about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/jitter/test_x86_32_seh.py56
-rw-r--r--example/samples/x86_32_seh.S76
-rw-r--r--test/test_all.py18
3 files changed, 150 insertions, 0 deletions
diff --git a/example/jitter/test_x86_32_seh.py b/example/jitter/test_x86_32_seh.py
new file mode 100644
index 00000000..5277807d
--- /dev/null
+++ b/example/jitter/test_x86_32_seh.py
@@ -0,0 +1,56 @@
+import os
+from pdb import pm
+from miasm2.analysis.sandbox import Sandbox_Win_x86_32
+from miasm2.os_dep import win_api_x86_32_seh
+from miasm2.jitter.csts import *
+
+def deal_exception_access_violation(jitter):
+    jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_ACCESS_VIOLATION)
+    return True
+
+def deal_exception_breakpoint(jitter):
+    jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_BREAKPOINT)
+    return True
+
+def deal_exception_div(jitter):
+    jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_INT_DIVIDE_BY_ZERO)
+    return True
+
+def deal_exception_privileged_instruction(jitter):
+    jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_PRIV_INSTRUCTION)
+    return True
+
+def deal_exception_illegal_instruction(jitter):
+    jitter.pc = win_api_x86_32_seh.fake_seh_handler(jitter, win_api_x86_32_seh.EXCEPTION_ILLEGAL_INSTRUCTION)
+    return True
+
+
+def return_from_seh(jitter):
+    win_api_x86_32_seh.return_from_seh(jitter)
+    return True
+
+# Insert here user defined methods
+
+# Parse arguments
+parser = Sandbox_Win_x86_32.parser(description="PE sandboxer")
+parser.add_argument("filename", help="PE Filename")
+options = parser.parse_args()
+options.usesegm = True
+options.use_seh = True
+
+# Create sandbox
+sb = Sandbox_Win_x86_32(options.filename, options, globals())
+
+# Install Windows SEH callbacks
+sb.jitter.add_exception_handler(EXCEPT_ACCESS_VIOL, deal_exception_access_violation)
+sb.jitter.add_exception_handler(EXCEPT_SOFT_BP, deal_exception_breakpoint)
+sb.jitter.add_exception_handler(EXCEPT_DIV_BY_ZERO, deal_exception_div)
+sb.jitter.add_exception_handler(1<<17, deal_exception_privileged_instruction)
+sb.jitter.add_exception_handler(EXCEPT_UNK_MNEMO, deal_exception_illegal_instruction)
+
+sb.jitter.add_breakpoint(win_api_x86_32_seh.return_from_exception, return_from_seh)
+
+# Run
+sb.run()
+
+assert(sb.jitter.run is False)
diff --git a/example/samples/x86_32_seh.S b/example/samples/x86_32_seh.S
new file mode 100644
index 00000000..7bb2c3cd
--- /dev/null
+++ b/example/samples/x86_32_seh.S
@@ -0,0 +1,76 @@
+
+main:
+	PUSH       error
+	PUSH       DWORD PTR FS:[0x0]
+	MOV        DWORD PTR FS:[0x0], ESP
+	XOR        EAX, EAX
+
+;; Access violation
+lbl_err_0:
+	MOV        DWORD PTR [EAX], 0x0
+lbl_err_end0:
+	NOP
+
+
+;; Breakpoint
+lbl_err_1:
+	INT        0x3
+lbl_err_end1:
+	NOP
+
+;; Divide by 0
+	XOR        EAX, EAX
+lbl_err_2:
+	DIV        EAX
+lbl_err_end2:
+	NOP
+
+;; Privileged instruction
+lbl_err_3:
+	STI
+lbl_err_end3:
+	NOP
+
+;; Unknown instruction (Bad LEA encoding)
+lbl_err_4:
+	.byte 0x8D, 0xC0
+lbl_err_end4:
+	NOP
+
+	POP        DWORD PTR FS:[0x0]
+	ADD        ESP, 4
+	RET
+
+error:
+	MOV        ECX, DWORD PTR [ESP+0xC]
+	MOV        EAX, DWORD PTR [ECX+0xB8]
+	MOV        EBX, DWORD PTR [err_num]
+	CMP        EAX, DWORD PTR [labels_err + 4*EBX]
+	JZ         error_address_ok
+	INT        0x3
+error_address_ok:
+	INC        DWORD PTR [err_num]
+	MOV        EAX, DWORD PTR [labels_err_end + 4*EBX]
+	MOV        DWORD PTR [ECX+0xB8], EAX
+	XOR        EAX, EAX
+	RET
+
+
+
+err_num:
+.dword 0
+
+labels_err:
+.dword lbl_err_0
+.dword lbl_err_end1
+.dword lbl_err_2
+.dword lbl_err_3
+.dword lbl_err_4
+
+
+labels_err_end:
+.dword lbl_err_end0
+.dword lbl_err_end1
+.dword lbl_err_end2
+.dword lbl_err_end3
+.dword lbl_err_end4
diff --git a/test/test_all.py b/test/test_all.py
index a487900f..c9401552 100644
--- a/test/test_all.py
+++ b/test/test_all.py
@@ -398,6 +398,8 @@ test_mips32l = ExampleShellcode(["mips32l", "mips32.S", "mips32_sc_l.bin"])
 test_x86_64 = ExampleShellcode(["x86_64", "x86_64.S", "demo_x86_64.bin",
                                 "--PE"])
 test_x86_32_if_reg = ExampleShellcode(['x86_32', 'x86_32_if_reg.S', "x86_32_if_reg.bin"])
+test_x86_32_seh = ExampleShellcode(["x86_32", "x86_32_seh.S", "x86_32_seh.bin",
+                                    "--PE"])
 
 testset += test_armb
 testset += test_arml
@@ -412,6 +414,7 @@ testset += test_mips32b
 testset += test_mips32l
 testset += test_x86_64
 testset += test_x86_32_if_reg
+testset += test_x86_32_seh
 
 class ExampleDisassembler(Example):
     """Disassembler examples specificities:
@@ -553,6 +556,14 @@ class ExampleJitter(Example):
     jitter_engines = ["tcc", "llvm", "python", "gcc"]
 
 
+class ExampleJitterNoPython(ExampleJitter):
+    """Jitter examples specificities:
+    - script path begins with "jitter/"
+    Run jitting script without python support
+    """
+    jitter_engines = ["tcc", "llvm", "gcc"]
+
+
 for jitter in ExampleJitter.jitter_engines:
     # Take 5 min on a Core i5
     tags = {"python": [TAGS["long"]],
@@ -587,6 +598,13 @@ for script, dep in [(["x86_32.py", Example.get_sample("x86_32_sc.bin")], []),
         testset += ExampleJitter(script + ["--jitter", jitter], depends=dep,
                                  tags=tags)
 
+
+for jitter in ExampleJitterNoPython.jitter_engines:
+    tags = [TAGS[jitter]] if jitter in TAGS else []
+    testset += ExampleJitterNoPython(["test_x86_32_seh.py", Example.get_sample("x86_32_seh.bin")] + ["--jitter", jitter],
+                                     depends=[test_x86_32_seh],
+                                     tags=tags)
+
 testset += ExampleJitter(["example_types.py"])