diff options
| author | Theofilos Augoustis <theofilos.augoustis@gmail.com> | 2025-10-22 15:59:53 +0000 |
|---|---|---|
| committer | Theofilos Augoustis <theofilos.augoustis@gmail.com> | 2025-10-30 17:22:38 +0000 |
| commit | 5ca004cb8e6b493c7a3ba01b65cca02f8e3136a4 (patch) | |
| tree | db77accffe50ba81b670cbbace7e47e3fb7826c9 | |
| parent | 72c2ba26066b8641c3cd22e29a12a96c6cb99aa7 (diff) | |
| download | focaccia-5ca004cb8e6b493c7a3ba01b65cca02f8e3136a4.tar.gz focaccia-5ca004cb8e6b493c7a3ba01b65cca02f8e3136a4.zip | |
Make it possible to use the LLDB disassembly when the Miasm disassembly does not work
| -rw-r--r-- | src/focaccia/lldb_target.py | 17 | ||||
| -rw-r--r-- | src/focaccia/symbolic.py | 16 |
2 files changed, 25 insertions, 8 deletions
diff --git a/src/focaccia/lldb_target.py b/src/focaccia/lldb_target.py index 6f0011f..b0d7dd6 100644 --- a/src/focaccia/lldb_target.py +++ b/src/focaccia/lldb_target.py @@ -315,8 +315,21 @@ class LLDBConcreteTarget: return addr def get_disassembly(self, addr: int) -> str: - inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1)[0] - return f'{inst.GetMnemonic(self.target)} {inst.GetOperands(self.target)}' + inst: lldb.SBInstruction = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0] + mnemonic: str = inst.GetMnemonic(self.target).upper() + operands: str = inst.GetOperands(self.target).upper() + operands = operands.replace("0X", "0x") + return f'{mnemonic} {operands}' + + def get_disassembly_bytes(self, addr: int): + error = lldb.SBError() + buf = self.process.ReadMemory(addr, 64, error) + inst = self.target.GetInstructions(lldb.SBAddress(addr, self.target), buf)[0] + return inst.GetData(self.target).ReadRawData(error, 0, inst.GetByteSize()) + + def get_instruction_size(self, addr: int) -> int: + inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0] + return inst.GetByteSize() class LLDBLocalTarget(LLDBConcreteTarget): def __init__(self, diff --git a/src/focaccia/symbolic.py b/src/focaccia/symbolic.py index f854392..4b55a0d 100644 --- a/src/focaccia/symbolic.py +++ b/src/focaccia/symbolic.py @@ -702,8 +702,12 @@ class SymbolicTracer: ctx = DisassemblyContext(lldb_state) arch = ctx.arch + # print(ctx.machine.mn().fromstring(str('add rdi, r11').upper(), ctx.loc_db, 'l')) + # quit() + # Trace concolically strace: list[SymbolicTransform] = [] + b = False while not target.is_exited(): pc = target.read_register('pc') @@ -717,16 +721,16 @@ class SymbolicTracer: # Try to get the LLDB disassembly instead to simplify debugging try: alt_disas = target.get_disassembly(pc) + instr = Instruction.from_string(alt_disas, ctx.arch, pc, + target.get_instruction_size(pc)) + info(f'Disassembled instruction {instr} at {hex(pc)}') + instr = instr.instr except: - warn(f'Unable to disassemble instruction at {hex(pc)}: {err}.' + warn(f'Unable to disassemble instruction {hex(pc)}: {err}.' f' Skipping.') + target.step() continue - warn(f'Unable to disassemble instruction {alt_disas} at {hex(pc)}: {err}.' - f' Skipping.') - target.step() - continue - # Run instruction conc_state = MiasmSymbolResolver(lldb_state, ctx.loc_db) new_pc, modified = run_instruction(instr, conc_state, ctx.lifter) |