about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--miasm2/analysis/sandbox.py10
-rw-r--r--miasm2/os_dep/win_api_x86_32_seh.py43
2 files changed, 21 insertions, 32 deletions
diff --git a/miasm2/analysis/sandbox.py b/miasm2/analysis/sandbox.py
index 5982f54b..0b733b49 100644
--- a/miasm2/analysis/sandbox.py
+++ b/miasm2/analysis/sandbox.py
@@ -1,3 +1,4 @@
+import os
 import logging
 from argparse import ArgumentParser
 
@@ -180,11 +181,12 @@ class OS_Win(OS):
         win_api_x86_32.winobjs.runtime_dll = libs
 
         self.name2module = {}
+        fname_basename = os.path.basename(self.fname).lower()
 
         # Load main pe
         with open(self.fname) as fstream:
             self.pe = vm_load_pe(self.jitter.vm, fstream.read())
-            self.name2module[self.fname] = self.pe
+            self.name2module[fname_basename] = self.pe
 
         # Load library
         if self.options.loadbasedll:
@@ -201,7 +203,7 @@ class OS_Win(OS):
 
         if self.options.dependencies:
             vm_load_pe_and_dependencies(self.jitter.vm,
-                                        self.fname,
+                                        fname_basename,
                                         self.name2module,
                                         libs,
                                         self.modules_path)
@@ -216,9 +218,9 @@ class OS_Win(OS):
 
         # Manage SEH
         if self.options.use_seh:
-            win_api_x86_32_seh.main_pe_name = self.fname
+            win_api_x86_32_seh.main_pe_name = fname_basename
             win_api_x86_32_seh.main_pe = self.pe
-            win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
+            win_api_x86_32_seh.name2module = self.name2module
             win_api_x86_32_seh.init_seh(self.jitter)
             win_api_x86_32_seh.set_win_fs_0(self.jitter)
 
diff --git a/miasm2/os_dep/win_api_x86_32_seh.py b/miasm2/os_dep/win_api_x86_32_seh.py
index d86bd46a..0c5bccf1 100644
--- a/miasm2/os_dep/win_api_x86_32_seh.py
+++ b/miasm2/os_dep/win_api_x86_32_seh.py
@@ -80,7 +80,7 @@ FAKE_SEH_B_AD = context_address + 0x2000
 
 cur_seh_ad = FAKE_SEH_B_AD
 
-loaded_modules = ["ntdll.dll", "kernel32.dll"]
+name2module = []
 main_pe = None
 main_pe_name = "c:\\xxx\\toto.exe"
 
@@ -210,7 +210,7 @@ class LoadedModules(object):
         return "\n".join(out)
 
 
-def create_modules_chain(jitter, modules_name):
+def create_modules_chain(jitter, name2module):
     """
     Create the modules entries. Those modules are not linked in this function.
 
@@ -235,7 +235,7 @@ def create_modules_chain(jitter, modules_name):
     +0x04c PatchInformation : Ptr32 Void
 
     @jitter: jitter instance
-    @modules_name: a list of modules names
+    @name2module: dict containing association between name and its pe instance
     """
 
     modules_info = LoadedModules()
@@ -249,31 +249,18 @@ def create_modules_chain(jitter, modules_name):
     dummy_e.NThdr.sizeofimage = 0
 
     out = ""
-    for i, m in enumerate([(main_pe_name, main_pe),
-                           ("", dummy_e)] + modules_name):
+    for i, (fname, pe_obj) in enumerate([("", dummy_e)] + name2module.items()):
+        if pe_obj is None:
+            log.warning("Unknown module: ommited from link list (%r)",
+                        fname)
+            continue
         addr = base_addr + i * 0x1000
-        if isinstance(m, tuple):
-            fname, e = m
-        else:
-            fname, e = m, None
         bpath = fname.replace('/', '\\')
         bname_str = os.path.split(fname)[1].lower()
         bname = "\x00".join(bname_str) + "\x00"
-        if e is None:
-            if i == 0:
-                full_name = fname
-            else:
-                full_name = os.path.join("win_dll", fname)
-            try:
-                e = pe_init.PE(open(full_name, 'rb').read())
-            except IOError:
-                log.error('No main pe, ldr data will be unconsistant!')
-                e = None
-        if e is None:
-            continue
-        log.info("Add module %x %r", e.NThdr.ImageBase, bname_str)
+        log.info("Add module %x %r", pe_obj.NThdr.ImageBase, bname_str)
 
-        modules_info.add(bname_str, e, addr)
+        modules_info.add(bname_str, pe_obj, addr)
 
         m_o = ""
         m_o += pck32(0)
@@ -282,9 +269,9 @@ def create_modules_chain(jitter, modules_name):
         m_o += pck32(0)
         m_o += pck32(0)
         m_o += pck32(0)
-        m_o += pck32(e.NThdr.ImageBase)
-        m_o += pck32(e.rva2virt(e.Opthdr.AddressOfEntryPoint))
-        m_o += pck32(e.NThdr.sizeofimage)
+        m_o += pck32(pe_obj.NThdr.ImageBase)
+        m_o += pck32(pe_obj.rva2virt(pe_obj.Opthdr.AddressOfEntryPoint))
+        m_o += pck32(pe_obj.NThdr.sizeofimage)
         m_o += struct.pack('HH', len(bname), len(bname) + 2)
         m_o += pck32(addr + offset_path)
         m_o += struct.pack('HH', len(bname), len(bname) + 2)
@@ -321,7 +308,7 @@ def fix_InLoadOrderModuleList(jitter, modules_info):
     dummy_pe = modules_info.name2module.get("", None)
     special_modules = [main_pe, kernel32_pe, ntdll_pe, dummy_pe]
     if not all(special_modules):
-        log.warn('No main pe, ldr data will be unconsistant')
+        log.warn('No main pe, ldr data will be unconsistant %r', special_modules)
         loaded_modules = modules_info.modules
     else:
         loaded_modules = [module for module in modules_info.modules
@@ -461,7 +448,7 @@ def init_seh(jitter):
     build_teb(jitter, FS_0_AD)
     build_peb(jitter, peb_address)
 
-    modules_info = create_modules_chain(jitter, loaded_modules)
+    modules_info = create_modules_chain(jitter, name2module)
     fix_InLoadOrderModuleList(jitter, modules_info)
     fix_InMemoryOrderModuleList(jitter, modules_info)
     fix_InInitializationOrderModuleList(jitter, modules_info)