Example: sandbox_pe to diet

author: Fabrice Desclaux <fabrice.desclaux@cea.fr> 2014-10-02 14:37:32 +0200
committer: Fabrice Desclaux <fabrice.desclaux@cea.fr> 2014-10-02 14:37:32 +0200
commit: 8db426e63ea49dffada651a22d5c5ad9ffd93d68 (patch)
tree: 7904ada4272fcc863ab4fd97e328710d4eae4ceb /example
parent: 04a047ab9046f2fd463ad53eacb3545fd4e25ff4 (diff)
download: miasm-8db426e63ea49dffada651a22d5c5ad9ffd93d68.tar.gz
miasm-8db426e63ea49dffada651a22d5c5ad9ffd93d68.zip
2 files changed, 12 insertions, 134 deletions
diff --git a/example/sandbox_pe_x86_32.py b/example/sandbox_pe_x86_32.py
index 3820c2fd..ef5c4873 100644
--- a/example/sandbox_pe_x86_32.py
+++ b/example/sandbox_pe_x86_32.py
@@ -1,124 +1,23 @@
-import sys
 import os
-from argparse import ArgumentParser
-from miasm2.jitter.jitload import vm_load_pe, preload_pe, libimp
-from miasm2.jitter.jitload import bin_stream_vm
-from miasm2.jitter.csts import *
-from miasm2.jitter.os_dep import win_api_x86_32
-from miasm2.analysis import debugging, machine
-
-# Debug settings #
 from pdb import pm
+from miasm2.analysis.sandbox import Sandbox_Win_x86_32
 
+# Python auto completion
 filename = os.environ.get('PYTHONSTARTUP')
 if filename and os.path.isfile(filename):
     execfile(filename)
 
-#
-
-# Handle arguments
-
-parser = ArgumentParser(
-    description="Sandbox a PE binary with x86 32bits engine")
-parser.add_argument("filename", help="PE binary")
-parser.add_argument("-r", "--log-regs",
-                    help="Log registers value for each instruction",
-                    action="store_true")
-parser.add_argument("-m", "--log-mn",
-                    help="Log desassembly conversion for each instruction",
-                    action="store_true")
-parser.add_argument("-n", "--log-newbloc",
-                    help="Log basic blocks processed by the Jitter",
-                    action="store_true")
-parser.add_argument("-j", "--jitter",
-                    help="Jitter engine. Possible values are : tcc (default), llvm",
-                    default="tcc")
-parser.add_argument("-d", "--debugging",
-                    help="Attach a CLI debugguer to the sandboxed programm",
-                    action="store_true")
-parser.add_argument("-g", "--gdbserver",
-                    help="Listen on [port] with a GDB server",
-                    type=int,
-                    default=False)
-args = parser.parse_args()
-
-# User defined methods
-
-
-def msvcrt_memset(myjit):
-    ret_ad, args = myjit.func_args_cdecl(3)
-    dst, c, size = args
-
-    myjit.vm.vm_set_mem(dst, chr(c & 0xFF) * size)
-    myjit.func_ret_cdecl(ret_ad, 0)
-
-
-def msvcrt_memcpy(myjit):
-    ret_ad, args = myjit.func_args_cdecl(3)
-    dst, src, size = args
-
-    x = myjit.vm.vm_get_mem(src, size)
-    myjit.vm.vm_set_mem(dst, x)
-    myjit.func_ret_cdecl(ret_ad, 0)
-
-# Breakpoint callbacks
-
-
-def code_sentinelle(jitter):
-    jitter.run = False
-    jitter.pc = 0
-    print "End Emulation"
-    return True
-
-# x86 32 bits engine instanciation
-machine = machine.Machine("x86_32")
-myjit = machine.jitter(jit_type=args.jitter)
-myjit.init_stack()
-libs = libimp()
-
-# Set libs for win_32 api
-win_api_x86_32.winobjs.runtime_dll = libs
-
-# Load PE and get entry point address
-e = vm_load_pe(myjit.vm, args.filename)
-preload_pe(myjit.vm, e, libs)
-
-addr = e.rva2virt(e.Opthdr.AddressOfEntryPoint)
-
-# Log level (if available with jitter engine)
-myjit.jit.log_regs = args.log_regs
-myjit.jit.log_mn = args.log_mn
-myjit.jit.log_newbloc = args.log_newbloc
-
-# Set up stack
-myjit.vm_push_uint32_t(0x1337beef)
-
-# Set callbacks
-myjit.add_breakpoint(0x1337beef, code_sentinelle)
-
-myjit.add_lib_handler(libs, globals())
-
-# Start Emulation
-myjit.init_run(addr)
+# Insert here user defined methods
 
-# Handle debugging
-if any([args.debugging, args.gdbserver]):
-    dbg = debugging.Debugguer(myjit)
-    if args.debugging is True:
-        cmd = debugging.DebugCmd(dbg)
-        cmd.cmdloop()
-    else:
-        gdb = machine.gdbserver(dbg, args.gdbserver)
-        print("Listenning on port %d" % args.gdbserver)
-        gdb.run()
+# Parse arguments
+parser = Sandbox_Win_x86_32.parser()
+parser.add_argument("filename", help="PE Filename")
+options = parser.parse_args()
 
-else:
-    print(myjit.continue_run())
+# Create sandbox
+sb = Sandbox_Win_x86_32(options.filename, options, globals())
 
-# Performance tests
-#
-# import cProfile
-# cProfile.run(r'run_bin(myjit, addr)')
+# Run
+sb.run()
 
-# Test if emulation ended properly
-assert(myjit.run is False)
+assert(sb.jitter.run is False)
diff --git a/example/unpack_gen.py b/example/unpack_gen.py
deleted file mode 100644
index ffca512e..00000000
--- a/example/unpack_gen.py
+++ /dev/null
@@ -1,21 +0,0 @@
-import os
-from pdb import pm
-from miasm2.analysis.sandbox import Sandbox_Win_x86_32
-
-# Python auto completion
-filename = os.environ.get('PYTHONSTARTUP')
-if filename and os.path.isfile(filename):
-    execfile(filename)
-
-# Insert here user defined methods
-
-# Parse arguments
-parser = Sandbox_Win_x86_32.parser()
-parser.add_argument("filename", help="PE Filename")
-options = parser.parse_args()
-
-# Create sandbox
-sb = Sandbox_Win_x86_32(options.filename, options, globals())
-
-# Run
-sb.run()
author	Fabrice Desclaux <fabrice.desclaux@cea.fr>	2014-10-02 14:37:32 +0200
committer	Fabrice Desclaux <fabrice.desclaux@cea.fr>	2014-10-02 14:37:32 +0200
commit	8db426e63ea49dffada651a22d5c5ad9ffd93d68 (patch)
tree	7904ada4272fcc863ab4fd97e328710d4eae4ceb /example
parent	04a047ab9046f2fd463ad53eacb3545fd4e25ff4 (diff)
download	miasm-8db426e63ea49dffada651a22d5c5ad9ffd93d68.tar.gz miasm-8db426e63ea49dffada651a22d5c5ad9ffd93d68.zip