diff options
| author | Theofilos Augoustis <theofilos.augoustis@gmail.com> | 2025-10-22 15:59:53 +0000 |
|---|---|---|
| committer | Theofilos Augoustis <theofilos.augoustis@gmail.com> | 2025-11-06 17:20:13 +0000 |
| commit | f5746bcbab5d1a3ff88a6e82d7721086fe4c5af2 (patch) | |
| tree | da7dfc9be90637d34b0750b47e2bc69d21b11b5a /src | |
| parent | f762c35148bb69cb9ddcea4e95022750e9367e52 (diff) | |
| download | focaccia-f5746bcbab5d1a3ff88a6e82d7721086fe4c5af2.tar.gz focaccia-f5746bcbab5d1a3ff88a6e82d7721086fe4c5af2.zip | |
Make it possible to use the LLDB disassembly when the Miasm disassembly does not work
Diffstat (limited to 'src')
| -rw-r--r-- | src/focaccia/lldb_target.py | 17 | ||||
| -rw-r--r-- | src/focaccia/symbolic.py | 16 |
2 files changed, 25 insertions, 8 deletions
diff --git a/src/focaccia/lldb_target.py b/src/focaccia/lldb_target.py index 6f0011f..b0d7dd6 100644 --- a/src/focaccia/lldb_target.py +++ b/src/focaccia/lldb_target.py @@ -315,8 +315,21 @@ class LLDBConcreteTarget: return addr def get_disassembly(self, addr: int) -> str: - inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1)[0] - return f'{inst.GetMnemonic(self.target)} {inst.GetOperands(self.target)}' + inst: lldb.SBInstruction = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0] + mnemonic: str = inst.GetMnemonic(self.target).upper() + operands: str = inst.GetOperands(self.target).upper() + operands = operands.replace("0X", "0x") + return f'{mnemonic} {operands}' + + def get_disassembly_bytes(self, addr: int): + error = lldb.SBError() + buf = self.process.ReadMemory(addr, 64, error) + inst = self.target.GetInstructions(lldb.SBAddress(addr, self.target), buf)[0] + return inst.GetData(self.target).ReadRawData(error, 0, inst.GetByteSize()) + + def get_instruction_size(self, addr: int) -> int: + inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0] + return inst.GetByteSize() class LLDBLocalTarget(LLDBConcreteTarget): def __init__(self, diff --git a/src/focaccia/symbolic.py b/src/focaccia/symbolic.py index 4480d42..8b3289a 100644 --- a/src/focaccia/symbolic.py +++ b/src/focaccia/symbolic.py @@ -704,8 +704,12 @@ class SymbolicTracer: ctx = DisassemblyContext(lldb_state) arch = ctx.arch + # print(ctx.machine.mn().fromstring(str('add rdi, r11').upper(), ctx.loc_db, 'l')) + # quit() + # Trace concolically strace: list[SymbolicTransform] = [] + b = False while not target.is_exited(): pc = target.read_register('pc') @@ -719,16 +723,16 @@ class SymbolicTracer: # Try to get the LLDB disassembly instead to simplify debugging try: alt_disas = target.get_disassembly(pc) + instr = Instruction.from_string(alt_disas, ctx.arch, pc, + target.get_instruction_size(pc)) + info(f'Disassembled instruction {instr} at {hex(pc)}') + instr = instr.instr except: - warn(f'Unable to disassemble instruction at {hex(pc)}: {err}.' + warn(f'Unable to disassemble instruction {hex(pc)}: {err}.' f' Skipping.') + target.step() continue - warn(f'Unable to disassemble instruction {alt_disas} at {hex(pc)}: {err}.' - f' Skipping.') - target.step() - continue - # Run instruction conc_state = MiasmSymbolResolver(lldb_state, ctx.loc_db) new_pc, modified = run_instruction(instr, conc_state, ctx.lifter) |