diff options
| author | serpilliere <serpilliere@users.noreply.github.com> | 2015-12-16 18:42:48 +0100 |
|---|---|---|
| committer | serpilliere <serpilliere@users.noreply.github.com> | 2015-12-16 18:42:48 +0100 |
| commit | 4915549bfcb8c7a1870f51935337c6eb7c7cda29 (patch) | |
| tree | 9b6540b736f6163197fe8dd4ff066a27a638aff4 | |
| parent | b998b1a8b2814585692e885e656c48357fbbb9b8 (diff) | |
| parent | 797b00e9449368448518ffa5497935569049c3ba (diff) | |
| download | miasm-4915549bfcb8c7a1870f51935337c6eb7c7cda29.tar.gz miasm-4915549bfcb8c7a1870f51935337c6eb7c7cda29.zip | |
Merge pull request #295 from cea-sec/fix_virt_api
Update api according to Elfesteem
| -rw-r--r-- | example/asm/shellcode.py | 13 | ||||
| -rw-r--r-- | example/jitter/unpack_upx.py | 6 | ||||
| -rw-r--r-- | miasm2/core/bin_stream.py | 9 | ||||
| -rw-r--r-- | miasm2/jitter/loader/elf.py | 20 | ||||
| -rw-r--r-- | miasm2/jitter/loader/pe.py | 2 |
5 files changed, 28 insertions, 22 deletions
diff --git a/example/asm/shellcode.py b/example/asm/shellcode.py index 253386b5..9dc5c6bc 100644 --- a/example/asm/shellcode.py +++ b/example/asm/shellcode.py @@ -10,8 +10,8 @@ from miasm2.analysis.machine import Machine from miasm2.core.interval import interval parser = ArgumentParser("Multi-arch (32 bits) assembler") -parser.add_argument('architecture', help="architecture: " + \ - ",".join(Machine.available_machine())) +parser.add_argument('architecture', help="architecture: " + + ",".join(Machine.available_machine())) parser.add_argument("source", help="Source file to assemble") parser.add_argument("output", help="Output file") parser.add_argument("--PE", help="Create a PE with a few imports", @@ -96,8 +96,13 @@ if args.encrypt: patches = new_patches print patches -for offset, raw in patches.items(): - virt[offset] = raw +if isinstance(virt, StrPatchwork): + for offset, raw in patches.items(): + virt[offset] = raw +else: + for offset, raw in patches.items(): + virt.set(offset, raw) + # Produce output open(args.output, 'wb').write(str(output)) diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index 58507506..72a9feb3 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -25,7 +25,8 @@ def kernel32_GetProcAddress(jitter): else jitter.get_str_ansi(args.fname)) logging.info(fname) - # Get the generated address of the library, and store it in memory to dst_ad + # Get the generated address of the library, and store it in memory to + # dst_ad ad = sb.libs.lib_get_add_func(args.libbase, fname, dst_ad) # Add a breakpoint in case of a call on the resolved function # NOTE: never happens in UPX, just for skeleton @@ -34,7 +35,6 @@ def kernel32_GetProcAddress(jitter): jitter.func_ret_stdcall(ret_ad, ad) - parser = Sandbox_Win_x86_32.parser(description="Generic UPX unpacker") parser.add_argument("filename", help="PE Filename") parser.add_argument('-v', "--verbose", @@ -86,7 +86,7 @@ def update_binary(jitter): logging.info('updating binary') for s in sb.pe.SHList: sdata = sb.jitter.vm.get_mem(sb.pe.rva2virt(s.addr), s.rawsize) - sb.pe.virt[sb.pe.rva2virt(s.addr)] = sdata + sb.pe.rva.set(s.addr, sdata) # Stop execution jitter.run = False diff --git a/miasm2/core/bin_stream.py b/miasm2/core/bin_stream.py index 6e158061..f7b160f9 100644 --- a/miasm2/core/bin_stream.py +++ b/miasm2/core/bin_stream.py @@ -108,7 +108,7 @@ class bin_stream_file(bin_stream): return self.bin.tell() - self.shift def setoffset(self, val): - self.bin.seek(val + self.shift) + self.bin.seek(val + self.shift) offset = property(getoffset, setoffset) def readbs(self, l=1): @@ -123,7 +123,6 @@ class bin_stream_file(bin_stream): return self.l - (self.offset + self.shift) - class bin_stream_container(bin_stream): def __init__(self, virt_view, offset=0L): @@ -142,13 +141,13 @@ class bin_stream_container(bin_stream): if self.offset + l > self.l: raise IOError("not enough bytes") self.offset += l - return self.bin(self.offset - l, self.offset) + return self.bin.get(self.offset - l, self.offset) def getbytes(self, start, l=1): - return self.bin(start, start + l) + return self.bin.get(start, start + l) def __str__(self): - out = self.bin(self.offset, self.l) + out = self.bin.get(self.offset, self.offset + self.l) return out def setoffset(self, val): diff --git a/miasm2/jitter/loader/elf.py b/miasm2/jitter/loader/elf.py index b3946000..08df632a 100644 --- a/miasm2/jitter/loader/elf.py +++ b/miasm2/jitter/loader/elf.py @@ -17,6 +17,7 @@ hnd.setFormatter(logging.Formatter("[%(levelname)s]: %(message)s")) log.addHandler(hnd) log.setLevel(logging.CRITICAL) + def get_import_address_elf(e): import2addr = defaultdict(set) for sh in e.sh: @@ -46,21 +47,21 @@ def preload_elf(vm, e, runtime_lib, patch_vm_imp=True): return runtime_lib, dyn_funcs - def vm_load_elf(vm, fdata, **kargs): """ Very dirty elf loader TODO XXX: implement real loader """ - #log.setLevel(logging.DEBUG) + # log.setLevel(logging.DEBUG) e = elf_init.ELF(fdata, **kargs) i = interval() all_data = {} for p in e.ph.phlist: - if p.ph.type != 1: + if p.ph.type != elf_csts.PT_LOAD: continue - log.debug('0x%x 0x%x 0x%x 0x%x', p.ph.vaddr, p.ph.memsz, p.ph.offset, - p.ph.filesz) + log.debug( + '0x%x 0x%x 0x%x 0x%x 0x%x', p.ph.vaddr, p.ph.memsz, p.ph.offset, + p.ph.filesz, p.ph.type) data_o = e._content[p.ph.offset:p.ph.offset + p.ph.filesz] addr_o = p.ph.vaddr a_addr = addr_o & ~0xFFF @@ -68,16 +69,16 @@ def vm_load_elf(vm, fdata, **kargs): b_addr = (b_addr + 0xFFF) & ~0xFFF all_data[addr_o] = data_o # -2: Trick to avoid merging 2 consecutive pages - i += [(a_addr, b_addr-2)] + i += [(a_addr, b_addr - 2)] for a, b in i.intervals: - #print hex(a), hex(b) - vm.add_memory_page(a, PAGE_READ | PAGE_WRITE, "\x00"*(b+2-a)) - + # print hex(a), hex(b) + vm.add_memory_page(a, PAGE_READ | PAGE_WRITE, "\x00" * (b + 2 - a)) for r_vaddr, data in all_data.items(): vm.set_mem(r_vaddr, data) return e + class libimp_elf(libimp): pass @@ -94,6 +95,7 @@ ELF_machine = {(elf_csts.EM_ARM, 32, elf_csts.ELFDATA2LSB): "arml", (elf_csts.EM_SH, 32, elf_csts.ELFDATA2LSB): "sh4", } + def guess_arch(elf): """Return the architecture specified by the ELF container @elf. If unknown, return None""" diff --git a/miasm2/jitter/loader/pe.py b/miasm2/jitter/loader/pe.py index 32d92164..168a5e7d 100644 --- a/miasm2/jitter/loader/pe.py +++ b/miasm2/jitter/loader/pe.py @@ -70,7 +70,7 @@ def is_redirected_export(e, ad): # test is ad points to code or dll name out = '' for i in xrange(0x200): - c = e.virt(ad + i) + c = e.virt.get(ad + i) if c == "\x00": break out += c |