071" width="190" height="38" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-8" value="Default, useful for shellcodes" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="480" width="240" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-9" value="With segments, useful for 16bits or import-by-hash" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="591" width="330" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-10" value="Sandbox default, breakpoint set for imports, to emulate them" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="867" width="310" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-12" value="DLL are loaded in virtual memory" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="1150" width="310" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-13" value="PE header is loaded in virtual memory" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="1693" width="310" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-14" value="Some Windows structures are created and filled" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="1965" width="310" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-15" value="Remove breakpoint to use the in-memory function" style="text;html=1;strokeColor=none;fillColor=none;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;fontStyle=4;fontSize=14;" vertex="1" parent="1"> + <mxGeometry x="160" y="1384" width="320" height="30" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-16" value="<div style=""><font face="Courier New">&nbsp;sb.</font></div><div style=""><font face="Courier New">&nbsp; jitter.</font></div><div style=""><font face="Courier New">&nbsp; remove_breakpoints_by_address(</font></div><div style=""><font face="Courier New">&nbsp; &nbsp;sb.</font></div><div style=""><font face="Courier New">&nbsp; &nbsp;libs.</font></div><div style=""><font face="Courier New">&nbsp; &nbsp;cname2addr["ntdll_swprintf"]</font></div><div style=""><font face="Courier New">&nbsp; )</font><br></div>" style="text;html=1;strokeColor=#6c8ebf;fillColor=#dae8fc;align=left;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> + <mxGeometry x="200" y="1472" width="260" height="122" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-18" value="<h1>Emulation cursor: dependencies</h1>" style="text;html=1;strokeColor=none;fillColor=none;spacing=5;spacingTop=-20;whiteSpace=wrap;overflow=hidden;rounded=0;fontFamily=Courier New;" vertex="1" parent="1"> + <mxGeometry x="51" y="800" width="460" height="40" as="geometry" /> + </mxCell> + <mxCell id="J-sqQMnCN70ADjEj5KlQ-59" value="<h1>Emulation cursor: structures</h1>" style="text;html=1;strokeColor=none;fillColor=none;spacing=5;spacingTop=-20;whiteSpace=wrap;overflow=hidden;rounded=0;fontFamily=Courier New;" vertex="1" parent="1"> + <mxGeometry x="57" y="1645" width="460" height="40" as="geometry" /> + </mxCell> + </root> + </mxGraphModel> + </diagram> +</mxfile> diff --git a/doc/cheatsheets/reminder_sandbox.pdf b/doc/cheatsheets/reminder_sandbox.pdf new file mode 100644 index 00000000..7271d319 --- /dev/null +++ b/doc/cheatsheets/reminder_sandbox.pdf Binary files differ |