diff options
| author | serpilliere <devnull@localhost> | 2014-06-03 10:27:56 +0200 |
|---|---|---|
| committer | serpilliere <devnull@localhost> | 2014-06-03 10:27:56 +0200 |
| commit | ed5c3668cc9f545b52674ad699fc2b0ed1ccb575 (patch) | |
| tree | 07faf97d7e4d083173a1f7e1bfd249baed2d74f9 /example/test_symbexec.py | |
| parent | a183e1ebd525453710306695daa8c410fd0cb2af (diff) | |
| download | miasm-ed5c3668cc9f545b52674ad699fc2b0ed1ccb575.tar.gz miasm-ed5c3668cc9f545b52674ad699fc2b0ed1ccb575.zip | |
Miasm v2
* API has changed, so old scripts need updates * See example for API usage * Use tcc or llvm for jit emulation * Go to test and run test_all.py to check install Enjoy !
Diffstat (limited to 'example/test_symbexec.py')
| -rw-r--r-- | example/test_symbexec.py | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/example/test_symbexec.py b/example/test_symbexec.py new file mode 100644 index 00000000..1eabe824 --- /dev/null +++ b/example/test_symbexec.py @@ -0,0 +1,141 @@ +import sys +import os +from elfesteem import * +from elfesteem.strpatchwork import StrPatchwork +import inspect +import logging +from pdb import pm +import struct +from optparse import OptionParser +from miasm2.expression.expression import * +from miasm2.core import asmbloc + +from miasm2.arch.x86.arch import mn_x86 +from miasm2.jitter.jitload import load_pe_in_vm, load_elf_in_vm, bin_stream_vm, get_import_address_elf +from miasm2.jitter.jitter import updt_bloc_emul +from miasm2.jitter.vm_mngr import * +from miasm2.jitter.arch import Jit_x86 +from miasm2.jitter.arch import Jit_arm +from miasm2.ir.ir2C import init_arch_C + + +from miasm2.core.bin_stream import bin_stream +# from jitter import * +from miasm2.jitter.os_dep import win_api_x86_32 + +from miasm2.ir.symbexec import symbexec + +from miasm2.ir.ir2C import bloc2IR + +from miasm2.arch.x86.regs import * + + +def whoami(): + return inspect.stack()[1][3] + + +log = logging.getLogger("dis") +console_handler = logging.StreamHandler() +console_handler.setFormatter(logging.Formatter("%(levelname)-5s: %(message)s")) +log.addHandler(console_handler) +log.setLevel(logging.INFO) + +filename = os.environ.get('PYTHONSTARTUP') +if filename and os.path.isfile(filename): + execfile(filename) + + +parser = OptionParser(usage="usage: %prog [options] file") +parser.add_option('-a', "--address", dest="address", metavar="ADDRESS", + help="force eop address", default=None) +parser.add_option('-m', "--architecture", dest="machine", metavar="MACHINE", + help="architecture to use for disasm: arm, x86_32, x86_64, ppc, java") +parser.add_option('-s', "--segm", dest="usesegm", action="store_true", + help="use segments fs:", default=False) +parser.add_option('-d', "--hdr", dest="loadhdr", action="store_true", + help="load pe hdr", default=False) +parser.add_option( + '-l', "--loadbasedll", dest="loadbasedll", action="store_true", + help="load base dll", default=False) +parser.add_option('-x', "--dumpall", dest="dumpall", action="store_true", + help="load base dll", default=False) +parser.add_option('-e', "--loadmainpe", dest="loadmainpe", action="store_true", + help="load main pe", default=False) + +parser.add_option('-b', "--dumpblocs", dest="dumpblocs", action="store_true", + help="log disasm blogs", default=False) + +parser.add_option('-r', "--parse_resources", dest="parse_resources", + action="store_true", help="parse pe resources", default=False) + +(options, args) = parser.parse_args(sys.argv[1:]) +if not args: + parser.print_help() + sys.exit(0) + + +log.info("import machine...") +mode = None +if options.machine == "arm": + from miasm2.arch.arm.arch import mn_arm as mn +elif options.machine == "sh4": + from miasm2.arch.sh4_arch import mn_sh4 as mn +elif options.machine == "x86_32": + from miasm2.arch.x86.arch import mn_x86 as mn +elif options.machine == "x86_64": + from miasm2.arch.x86.arch import mn_x86 as mn +else: + raise ValueError('unknown machine') +log.info('ok') +machines = {'arm': (mn, 'arm'), + 'sh4': (mn, None), + 'x86_32': (mn, 32), + 'x86_64': (mn, 64), + } + +mn, attrib = machines[options.machine] + +arch2jit = {'x86': Jit_x86, + 'arm': Jit_arm} + +jitarch = arch2jit[mn.name] + +e, in_str, runtime_dll, segm_to_do, symbol_pool, stack_ad = load_pe_in_vm( + mn, args[0], options) +# e, in_str, runtime_dll, segm_to_do, symbol_pool, stack_ad = +# load_elf_in_vm(mn, args[0], options) +init_arch_C(mn) + +win_api_x86_32.winobjs.runtime_dll = runtime_dll +""" +regs = jitarch.vm_get_gpreg() +regs['RSP'] = stack_ad +jitarch.vm_set_gpreg(regs) +""" + +symbol_pool = asmbloc.asm_symbol_pool() +known_blocs = {} +code_blocs_mem_range = [] + + +ad = 0x951DAF +ad = 0x9518C6 +ad = 0x9519FE +symbols_init = {} +for i, r in enumerate(all_regs_ids): + symbols_init[r] = all_regs_ids_init[i] + + +def se_bloc(ad, arch, attrib, sb): + l = asmbloc.asm_label(ad) + b = asmbloc.asm_bloc(l) + job_done = set() + asmbloc.dis_bloc(arch, in_str, b, ad, job_done, symbol_pool, + attrib=attrib) # , lines_wd = 8) + print b + bloc_ir = bloc2IR(arch, attrib, in_str, b, [], symbol_pool) + sb.emulbloc(arch, bloc_ir) + sb.dump_mem() + +sb = symbexec(mn, symbols_init) +se_bloc(ad, mn, attrib, sb) |