diff options
| author | Adrien Guinet <adrien@guinet.me> | 2017-10-31 08:16:17 +0100 |
|---|---|---|
| committer | Camille Mougey <commial@gmail.com> | 2017-10-31 08:16:17 +0100 |
| commit | 33dccf7012673882bef35b9afd9fb986881a8168 (patch) | |
| tree | d3f31c219a4ed5227c3a08d0003bc4b9a4494e37 | |
| parent | 1e1b3282704700328d23a96d4da402715f554f9e (diff) | |
| download | miasm-33dccf7012673882bef35b9afd9fb986881a8168.tar.gz miasm-33dccf7012673882bef35b9afd9fb986881a8168.zip | |
Various Win32 API additions/fixes (#616)
Various Win32 API additions/fixes
* add a get_size method to Miasm heap object, which allows the
implementation of mscvrt_realloc
* add the concept of "current directory", with the default value being
arbitrary set to "c:\tmp", which allows the implementation of
{Get,Set}CurrentDirecrtory
* various other methods implemented:
- advapi32_RegCloseKey
- advapi32_RegCreateKeyW
- advapi32_RegSetValueExA
- advapi32_RegSetValueExW
- kernel32_GetProcessHeap
- msvcrt_delete
- msvcrt_fprintf
- msvcrt_fwrite
- msvcrt__mbscpy
- msvcrt_new
- msvcrt_realloc
- msvcrt_sprintf
- msvcrt_srand
- msvcrt_strrchr
- msvcrt_swprintf
- msvcrt_wcscat
- msvcrt_wcscmp
- msvcrt_wcscpy
- msvcrt__wcsicmp
- msvcrt_wcslen
- msvcrt_wcsncpy
- msvcrt__wcsnicmp
- msvcrt_wcsrchr
Diffstat (limited to '')
| -rw-r--r-- | miasm2/os_dep/common.py | 54 | ||||
| -rw-r--r-- | miasm2/os_dep/linux_stdlib.py | 24 | ||||
| -rw-r--r-- | miasm2/os_dep/win_api_x86_32.py | 217 | ||||
| -rwxr-xr-x | test/os_dep/common.py | 35 | ||||
| -rwxr-xr-x | test/os_dep/linux/stdlib.py | 43 | ||||
| -rwxr-xr-x | test/os_dep/win_api_x86_32.py | 85 | ||||
| -rwxr-xr-x | test/test_all.py | 4 |
7 files changed, 433 insertions, 29 deletions
diff --git a/miasm2/os_dep/common.py b/miasm2/os_dep/common.py index ecb6d821..7e46b276 100644 --- a/miasm2/os_dep/common.py +++ b/miasm2/os_dep/common.py @@ -2,6 +2,7 @@ import os from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE from miasm2.core.utils import get_caller_name +from miasm2.core.utils import pck64, upck64 BASE_SB_PATH = "file_sb" @@ -73,10 +74,31 @@ class heap(object): combination of them); default is PAGE_READ|PAGE_WRITE """ addr = self.next_addr(size) - vm.add_memory_page(addr, perm, "\x00" * size, + vm.add_memory_page(addr, perm, "\x00" * (size), "Heap alloc by %s" % get_caller_name(2)) return addr + def get_size(self, vm, ptr): + """ + @vm: a VmMngr instance + @size: ptr to get the size of the associated allocation. + + `ptr` can be the base address of a previous allocation, or an address + within the allocated range. The size of the whole allocation is always + returned, regardless ptr is the base address or not. + """ + assert vm.is_mapped(ptr, 1) + data = vm.get_all_memory() + ptr_page = data.get(ptr, None) + if ptr_page is None: + for address, page_info in data.iteritems(): + if address <= ptr < address + page_info["size"]: + ptr_page = page_info + break + else: + raise RuntimeError("Must never happen (unmapped but mark as mapped by API)") + return ptr_page["size"] + def windows_to_sbpath(path): """Convert a Windows path to a valid filename within the sandbox @@ -94,3 +116,33 @@ def unix_to_sbpath(path): """ path = [elt for elt in path.split('/') if elt] return os.path.join(BASE_SB_PATH, *path) + +def get_fmt_args(fmt, cur_arg, get_str, get_arg_n): + output = "" + idx = 0 + fmt = get_str(fmt) + while True: + if idx == len(fmt): + break + char = fmt[idx] + idx += 1 + if char == '%': + token = '%' + while True: + char = fmt[idx] + idx += 1 + token += char + if char.lower() in '%cdfsux': + break + if char == '%': + output += char + continue + if token.endswith('s'): + addr = get_arg_n(cur_arg) + arg = get_str(addr) + else: + arg = get_arg_n(cur_arg) + char = token % arg + cur_arg += 1 + output += char + return output diff --git a/miasm2/os_dep/linux_stdlib.py b/miasm2/os_dep/linux_stdlib.py index 9e68454c..d0e281a1 100644 --- a/miasm2/os_dep/linux_stdlib.py +++ b/miasm2/os_dep/linux_stdlib.py @@ -4,6 +4,7 @@ from sys import stdout from string import printable from miasm2.os_dep.common import heap +from miasm2.os_dep.common import get_fmt_args as _get_fmt_args class c_linobjs(object): @@ -104,28 +105,7 @@ def xxx_puts(jitter): def get_fmt_args(jitter, fmt, cur_arg): - output = "" - while True: - char = jitter.vm.get_mem(fmt, 1) - fmt += 1 - if char == '\x00': - break - if char == '%': - token = '%' - while True: - char = jitter.vm.get_mem(fmt, 1) - fmt += 1 - token += char - if char.lower() in '%cdfsux': - break - if token.endswith('s'): - arg = jitter.get_str_ansi(jitter.get_arg_n_systemv(cur_arg)) - else: - arg = jitter.get_arg_n_systemv(cur_arg) - char = token % arg - cur_arg += 1 - output += char - return output + return _get_fmt_args(fmt, cur_arg, jitter.get_str_ansi, jitter.get_arg_n_systemv) def xxx_snprintf(jitter): diff --git a/miasm2/os_dep/win_api_x86_32.py b/miasm2/os_dep/win_api_x86_32.py index 0c27652a..e3addda6 100644 --- a/miasm2/os_dep/win_api_x86_32.py +++ b/miasm2/os_dep/win_api_x86_32.py @@ -32,9 +32,10 @@ except ImportError: print "cannot find crypto, skipping" from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE, PAGE_EXEC -from miasm2.core.utils import pck16, pck32, upck32, hexdump, whoami +from miasm2.core.utils import pck16, pck32, upck16, upck32, hexdump, whoami from miasm2.os_dep.common import heap, windows_to_sbpath from miasm2.os_dep.common import set_str_unic, set_str_ansi +from miasm2.os_dep.common import get_fmt_args as _get_fmt_args from miasm2.os_dep.win_api_x86_32_seh import tib_address log = logging.getLogger("win_api_x86_32") @@ -160,7 +161,8 @@ class c_winobjs: self.tls_values = {} self.handle_pool = handle_generator() self.handle_mapped = {} - self.hkey_handles = {0x80000001: "hkey_current_user"} + self.hkey_handles = {0x80000001: "hkey_current_user", 0x80000002: "hkey_local_machine"} + self.cur_dir = "c:\\tmp" self.nt_mdl = {} self.nt_mdl_ad = None @@ -278,6 +280,18 @@ def kernel32_LocalAlloc(jitter): alloc_addr = winobjs.heap.alloc(jitter, args.msize) jitter.func_ret_stdcall(ret_ad, alloc_addr) +def msvcrt_new(jitter): + ret_ad, args = jitter.func_args_cdecl(["size"]) + alloc_addr = winobjs.heap.alloc(jitter, args.size) + jitter.func_ret_cdecl(ret_ad, alloc_addr) + +globals()['msvcrt_??2@YAPAXI@Z'] = msvcrt_new + +def msvcrt_delete(jitter): + ret_ad, args = jitter.func_args_cdecl(["ptr"]) + jitter.func_ret_cdecl(ret_ad, 0) + +globals()['msvcrt_??3@YAXPAX@Z'] = msvcrt_delete def kernel32_GlobalFree(jitter): ret_ad, _ = jitter.func_args_stdcall(["addr"]) @@ -722,9 +736,9 @@ def kernel32_VirtualProtect(jitter): raise ValueError('unknown access dw!') jitter.vm.set_mem_access(args.lpvoid, ACCESS_DICT[flnewprotect]) - # XXX todo real old protect if args.lpfloldprotect: - jitter.vm.set_mem(args.lpfloldprotect, pck32(0x40)) + old = jitter.vm.get_mem_access(args.lpvoid) + jitter.vm.set_mem(args.lpfloldprotect, pck32(ACCESS_DICT_INV[old])) jitter.func_ret_stdcall(ret_ad, 1) @@ -1370,6 +1384,34 @@ def my_lstrcmp(jitter, funcname, get_str): log.info("Compare %r with %r", s1, s2) jitter.func_ret_stdcall(ret_ad, cmp(s1, s2)) +def msvcrt_wcscmp(jitter): + ret_ad, args = jitter.func_args_cdecl(["ptr_str1", "ptr_str2"]) + s1 = jitter.get_str_unic(args.ptr_str1) + s2 = jitter.get_str_unic(args.ptr_str2) + log.debug("%s('%s','%s')" % (whoami(), s1, s2)) + jitter.func_ret_cdecl(ret_ad, cmp(s1, s2)) + +def msvcrt__wcsicmp(jitter): + ret_ad, args = jitter.func_args_cdecl(["ptr_str1", "ptr_str2"]) + s1 = jitter.get_str_unic(args.ptr_str1) + s2 = jitter.get_str_unic(args.ptr_str2) + log.debug("%s('%s','%s')" % (whoami(), s1, s2)) + jitter.func_ret_cdecl(ret_ad, cmp(s1.lower(), s2.lower())) + +def msvcrt__wcsnicmp(jitter): + ret_ad, args = jitter.func_args_cdecl(["ptr_str1", "ptr_str2", "count"]) + s1 = jitter.get_str_unic(args.ptr_str1) + s2 = jitter.get_str_unic(args.ptr_str2) + log.debug("%s('%s','%s',%d)" % (whoami(), s1, s2, args.count)) + jitter.func_ret_cdecl(ret_ad, cmp(s1.lower()[:args.count], s2.lower()[:args.count])) + +def msvcrt_wcsncpy(jitter): + ret_ad, args = jitter.func_args_cdecl(["dst", "src", "n"]) + src = jitter.get_str_unic(args.src) + dst = src[:args.n] + dst += "\x00\x00" * (args.n-len(dst)+1) + jitter.vm.set_mem(args.dst, dst) + jitter.func_ret_cdecl(ret_ad, args.dst) def kernel32_lstrcmpA(jitter): my_lstrcmp(jitter, whoami(), jitter.get_str_ansi) @@ -1411,6 +1453,15 @@ def kernel32_lstrcpyA(jitter): def kernel32_lstrcpy(jitter): my_strcpy(jitter, whoami(), jitter.get_str_ansi, jitter.set_str_ansi) +def msvcrt__mbscpy(jitter): + ret_ad, args = jitter.func_args_cdecl(["ptr_str1", "ptr_str2"]) + s2 = jitter.get_str_unic(args.ptr_str2) + jitter.set_str_unic(args.ptr_str1, s2) + jitter.func_ret_cdecl(ret_ad, args.ptr_str1) + +def msvcrt_wcscpy(jitter): + return msvcrt__mbscpy(jitter) + def kernel32_lstrcpyn(jitter): ret_ad, args = jitter.func_args_stdcall(["ptr_str1", "ptr_str2", @@ -1793,13 +1844,39 @@ def msvcrt_memset(jitter): jitter.vm.set_mem(args.addr, chr(args.c) * args.size) jitter.func_ret_cdecl(ret_ad, args.addr) +def msvcrt_strrchr(jitter): + ret_ad, args = jitter.func_args_cdecl(['pstr','c']) + s = jitter.get_str_ansi(args.pstr) + c = chr(args.c) + ret = args.pstr + s.rfind(c) + log.info("strrchr(%x '%s','%s') = %x" % (args.pstr,s,c,ret)) + jitter.func_ret_cdecl(ret_ad, ret) + +def msvcrt_wcsrchr(jitter): + ret_ad, args = jitter.func_args_cdecl(['pstr','c']) + s = jitter.get_str_unic(args.pstr) + c = chr(args.c) + ret = args.pstr + (s.rfind(c)*2) + log.info("wcsrchr(%x '%s',%s) = %x" % (args.pstr,s,c,ret)) + jitter.func_ret_cdecl(ret_ad, ret) def msvcrt_memcpy(jitter): ret_ad, args = jitter.func_args_cdecl(['dst', 'src', 'size']) s = jitter.vm.get_mem(args.src, args.size) + #log.info("memcpy buf %s" % s.encode("hex")) jitter.vm.set_mem(args.dst, s) jitter.func_ret_cdecl(ret_ad, args.dst) +def msvcrt_realloc(jitter): + ret_ad,args = jitter.func_args_cdecl(['ptr','new_size']) + if args.ptr == 0: + addr = winobjs.heap.alloc(jitter, args.new_size) + else: + addr = winobjs.heap.alloc(jitter, args.new_size) + size = winobjs.heap.get_size(jitter.vm, args.ptr) + data = jitter.vm.get_mem(args.ptr, size) + jitter.vm.set_mem(addr, data) + jitter.func_ret_cdecl(ret_ad, addr) def msvcrt_memcmp(jitter): ret_ad, args = jitter.func_args_cdecl(['ps1', 'ps2', 'size']) @@ -1962,6 +2039,43 @@ def user32_IsCharAlphaNumericA(jitter): ret = 0 jitter.func_ret_stdcall(ret_ad, ret) +def get_fmt_args(jitter, fmt, cur_arg, get_str): + return _get_fmt_args(fmt, cur_arg, get_str, jitter.get_arg_n_cdecl) + +def msvcrt_sprintf_str(jitter, get_str): + ret_ad, args = jitter.func_args_cdecl(['string', 'fmt']) + cur_arg, fmt = 2, args.fmt + return ret_ad, args, get_fmt_args(jitter, fmt, cur_arg, get_str) + +def msvcrt_sprintf(jitter): + ret_ad, args, output = msvcrt_sprintf_str(jitter, jitter.get_str_ansi) + ret = len(output) + log.info("sprintf() = '%s'" % (output)) + jitter.vm.set_mem(args.string, output + '\x00') + return jitter.func_ret_cdecl(ret_ad, ret) + +def msvcrt_swprintf(jitter): + ret_ad, args = jitter.func_args_cdecl(['string', 'fmt']) + cur_arg, fmt = 2, args.fmt + output = get_fmt_args(jitter, fmt, cur_arg, jitter.get_str_unic) + ret = len(output) + log.info("swprintf('%s') = '%s'" % (jitter.get_str_unic(args.fmt), output)) + jitter.vm.set_mem(args.string, output.encode("utf-16le") + '\x00\x00') + return jitter.func_ret_cdecl(ret_ad, ret) + +def msvcrt_fprintf(jitter): + ret_addr, args = jitter.func_args_cdecl(['file', 'fmt']) + cur_arg, fmt = 2, args.fmt + output = get_fmt_args(jitter, fmt, cur_arg) + ret = len(output) + log.info("fprintf(%x, '%s') = '%s'" % (args.file, jitter.get_str_ansi(args.fmt), output)) + + fd = upck32(jitter.vm.get_mem(args.file + 0x10, 4)) + if not fd in winobjs.handle_pool: + raise NotImplementedError("Untested case") + winobjs.handle_pool[fd].info.write(output) + + return jitter.func_ret_cdecl(ret_addr, ret) def shlwapi_StrCmpNIA(jitter): ret_ad, args = jitter.func_args_stdcall(["ptr_str1", "ptr_str2", @@ -1973,6 +2087,36 @@ def shlwapi_StrCmpNIA(jitter): jitter.func_ret_stdcall(ret_ad, cmp(s1, s2)) +def advapi32_RegCreateKeyW(jitter): + ret_ad, args = jitter.func_args_stdcall(["hkey", "subkey", + "phandle"]) + s_subkey = jitter.get_str_unic(args.subkey).lower() if args.subkey else "" + + ret_hkey = 0 + ret = 2 + if args.hkey in winobjs.hkey_handles: + ret = 0 + if s_subkey: + ret_hkey = hash(s_subkey) & 0xffffffff + winobjs.hkey_handles[ret_hkey] = s_subkey + else: + ret_hkey = args.hkey + + log.info("RegCreateKeyW(%x, '%s') = (%x,%d)" % (args.hkey, s_subkey, ret_hkey, ret)) + jitter.vm.set_mem(args.phandle, pck32(ret_hkey)) + + jitter.func_ret_stdcall(ret_ad, ret) + +def kernel32_GetCurrentDirectoryA(jitter): + ret_ad, args = jitter.func_args_stdcall(["size","buf"]) + dir_ = winobjs.cur_dir + log.debug("GetCurrentDirectory() = '%s'" % dir_) + jitter.vm.set_mem(args.buf, dir_[:args.size-1] + "\x00") + ret = len(dir_) + if args.size <= len(dir_): + ret += 1 + jitter.func_ret_stdcall(ret_ad, ret) + def advapi32_RegOpenKeyEx(jitter, funcname, get_str): ret_ad, args = jitter.func_args_stdcall(["hkey", "subkey", "reserved", "access", @@ -2013,6 +2157,29 @@ def advapi32_RegSetValue(jitter, funcname, get_str): log.info("Value %s", get_str(args.pvalue)) jitter.func_ret_stdcall(ret_ad, 0) +def advapi32_RegSetValueEx(jitter, funcname, get_str): + ret_ad, args = jitter.func_args_stdcall(["hkey", "lpvaluename", + "reserved", "dwtype", + "lpdata", "cbData"]) + hkey = winobjs.hkey_handles.get(args.hkey, "unknown HKEY") + value_name = get_str(args.lpvaluename) if args.lpvaluename else "" + data = get_str(args.lpdata) if args.lpdata else "" + log.info("%s('%s','%s'='%s',%x)" % (funcname, hkey, value_name, data, args.dwtype)) + jitter.func_ret_stdcall(ret_ad, 0) + +def advapi32_RegCloseKey(jitter): + ret_ad, args = jitter.func_args_stdcall(["hkey"]) + del winobjs.hkey_handles[args.hkey] + log.info("RegCloseKey(%x)" % args.hkey) + jitter.func_ret_stdcall(ret_ad, 0) + +def advapi32_RegSetValueExA(jitter): + advapi32_RegSetValueEx(jitter, whoami(), jitter.get_str_ansi) + + +def advapi32_RegSetValueExW(jitter): + advapi32_RegOpenKeyEx(jitter, whoami(), jitter.get_str_unic) + def advapi32_RegSetValueA(jitter): advapi32_RegSetValue(jitter, whoami(), jitter.get_str_ansi) @@ -2026,6 +2193,27 @@ def kernel32_GetThreadLocale(jitter): ret_ad, _ = jitter.func_args_stdcall(0) jitter.func_ret_stdcall(ret_ad, 0x40c) +def kernel32_SetCurrentDirectory(jitter, get_str): + ret_ad, args = jitter.func_args_stdcall(['dir']) + dir_ = get_str(args.dir) + log.debug("SetCurrentDirectory('%s') = 1" % dir_) + winobjs.cur_dir = dir_ + jitter.func_ret_stdcall(ret_ad, 1) + +def kernel32_SetCurrentDirectoryW(jitter): + return kernel32_SetCurrentDirectory(jitter, jitter.get_str_unic) + +def kernel32_SetCurrentDirectoryA(jitter): + return kernel32_SetCurrentDirectory(jitter, jitter.get_str_ansi) + +def msvcrt_wcscat(jitter): + ret_ad, args = jitter.func_args_cdecl(['ptr_str1', 'ptr_str2']) + s1 = jitter.get_str_unic(args.ptr_str1) + s2 = jitter.get_str_unic(args.ptr_str2) + log.info("strcat('%s','%s')" % (s1,s2)) + jitter.vm.set_mem(args.ptr_str1, (s1 + s2).encode("utf-16le") + "\x00\x00") + jitter.func_ret_cdecl(ret_ad, args.ptr_str1) + def kernel32_GetLocaleInfo(jitter, funcname, set_str): ret_ad, args = jitter.func_args_stdcall(["localeid", "lctype", @@ -2361,6 +2549,14 @@ def msvcrt_rand(jitter): ret_ad, _ = jitter.func_args_cdecl(0) jitter.func_ret_stdcall(ret_ad, 0x666) +def msvcrt_srand(jitter): + ret_ad, _ = jitter.func_args_cdecl(['seed']) + jitter.func_ret_stdcall(ret_ad, 0) + +def msvcrt_wcslen(jitter): + ret_ad, args = jitter.func_args_cdecl(["pwstr"]) + s = jitter.get_str_unic(args.pwstr) + jitter.func_ret_cdecl(ret_ad, len(s)) def kernel32_SetFilePointer(jitter): ret_ad, args = jitter.func_args_stdcall(["hwnd", "distance", @@ -2531,6 +2727,17 @@ def msvcrt_fread(jitter): jitter.func_ret_cdecl(ret_ad, args.nmemb) +def msvcrt_fwrite(jitter): + ret_ad, args = jitter.func_args_cdecl(["buf", "size", "nmemb", "stream"]) + fd = upck32(jitter.vm.get_mem(args.stream + 0x10, 4)) + if not fd in winobjs.handle_pool: + raise NotImplementedError("Unknown file handle!") + + data = jitter.vm.get_mem(args.buf, args.size*args.nmemb) + winobjs.handle_pool[fd].info.write(data) + jitter.func_ret_cdecl(ret_ad, args.nmemb) + + def msvcrt_fclose(jitter): ret_ad, args = jitter.func_args_cdecl(['stream']) fd = upck32(jitter.vm.get_mem(args.stream + 0x10, 4)) @@ -2736,7 +2943,7 @@ def msvcrt_myfopen(jitter, get_str): rw = get_str(args.pmode) log.info("fopen %r, %r", fname, rw) - if rw in ['r', 'rb', 'wb+']: + if rw in ['r', 'rb', 'wb+','wb','wt']: sb_fname = windows_to_sbpath(fname) h = open(sb_fname, rw) eax = winobjs.handle_pool.add(sb_fname, h) diff --git a/test/os_dep/common.py b/test/os_dep/common.py new file mode 100755 index 00000000..5d525e32 --- /dev/null +++ b/test/os_dep/common.py @@ -0,0 +1,35 @@ +#! /usr/bin/env python2 +#-*- coding:utf-8 -*- + +import unittest +import logging +from miasm2.analysis.machine import Machine +import miasm2.os_dep.common as commonapi +from miasm2.core.utils import pck32 +from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE + +machine = Machine("x86_32") + +jit = machine.jitter() +jit.init_stack() + +class TestCommonAPI(unittest.TestCase): + + def test_get_size(self): + heap = commonapi.heap() + with self.assertRaises(AssertionError): + heap.get_size(jit.vm, 0) + heap.alloc(jit, 20) + heap.alloc(jit, 40) + heap.alloc(jit, 50) + heap.alloc(jit, 60) + ptr = heap.alloc(jit, 10) + heap.alloc(jit, 80) + for i in xrange(10): + self.assertEqual(heap.get_size(jit.vm, ptr+i), 10) + +if __name__ == '__main__': + testsuite = unittest.TestLoader().loadTestsFromTestCase(TestCommonAPI) + report = unittest.TextTestRunner(verbosity=2).run(testsuite) + exit(len(report.errors + report.failures)) + diff --git a/test/os_dep/linux/stdlib.py b/test/os_dep/linux/stdlib.py new file mode 100755 index 00000000..ab39a487 --- /dev/null +++ b/test/os_dep/linux/stdlib.py @@ -0,0 +1,43 @@ +#! /usr/bin/env python2 +#-*- coding:utf-8 -*- + +import unittest +import logging +from miasm2.analysis.machine import Machine +import miasm2.os_dep.linux_stdlib as stdlib +from miasm2.core.utils import pck32 +from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE + +machine = Machine("x86_32") + +jit = machine.jitter() +jit.init_stack() + +heap = stdlib.linobjs.heap + +class TestLinuxStdlib(unittest.TestCase): + + def test_xxx_sprintf(self): + def alloc_str(s): + s += "\x00" + ptr = heap.alloc(jit, len(s)) + jit.vm.set_mem(ptr, s) + return ptr + fmt = alloc_str("'%s' %d") + str_ = alloc_str("coucou") + buf = heap.alloc(jit,1024) + + jit.push_uint32_t(1111) + jit.push_uint32_t(str_) + jit.push_uint32_t(fmt) + jit.push_uint32_t(buf) + jit.push_uint32_t(0) # ret_ad + stdlib.xxx_sprintf(jit) + ret = jit.get_str_ansi(buf) + self.assertEqual(ret, "'coucou' 1111") + + +if __name__ == '__main__': + testsuite = unittest.TestLoader().loadTestsFromTestCase(TestLinuxStdlib) + report = unittest.TextTestRunner(verbosity=2).run(testsuite) + exit(len(report.errors + report.failures)) diff --git a/test/os_dep/win_api_x86_32.py b/test/os_dep/win_api_x86_32.py index 2e22ccea..f080ba89 100755 --- a/test/os_dep/win_api_x86_32.py +++ b/test/os_dep/win_api_x86_32.py @@ -6,12 +6,14 @@ import logging from miasm2.analysis.machine import Machine import miasm2.os_dep.win_api_x86_32 as winapi from miasm2.core.utils import pck32 +from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE machine = Machine("x86_32") jit = machine.jitter() jit.init_stack() +heap = winapi.winobjs.heap class TestWinAPI(unittest.TestCase): @@ -23,6 +25,89 @@ class TestWinAPI(unittest.TestCase): vBool = jit.cpu.EAX self.assertFalse(vBool) + def test_msvcrt_sprintf(self): + def alloc_str(s): + s += "\x00" + ptr = heap.alloc(jit, len(s)) + jit.vm.set_mem(ptr, s) + return ptr + fmt = alloc_str("'%s' %d") + str_ = alloc_str("coucou") + buf = heap.alloc(jit,1024) + + jit.push_uint32_t(1111) + jit.push_uint32_t(str_) + jit.push_uint32_t(fmt) + jit.push_uint32_t(buf) + jit.push_uint32_t(0) # ret_ad + winapi.msvcrt_sprintf(jit) + ret = jit.get_str_ansi(buf) + self.assertEqual(ret, "'coucou' 1111") + + + def test_msvcrt_swprintf(self): + def alloc_str(s): + s = s.encode("utf-16le") + s += "\x00\x00" + ptr = heap.alloc(jit, len(s)) + jit.vm.set_mem(ptr, s) + return ptr + fmt = alloc_str("'%s' %d") + str_ = alloc_str("coucou") + buf = heap.alloc(jit,1024) + + jit.push_uint32_t(1111) + jit.push_uint32_t(str_) + jit.push_uint32_t(fmt) + jit.push_uint32_t(buf) + jit.push_uint32_t(0) # ret_ad + winapi.msvcrt_swprintf(jit) + ret = jit.get_str_unic(buf) + self.assertEqual(ret, "'coucou' 1111") + + + def test_msvcrt_realloc(self): + jit.push_uint32_t(10) + jit.push_uint32_t(0) # ret_ad + winapi.msvcrt_malloc(jit) + ptr = jit.cpu.EAX + + jit.push_uint32_t(20) + jit.push_uint32_t(ptr) + jit.push_uint32_t(0) # ret_ad + winapi.msvcrt_realloc(jit) + ptr2 = jit.cpu.EAX + + self.assertNotEqual(ptr, ptr2) + self.assertEqual(heap.get_size(jit.vm,ptr2), 20) + + def test_GetCurrentDirectory(self): + + # DWORD WINAPI GetCurrentDirectory(size, buf) + + # Test with a buffer long enough + addr = 0x80000 + size = len(winapi.winobjs.cur_dir)+1 + jit.vm.add_memory_page(addr, PAGE_READ | PAGE_WRITE, "\x00" * (size), "") + jit.push_uint32_t(addr) # buf + jit.push_uint32_t(size) # size + jit.push_uint32_t(0) # @return + winapi.kernel32_GetCurrentDirectoryA(jit) + dir_ = jit.get_str_ansi(addr) + size_ret = jit.cpu.EAX + self.assertEqual(len(dir_), size_ret) + + # Test with a buffer too small + jit.vm.set_mem(addr, "\xFF"*size) + jit.push_uint32_t(addr) # buf + jit.push_uint32_t(5) # size + jit.push_uint32_t(0) # @return + winapi.kernel32_GetCurrentDirectoryA(jit) + size_ret = jit.cpu.EAX + self.assertEqual(len(dir_)+1, size_ret) + dir_short = jit.get_str_ansi(addr) + self.assertEqual(dir_short, dir_[:4]) + def test_MemoryManagementFunctions(self): # HGLOBAL WINAPI GlobalAlloc(_In_ UINT uFlags, _In_ SIZE_T dwBytes); diff --git a/test/test_all.py b/test/test_all.py index d2ae4fce..23937366 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -265,7 +265,9 @@ testset += RegressionTest(["z3_ir.py"], base_dir="ir/translators", testset += RegressionTest(["smt2.py"], base_dir="ir/translators", tags=[TAGS["z3"]]) ## OS_DEP -for script in ["win_api_x86_32.py", +for script in ["common.py", + "win_api_x86_32.py", + os.path.join("linux", "stdlib.py"), ]: testset += RegressionTest([script], base_dir="os_dep", tags=[TAGS['gcc']]) |