diff options
| author | Camille Mougey <commial@gmail.com> | 2015-02-13 13:58:31 +0100 |
|---|---|---|
| committer | Camille Mougey <commial@gmail.com> | 2015-02-13 13:58:31 +0100 |
| commit | 12d1f2f3b7ff01db52dba68f4abe8294257ad705 (patch) | |
| tree | 7b312012e5afb81134b1dbacde1a30de721cf922 | |
| parent | 44df579e8d114725b85ade8d5b5d4dc4df16555f (diff) | |
| parent | c6e218705278303ec06d418ed9e0548077c4517d (diff) | |
| download | miasm-12d1f2f3b7ff01db52dba68f4abe8294257ad705.tar.gz miasm-12d1f2f3b7ff01db52dba68f4abe8294257ad705.zip | |
Merge pull request #68 from serpilliere/sandbox_win_x86_64
Sandbox win x86 64
| -rw-r--r-- | example/jitter/sandbox_pe_x86_64.py | 23 | ||||
| -rw-r--r-- | miasm2/analysis/sandbox.py | 42 |
2 files changed, 60 insertions, 5 deletions
diff --git a/example/jitter/sandbox_pe_x86_64.py b/example/jitter/sandbox_pe_x86_64.py new file mode 100644 index 00000000..8d9db88e --- /dev/null +++ b/example/jitter/sandbox_pe_x86_64.py @@ -0,0 +1,23 @@ +import os +from pdb import pm +from miasm2.analysis.sandbox import Sandbox_Win_x86_64 + +# Python auto completion +filename = os.environ.get('PYTHONSTARTUP') +if filename and os.path.isfile(filename): + execfile(filename) + +# Insert here user defined methods + +# Parse arguments +parser = Sandbox_Win_x86_64.parser(description="PE sandboxer") +parser.add_argument("filename", help="PE Filename") +options = parser.parse_args() + +# Create sandbox +sb = Sandbox_Win_x86_64(options.filename, options, globals()) + +# Run +sb.run() + +assert(sb.jitter.run is False) diff --git a/miasm2/analysis/sandbox.py b/miasm2/analysis/sandbox.py index c5873a85..9fdae8cf 100644 --- a/miasm2/analysis/sandbox.py +++ b/miasm2/analysis/sandbox.py @@ -261,13 +261,12 @@ class OS_Linux_str(OS): parser.add_argument("load_base_addr", help="load base address") - -class Arch_x86_32(Arch): - _ARCH_ = "x86_32" +class Arch_x86(Arch): + _ARCH_ = None # Arch name STACK_SIZE = 0x100000 def __init__(self): - super(Arch_x86_32, self).__init__() + super(Arch_x86, self).__init__() if self.options.usesegm: self.jitter.ir_arch.do_stk_segm= True @@ -283,7 +282,15 @@ class Arch_x86_32(Arch): @classmethod def update_parser(cls, parser): parser.add_argument('-s', "--usesegm", action="store_true", - help="Use segments fs:") + help="Use segments") + + +class Arch_x86_32(Arch_x86): + _ARCH_ = "x86_32" + + +class Arch_x86_64(Arch): + _ARCH_ = "x86_64" class Arch_arml(Arch): @@ -334,6 +341,31 @@ class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): super(Sandbox_Win_x86_32, self).run(addr) +class Sandbox_Win_x86_64(Sandbox, Arch_x86_64, OS_Win): + + def __init__(self, *args, **kwargs): + Sandbox.__init__(self, *args, **kwargs) + + # reserve stack for local reg + for i in xrange(0x4): + self.jitter.push_uint64_t(0) + + # Pre-stack some arguments + self.jitter.push_uint64_t(0x1337beef) + + # Set the runtime guard + self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) + + + def run(self, addr = None): + """ + If addr is not set, use entrypoint + """ + if addr is None and self.options.address is None: + addr = self.entry_point + super(Sandbox_Win_x86_64, self).run(addr) + + class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): def __init__(self, *args, **kwargs): |