diff options
| author | Camille Mougey <commial@gmail.com> | 2023-04-23 15:41:00 +0200 |
|---|---|---|
| committer | Camille Mougey <commial@gmail.com> | 2023-04-23 16:34:34 +0200 |
| commit | b66becdead10f0bb2aa009dda61c422e79c567fe (patch) | |
| tree | 9e522a4e4e3dc94888332e822a76731e0718e8a5 | |
| parent | 0aed13542b9a51cfa2eca15ee4b2476fda71363c (diff) | |
| download | miasm-b66becdead10f0bb2aa009dda61c422e79c567fe.tar.gz miasm-b66becdead10f0bb2aa009dda61c422e79c567fe.zip | |
Add a sandbox example using the ImpRec strategy
| -rw-r--r-- | example/jitter/unpack_generic.py | 53 | ||||
| -rwxr-xr-x | test/test_all.py | 6 |
2 files changed, 59 insertions, 0 deletions
diff --git a/example/jitter/unpack_generic.py b/example/jitter/unpack_generic.py new file mode 100644 index 00000000..3329d2a9 --- /dev/null +++ b/example/jitter/unpack_generic.py @@ -0,0 +1,53 @@ +from __future__ import print_function +import os +import logging +from miasm.analysis.sandbox import Sandbox_Win_x86_32 +from miasm.jitter.loader.pe import vm2pe, ImpRecStrategy +from miasm.core.locationdb import LocationDB +from miasm.jitter.jitload import JitterException + +parser = Sandbox_Win_x86_32.parser(description="Generic & dummy unpacker") +parser.add_argument("filename", help="PE Filename") +parser.add_argument("--oep", help="Stop and dump if this address is reached") +parser.add_argument('-v', "--verbose", + help="verbose mode", action="store_true") +options = parser.parse_args() + +loc_db = LocationDB() +sb = Sandbox_Win_x86_32( + loc_db, options.filename, options, globals(), + parse_reloc=False +) + +if options.verbose is True: + logging.basicConfig(level=logging.INFO) +else: + logging.basicConfig(level=logging.WARNING) + +if options.verbose is True: + print(sb.jitter.vm) + +def stop(jitter): + logging.info('User provided OEP reached') + # Stop execution + return False + +if options.oep: + # Set callbacks + sb.jitter.add_breakpoint(int(options.oep, 0), stop) + +# Run until an error is encountered - IT IS UNLIKELY THE ORIGINAL ENTRY POINT +try: + sb.run() +except (JitterException, ValueError) as e: + logging.exception(e) + +out_fname = "%s.dump" % (options.filename) + +# Try a generic approach to rebuild the Import Table +imprec = ImpRecStrategy(sb.jitter, sb.libs, 32) +imprec.recover_import() + +# Rebuild the PE and dump it +print("Dump to %s" % out_fname) +vm2pe(sb.jitter, out_fname, libs=sb.libs, e_orig=sb.pe) diff --git a/test/test_all.py b/test/test_all.py index 2d078bf1..2d7a11f4 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -799,6 +799,12 @@ for jitter in ExampleJitter.jitter_engines: products=[Example.get_sample("box_upx_exe_unupx.bin")], tags=tags.get(jitter, [])) + testset += ExampleJitter(["unpack_generic.py", + Example.get_sample("box_upx.exe")] + + ["--jitter", jitter, "-o"], + products=[Example.get_sample("box_upx.exe.dump")], + tags=tags.get(jitter, [])) + testset += ExampleJitter(["memory_breakpoint.py", Example.get_sample("box_upx.exe")] + ["--jitter", jitter] + |