about summary refs log tree commit diff stats
path: root/example/disasm
diff options
context:
space:
mode:
authorCamille Mougey <commial@gmail.com>2018-12-10 12:22:52 +0100
committerGitHub <noreply@github.com>2018-12-10 12:22:52 +0100
commitc392534a4d51759cf8ac349ea873e25b424f7472 (patch)
tree2dd12a15c7f3a038471e566d4a971b5934084a17 /example/disasm
parent68e93fbd8a637e6a2d57e4ea26a1306b14744bd6 (diff)
parent5e620f04a458a7ff3fb72673f887c9423a40c1aa (diff)
downloadmiasm-c392534a4d51759cf8ac349ea873e25b424f7472.tar.gz
miasm-c392534a4d51759cf8ac349ea873e25b424f7472.zip
Merge pull request #898 from serpilliere/add_dis_examples
Add dis examples
Diffstat (limited to '')
-rw-r--r--example/disasm/callback.py15
-rw-r--r--example/disasm/dis_binary.py29
-rw-r--r--example/disasm/dis_binary_ir.py35
-rw-r--r--example/disasm/dis_binary_ira.py37
-rw-r--r--example/disasm/dis_x86_string.py22
-rw-r--r--example/disasm/file.py18
-rw-r--r--example/disasm/function.py16
7 files changed, 131 insertions, 41 deletions
diff --git a/example/disasm/callback.py b/example/disasm/callback.py
index b9a09c09..02416b38 100644
--- a/example/disasm/callback.py
+++ b/example/disasm/callback.py
@@ -1,6 +1,6 @@
-from miasm2.core.bin_stream import bin_stream_str
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
 from miasm2.core.asmblock import AsmConstraint
-from miasm2.arch.x86.disasm import dis_x86_32, cb_x86_funcs
 
 
 def cb_x86_callpop(cur_bloc, loc_db, *args, **kwargs):
@@ -45,17 +45,18 @@ shellcode = ''.join(["\xe8\x00\x00\x00\x00", # CALL $
                      "X",                    # POP EAX
                      "\xc3",                 # RET
                      ])
-bin_stream = bin_stream_str(shellcode)
-mdis = dis_x86_32(bin_stream)
+
+# Instantiate a x86 32 bit architecture
+machine = Machine("x86_32")
+cont = Container.from_string(shellcode)
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
 
 print "Without callback:\n"
 asmcfg = mdis.dis_multiblock(0)
 print "\n".join(str(block) for block in asmcfg.blocks)
 
 # Enable callback
-cb_x86_funcs.append(cb_x86_callpop)
-## Other method:
-## mdis.dis_block_callback = cb_x86_callpop
+mdis.dis_block_callback = cb_x86_callpop
 
 print "=" * 40
 print "With callback:\n"
diff --git a/example/disasm/dis_binary.py b/example/disasm/dis_binary.py
new file mode 100644
index 00000000..3e12ca91
--- /dev/null
+++ b/example/disasm/dis_binary.py
@@ -0,0 +1,29 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+fdesc = open(sys.argv[1], 'rb')
+
+# The Container will provide a *bin_stream*, bytes source for the disasm engine
+# It will prodive a view from a PE or an ELF.
+cont = Container.from_stream(fdesc)
+
+# The Machine, instantiated with the detected architecture, will provide tools
+# (disassembler, etc.) to work with this architecture
+machine = Machine(cont.arch)
+
+# Instantiate a disassembler engine, using the previous bin_stream and its
+# associated location DB. The assembly listing will use the binary symbols
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+# Run a recursive traversal disassembling from the entry point
+# (do not follow sub functions by default)
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+# Display each basic blocks
+for block in asmcfg.blocks:
+    print block
+
+# Output control flow graph in a dot file
+open('bin_cfg.dot', 'w').write(asmcfg.dot())
diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py
new file mode 100644
index 00000000..6d98d692
--- /dev/null
+++ b/example/disasm/dis_binary_ir.py
@@ -0,0 +1,35 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+#####################################
+# Common section from dis_binary.py #
+#####################################
+
+fdesc = open(sys.argv[1], 'rb')
+
+cont = Container.from_stream(fdesc)
+
+machine = Machine(cont.arch)
+
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+#####################################
+#    End common section             #
+#####################################
+
+# Get an IR convertor
+ir_arch = machine.ir(mdis.loc_db)
+
+# Get the IR of the asmcfg
+ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
+
+# Display each IR basic blocks
+for irblock in ircfg.blocks.values():
+    print irblock
+
+# Output ir control flow graph in a dot file
+open('bin_ir_cfg.dot', 'w').write(ircfg.dot())
diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py
new file mode 100644
index 00000000..c1bd5dc0
--- /dev/null
+++ b/example/disasm/dis_binary_ira.py
@@ -0,0 +1,37 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+#####################################
+# Common section from dis_binary.py #
+#####################################
+
+fdesc = open(sys.argv[1], 'rb')
+
+cont = Container.from_stream(fdesc)
+
+machine = Machine(cont.arch)
+
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+#####################################
+#    End common section             #
+#####################################
+
+# Get an IRA convertor
+# The sub call are modelised by default operators
+# call_func_ret and call_func_stack
+ir_arch_analysis = machine.ira(mdis.loc_db)
+
+# Get the IR of the asmcfg
+ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg)
+
+# Display each IR basic blocks
+for irblock in ircfg_analysis.blocks.values():
+    print irblock
+
+# Output ir control flow graph in a dot file
+open('bin_ira_cfg.dot', 'w').write(ircfg_analysis.dot())
diff --git a/example/disasm/dis_x86_string.py b/example/disasm/dis_x86_string.py
new file mode 100644
index 00000000..8f919e4e
--- /dev/null
+++ b/example/disasm/dis_x86_string.py
@@ -0,0 +1,22 @@
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+# The Container will provide a *bin_stream*, bytes source for the disasm engine
+cont = Container.from_string("\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3")
+
+# Instantiate a x86 32 bit architecture
+machine = Machine("x86_32")
+
+# Instantiate a disassembler engine, using the previous bin_stream and its
+# associated location DB.
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+# Run a recursive traversal disassembling from address 0
+asmcfg = mdis.dis_multiblock(0)
+
+# Display each basic blocks
+for block in asmcfg.blocks:
+    print block
+
+# Output control flow graph in a dot file
+open('str_cfg.dot', 'w').write(asmcfg.dot())
diff --git a/example/disasm/file.py b/example/disasm/file.py
deleted file mode 100644
index 196e1b1a..00000000
--- a/example/disasm/file.py
+++ /dev/null
@@ -1,18 +0,0 @@
-import sys
-from miasm2.arch.x86.disasm import dis_x86_32
-from miasm2.analysis.binary import Container
-from pdb import pm
-
-if len(sys.argv) != 3:
-    print 'Example:'
-    print "%s samples/box_upx.exe 0x407570" % sys.argv[0]
-    sys.exit(0)
-
-addr = int(sys.argv[2], 0)
-cont = Container.from_stream(open(sys.argv[1]))
-mdis = dis_x86_32(cont.bin_stream)
-# Inform the engine to avoid disassembling null instructions
-mdis.dont_dis_nulstart_bloc = True
-asmcfg = mdis.dis_multiblock(addr)
-
-open('graph.dot', 'w').write(asmcfg.dot())
diff --git a/example/disasm/function.py b/example/disasm/function.py
deleted file mode 100644
index 10495dbc..00000000
--- a/example/disasm/function.py
+++ /dev/null
@@ -1,16 +0,0 @@
-from miasm2.arch.x86.disasm import dis_x86_32
-
-# MOV        EAX, 0x1337BEEF
-# MOV        ECX, 0x4
-# loop:
-# ROL        EAX, 0x8
-# LOOP       loop
-# RET
-shellcode = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3'
-mdis = dis_x86_32(shellcode)
-asmcfg = mdis.dis_multiblock(0)
-
-for block in asmcfg.blocks:
-    print block
-
-open('graph.dot', 'w').write(asmcfg.dot())