diff options
| author | serpilliere <serpilliere@users.noreply.github.com> | 2015-11-09 12:58:45 +0100 |
|---|---|---|
| committer | serpilliere <serpilliere@users.noreply.github.com> | 2015-11-09 12:58:45 +0100 |
| commit | c2febe4d410bbc84a7fbfa420143fc0a4a9df281 (patch) | |
| tree | c9230ee48f5372e0c4edbfa595ce93edf778fc5d /example | |
| parent | 3e2a88817d41d6111801e64ca6de58eb5bdbc23b (diff) | |
| parent | 5c6b3d0c002cbdf5665cc90aed43e0687cfc1672 (diff) | |
| download | miasm-c2febe4d410bbc84a7fbfa420143fc0a4a9df281.tar.gz miasm-c2febe4d410bbc84a7fbfa420143fc0a4a9df281.zip | |
Merge pull request #256 from commial/fix-unpackupx
Fix unpackupx
Diffstat (limited to 'example')
| -rw-r--r-- | example/jitter/unpack_upx.py | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index 2d0a02ea..eb03209b 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -13,16 +13,24 @@ if filename and os.path.isfile(filename): # User defined methods def kernel32_GetProcAddress(jitter): + """Hook on GetProcAddress to note where UPX stores import pointers""" ret_ad, args = jitter.func_args_stdcall(["libbase", "fname"]) + # When the function is called, EBX is a pointer to the destination buffer dst_ad = jitter.cpu.EBX logging.info('EBX ' + hex(dst_ad)) + # Handle ordinal imports fname = (args.fname if args.fname < 0x10000 else jitter.get_str_ansi(args.fname)) logging.info(fname) + # Get the generated address of the library, and store it in memory to dst_ad ad = sb.libs.lib_get_add_func(args.libbase, fname, dst_ad) + # Add a breakpoint in case of a call on the resolved function + # NOTE: never happens in UPX, just for skeleton + jitter.handle_function(ad) + jitter.func_ret_stdcall(ret_ad, ad) @@ -46,13 +54,10 @@ else: if options.verbose is True: print sb.jitter.vm - -ep = sb.entry_point - # Ensure there is one and only one leave (for OEP discovering) mdis = sb.machine.dis_engine(sb.jitter.bs) mdis.dont_dis_nulstart_bloc = True -ab = mdis.dis_multibloc(ep) +ab = mdis.dis_multibloc(sb.entry_point) bb = asmbloc.basicblocs(ab) leaves = bb.get_bad_dst() @@ -92,6 +97,8 @@ sb.jitter.add_breakpoint(end_label, update_binary) sb.run() # Rebuild PE +# Alternative solution: miasm2.jitter.loader.pe.vm2pe(sb.jitter, out_fname, +# libs=sb.libs, e_orig=sb.pe) new_dll = [] sb.pe.SHList.align_sections(0x1000, 0x1000) @@ -111,7 +118,6 @@ sb.pe.DirImport.set_rva(s_myimp.addr) # XXXX TODO sb.pe.NThdr.optentries[pe.DIRECTORY_ENTRY_DELAY_IMPORT].rva = 0 -sb.pe.Opthdr.AddressOfEntryPoint = sb.pe.virt2rva(end_label) bname, fname = os.path.split(options.filename) fname = os.path.join(bname, fname.replace('.', '_')) open(fname + '_unupx.bin', 'w').write(str(sb.pe)) |