diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2014-10-09 17:47:22 +0200 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2014-10-09 17:47:22 +0200 |
| commit | e5ad0b4553329263240efeb7e7b0563d284355a8 (patch) | |
| tree | da566a52c9acaa9529c6a1daf84f9489594a1bc8 | |
| parent | 7101a6d9d5998102d0dc6a86ac01ba332fed3506 (diff) | |
| download | miasm-e5ad0b4553329263240efeb7e7b0563d284355a8.tar.gz miasm-e5ad0b4553329263240efeb7e7b0563d284355a8.zip | |
Reg test: add arm jit little/big endian
| -rw-r--r-- | example/asm_arm.py | 7 | ||||
| -rw-r--r-- | example/test_jit_arm.py | 1 | ||||
| -rw-r--r-- | example/test_jit_arm_sc.py | 47 | ||||
| -rw-r--r-- | miasm2/analysis/sandbox.py | 89 | ||||
| -rw-r--r-- | miasm2/arch/arm/jit.py | 7 | ||||
| -rw-r--r-- | test/test_all.py | 2 |
6 files changed, 126 insertions, 27 deletions
diff --git a/example/asm_arm.py b/example/asm_arm.py index 60e85259..e9ffa330 100644 --- a/example/asm_arm.py +++ b/example/asm_arm.py @@ -31,8 +31,7 @@ main: MOV R1, mystrend & 0xffff ORR R1, R1, mystrend & 0xffff0000 xxx: - LDR R2, [PC, key-$] - LDR R6, [PC, test-$] + LDRB R2, [PC, key-$] loop: LDRB R3, [R0] EOR R3, R3, R2 @@ -43,13 +42,11 @@ end: MOV R0, R4 LDMFD SP!, {R4, R5, PC} key: -.long 0x11223344 +.byte 0x11 mystr: .string "test string" mystrend: .long 0 -test: -.long mystrend - key + 0x1122 ''' blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) diff --git a/example/test_jit_arm.py b/example/test_jit_arm.py index 997fa4ff..da4a0e6d 100644 --- a/example/test_jit_arm.py +++ b/example/test_jit_arm.py @@ -32,4 +32,3 @@ if options.address is None: sb.run() - diff --git a/example/test_jit_arm_sc.py b/example/test_jit_arm_sc.py new file mode 100644 index 00000000..1ecafe69 --- /dev/null +++ b/example/test_jit_arm_sc.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python +#-*- coding:utf-8 -*- +from miasm2.analysis import debugging, gdbserver + +from miasm2.analysis.sandbox import Sandbox_Linux_armb_str +from miasm2.analysis.sandbox import Sandbox_Linux_arml_str +from miasm2.jitter.jitload import vm_load_elf, libimp, preload_elf +from miasm2.analysis.machine import Machine +from elfesteem.strpatchwork import StrPatchwork +import logging + +from pdb import pm + +parser = Sandbox_Linux_arml_str.parser(description="""Sandbox an elf binary with arm engine +(ex: test_jit_arm_sc.py example/demo_arm_l.bin)""") +parser.add_argument("filename", help="string Filename") +parser.add_argument("endianess", help="endianness [b/l]") +parser.add_argument('-v', "--verbose", + help="verbose mode", action="store_true") + +options = parser.parse_args() + +if options.endianess == 'b': + sandbox = Sandbox_Linux_armb_str +elif options.endianess == 'l': + sandbox = Sandbox_Linux_arml_str +else: + raise ValueError("Bad endianess!") + +sb = sandbox(options.filename, options, globals()) + +if options.address is None: + raise ValueError('invalid address') + +sb.run() + +# test correct de xor +start = sb.jitter.cpu.R0 +stop = sb.jitter.cpu.R1 +s = sb.jitter.vm.get_mem(start, stop-start) +s = StrPatchwork(s) +for i, c in enumerate(s): + s[i] = chr(ord(c)^0x11) +s = str(s) +assert(s == "test string\x00") + + diff --git a/miasm2/analysis/sandbox.py b/miasm2/analysis/sandbox.py index 6ee108e4..6df2bde7 100644 --- a/miasm2/analysis/sandbox.py +++ b/miasm2/analysis/sandbox.py @@ -4,13 +4,19 @@ from miasm2.analysis.machine import Machine from miasm2.jitter.jitload import vm_load_pe, preload_pe, libimp from miasm2.jitter.jitload import vm_load_elf, libimp, preload_elf from miasm2.os_dep import win_api_x86_32, win_api_x86_32_seh - +from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE class Sandbox(object): """ Parent class for Sandbox abstraction """ + @staticmethod + def code_sentinelle(jitter): + print 'Emulation stop' + jitter.run = False + return False + @classmethod def _classes_(cls): """ @@ -219,6 +225,25 @@ class OS_Linux(OS): # Library calls handler self.jitter.add_lib_handler(libs, custom_methods) +class OS_Linux_str(OS): + def __init__(self, custom_methods, *args, **kwargs): + super(OS_Linux_str, self).__init__(custom_methods, *args, **kwargs) + + # Import manager + libs = libimp() + self.libs = libs + + data = open(self.fname).read() + self.options.load_base_addr = int(self.options.load_base_addr, 16) + self.jitter.vm.add_memory_page(self.options.load_base_addr, PAGE_READ | PAGE_WRITE, data) + + # Library calls handler + self.jitter.add_lib_handler(libs, custom_methods) + + @classmethod + def update_parser(cls, parser): + parser.add_argument("load_base_addr", help="load base address") + class Arch_x86_32(Arch): @@ -256,15 +281,20 @@ class Arch_arml(Arch): self.jitter.stack_size = self.STACK_SIZE self.jitter.init_stack() +class Arch_armb(Arch): + _ARCH_ = "armb" + STACK_SIZE = 0x100000 + def __init__(self): + super(Arch_armb, self).__init__() -class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): + # Init stack + self.jitter.stack_size = self.STACK_SIZE + self.jitter.init_stack() - @staticmethod - def code_sentinelle(jitter): - print 'Emulation stop' - jitter.run = False - return False + + +class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): def __init__(self, *args, **kwargs): Sandbox.__init__(self, *args, **kwargs) @@ -290,12 +320,6 @@ class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): - @staticmethod - def code_sentinelle(jitter): - print 'Emulation stop' - jitter.run = False - return False - def __init__(self, *args, **kwargs): Sandbox.__init__(self, *args, **kwargs) @@ -321,12 +345,6 @@ class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): class Sandbox_Linux_arml(Sandbox, Arch_arml, OS_Linux): - @staticmethod - def code_sentinelle(jitter): - print 'Emulation stop' - jitter.run = False - return False - def __init__(self, *args, **kwargs): Sandbox.__init__(self, *args, **kwargs) @@ -340,3 +358,36 @@ class Sandbox_Linux_arml(Sandbox, Arch_arml, OS_Linux): if addr is None and self.options.address is not None: addr = int(self.options.address, 16) super(Sandbox_Linux_arml, self).run(addr) + +class Sandbox_Linux_armb_str(Sandbox, Arch_armb, OS_Linux_str): + + def __init__(self, *args, **kwargs): + Sandbox.__init__(self, *args, **kwargs) + + self.jitter.cpu.LR = 0x1337beef + + # Set the runtime guard + self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) + + + def run(self, addr = None): + if addr is None and self.options.address is not None: + addr = int(self.options.address, 16) + super(Sandbox_Linux_armb_str, self).run(addr) + + +class Sandbox_Linux_arml_str(Sandbox, Arch_arml, OS_Linux_str): + + def __init__(self, *args, **kwargs): + Sandbox.__init__(self, *args, **kwargs) + + self.jitter.cpu.LR = 0x1337beef + + # Set the runtime guard + self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) + + + def run(self, addr = None): + if addr is None and self.options.address is not None: + addr = int(self.options.address, 16) + super(Sandbox_Linux_arml_str, self).run(addr) diff --git a/miasm2/arch/arm/jit.py b/miasm2/arch/arm/jit.py index 29b701df..d089bafb 100644 --- a/miasm2/arch/arm/jit.py +++ b/miasm2/arch/arm/jit.py @@ -1,7 +1,7 @@ from miasm2.jitter.jitload import jitter from miasm2.core import asmbloc from miasm2.core.utils import * -from miasm2.arch.arm.sem import ir_arml +from miasm2.arch.arm.sem import ir_armb, ir_arml import logging @@ -90,6 +90,9 @@ class jitter_arml(jitter): self.cpu.PC = self.pc class jitter_armb(jitter_arml): + def __init__(self, *args, **kwargs): - jitter_arml.__init__(self) + sp = asmbloc.asm_symbol_pool() + jitter.__init__(self, ir_armb(sp), *args, **kwargs) self.vm.set_big_endian() + self.ir_arch.jit_pc = self.ir_arch.arch.regs.PC diff --git a/test/test_all.py b/test/test_all.py index 23e45246..fdba4be4 100644 --- a/test/test_all.py +++ b/test/test_all.py @@ -104,6 +104,8 @@ all_tests = { ["test_jit_arm.py", "md5_arm", "-a", "A684"], ["test_jit_msp430.py", "msp430_sc.bin", "0"], ["test_jit_mips32.py", "mips32_sc_l.bin", "0"], + ["test_jit_arm_sc.py", "0", "demo_arm_b.bin", "b", "-a", "0"], + ["test_jit_arm_sc.py", "0", "demo_arm_l.bin", "l", "-a", "0"], ["sandbox_pe_x86_32.py", "box_x86_32.bin"], ["sandbox_pe_x86_32.py", "box_x86_32_enc.bin"], ["sandbox_pe_x86_32.py", "box_x86_32_mod.bin"], |