diff options
| -rw-r--r-- | miasm/core/asmbloc.py | 10 | ||||
| -rw-r--r-- | miasm/tools/emul_lib/libcodenat.c | 23 | ||||
| -rw-r--r-- | miasm/tools/emul_lib/libcodenat.h | 2 | ||||
| -rw-r--r-- | miasm/tools/emul_lib/libcodenat_interface.c | 73 | ||||
| -rw-r--r-- | miasm/tools/pe_helper.py | 14 | ||||
| -rw-r--r-- | miasm/tools/win_api.py | 16 |
6 files changed, 124 insertions, 14 deletions
diff --git a/miasm/core/asmbloc.py b/miasm/core/asmbloc.py index 0de965a8..f9115105 100644 --- a/miasm/core/asmbloc.py +++ b/miasm/core/asmbloc.py @@ -248,8 +248,8 @@ def dis_bloc(mnemo, pool_bin, cur_bloc, offset, job_done, symbol_pool, break job_done.add(pool_bin.offset) log_asmbloc.debug("dis at %X"%int(pool_bin.offset)) + off_i = pool_bin.offset if lines_cpt <=1 and dont_dis_nulstart_bloc: - off_i = pool_bin.offset c = pool_bin.readbs() pool_bin.offset = off_i if c == "\x00": @@ -264,9 +264,11 @@ def dis_bloc(mnemo, pool_bin, cur_bloc, offset, job_done, symbol_pool, instr = None if instr == None: - log_asmbloc.warning( "cannot disasm at %X"%int(pool_bin.offset)) - cur_bloc.bto = [] - offsets_to_dis = [] + log_asmbloc.warning( "cannot disasm at %X"%int(off_i)) + l = symbol_pool.getby_offset_create(off_i) + c = asm_constraint(l, asm_constraint.c_next) + cur_bloc.bto = [c] + offsets_to_dis = [pool_bin.offset] break log_asmbloc.debug(instr) log_asmbloc.debug(instr.m) diff --git a/miasm/tools/emul_lib/libcodenat.c b/miasm/tools/emul_lib/libcodenat.c index 7e201b63..cc675fee 100644 --- a/miasm/tools/emul_lib/libcodenat.c +++ b/miasm/tools/emul_lib/libcodenat.c @@ -67,9 +67,32 @@ struct memory_page_node *memory_page_pool_tab[MAX_MEMORY_PAGE_POOL_TAB]; +int is_mem_mapped(uint64_t ad) +{ + struct memory_page_node * mpn; + mpn = memory_page_pool_tab[ad>>MEMORY_PAGE_POOL_MASK_BIT]; + if ( mpn && (mpn->ad <= ad) && (ad < mpn->ad + mpn->size)) + return 1; + return 0; +} +/* return the address base of the memory page + containing addr +*/ +uint64_t get_mem_base_addr(uint64_t ad, uint64_t *addr_base) +{ + struct memory_page_node * mpn; + + mpn = memory_page_pool_tab[ad>>MEMORY_PAGE_POOL_MASK_BIT]; + if ( mpn && (mpn->ad <= ad) && (ad < mpn->ad + mpn->size)){ + *addr_base = mpn->ad; + return 1; + } + return 0; +} + void dump_gpregs(void) { diff --git a/miasm/tools/emul_lib/libcodenat.h b/miasm/tools/emul_lib/libcodenat.h index 3c4c16e1..0f3f99af 100644 --- a/miasm/tools/emul_lib/libcodenat.h +++ b/miasm/tools/emul_lib/libcodenat.h @@ -275,6 +275,8 @@ struct code_bloc_node { #define EXCEPT_ILLEGAL_INSN (1<<8) void dump_gpregs(void); +int is_mem_mapped(uint64_t ad); +uint64_t get_mem_base_addr(uint64_t addr, uint64_t *addr_base); void MEM_WRITE(unsigned int my_size, uint64_t addr, unsigned int src); unsigned int MEM_LOOKUP(unsigned int my_size, uint64_t addr); diff --git a/miasm/tools/emul_lib/libcodenat_interface.c b/miasm/tools/emul_lib/libcodenat_interface.c index 7348ff00..565bf8c9 100644 --- a/miasm/tools/emul_lib/libcodenat_interface.c +++ b/miasm/tools/emul_lib/libcodenat_interface.c @@ -79,6 +79,74 @@ PyObject* _vm_get_all_memory(void) } + +PyObject* _vm_is_mem_mapped(PyObject* item) +{ + unsigned int page_addr; + unsigned int ret; + if (PyInt_Check(item)){ + page_addr = (unsigned int)PyInt_AsLong(item); + } + else if (PyLong_Check(item)){ + page_addr = (unsigned int)PyInt_AsUnsignedLongLongMask(item); + } + else{ + RAISE(PyExc_TypeError,"arg1 must be int"); + } + + ret = is_mem_mapped(page_addr); + return PyInt_FromLong((long)ret); + +} + +PyObject* vm_is_mem_mapped(PyObject* self, PyObject* args) +{ + PyObject *addr; + PyObject *p; + + if (!PyArg_ParseTuple(args, "O", &addr)) + return NULL; + p = _vm_is_mem_mapped(addr); + return p; +} + + +PyObject* _vm_get_mem_base_addr(PyObject* item) +{ + unsigned int page_addr; + uint64_t addr_base; + unsigned int ret; + if (PyInt_Check(item)){ + page_addr = (unsigned int)PyInt_AsLong(item); + } + else if (PyLong_Check(item)){ + page_addr = (unsigned int)PyInt_AsUnsignedLongLongMask(item); + } + else{ + RAISE(PyExc_TypeError,"arg1 must be int"); + } + + ret = get_mem_base_addr(page_addr, &addr_base); + if (ret == 0){ + Py_INCREF(Py_None); + return Py_None; + } + return PyInt_FromLong((long)addr_base); +} + + +PyObject* vm_get_mem_base_addr(PyObject* self, PyObject* args) +{ + PyObject *addr; + PyObject *p; + + if (!PyArg_ParseTuple(args, "O", &addr)) + return NULL; + p = _vm_get_mem_base_addr(addr); + return p; +} + + PyObject* _vm_get_gpreg(void) { PyObject *dict = PyDict_New(); @@ -1357,6 +1425,11 @@ static PyMethodDef CodenatMethods[] = { {"vm_set_segm_base",vm_set_segm_base, METH_VARARGS, "X"}, + {"vm_is_mem_mapped",vm_is_mem_mapped, METH_VARARGS, + "X"}, + {"vm_get_mem_base_addr",vm_get_mem_base_addr, METH_VARARGS, + "X"}, + {NULL, NULL, 0, NULL} /* Sentinel */ }; diff --git a/miasm/tools/pe_helper.py b/miasm/tools/pe_helper.py index 4f5373cf..6c31ad6d 100644 --- a/miasm/tools/pe_helper.py +++ b/miasm/tools/pe_helper.py @@ -471,8 +471,8 @@ class libimp: ret = is_redirected_export(e, ad) if ret: exp_dname, exp_fname = ret - print "export redirection", imp_ord_or_name - print "source", exp_dname, exp_fname + #print "export redirection", imp_ord_or_name + #print "source", exp_dname, exp_fname exp_dname = exp_dname+'.dll' exp_dname = exp_dname.lower() # if dll auto refes in redirection @@ -487,7 +487,7 @@ class libimp: c_name = canon_libname_libfunc(exp_dname, exp_fname) libad_tmp = self.name2off[exp_dname] ad = self.lib_imp2ad[libad_tmp][exp_fname] - print hex(ad) + #print hex(ad) #if not imp_ord_or_name in self.lib_imp2dstad[libad]: # self.lib_imp2dstad[libad][imp_ord_or_name] = set() #self.lib_imp2dstad[libad][imp_ord_or_name].add(dst_ad) @@ -511,7 +511,7 @@ class libimp: all_ads = self.lib_imp2dstad[ad].values() all_ads = reduce(lambda x,y:x+list(y), all_ads, []) all_ads = [x for x in all_ads if filter(x)] - print [hex(x) for x in all_ads] + #print [hex(x) for x in all_ads] all_ads.sort() #first, drop None if not all_ads: @@ -526,7 +526,7 @@ class libimp: while i+1 < len(all_ads) and all_ads[i]+4 == all_ads[i+1]: i+=1 funcs = [out_ads[x] for x in all_ads[:i+1]] - if e.is_in_virt_address(othunk): + if e.virt2off(othunk) != None:#e.is_in_virt_address(othunk): new_lib.append(({"name":n, "firstthunk":e.virt2rva(othunk)}, funcs) @@ -612,7 +612,7 @@ def vm_load_elf(e, align_s = True, load_hdr = True): def preload_lib(e, runtime_lib, patch_vm_imp = True): fa = get_import_address(e) dyn_funcs = {} - print 'imported funcs:', fa + #print 'imported funcs:', fa for (libname, libfunc), ads in fa.items(): for ad in ads: ad_base_lib = runtime_lib.lib_get_add_base(libname) @@ -630,7 +630,7 @@ def preload_elf(e, patch_vm_imp = True, lib_base_ad = 0x77700000): runtime_lib = libimp(lib_base_ad) dyn_funcs = {} - print 'imported funcs:', fa + #print 'imported funcs:', fa for (libname, libfunc), ads in fa.items(): for ad in ads: ad_base_lib = runtime_lib.lib_get_add_base(libname) diff --git a/miasm/tools/win_api.py b/miasm/tools/win_api.py index cb562503..95ff4d5d 100644 --- a/miasm/tools/win_api.py +++ b/miasm/tools/win_api.py @@ -102,7 +102,8 @@ class handle_generator(): def __getitem__(self, item): return self.all_handles.__getitem__(item) - + def __delitem__(self, item): + self.all_handles.__delitem__(item) class c_winobjs: @@ -150,6 +151,7 @@ class c_winobjs: self.lastwin32error = 0 self.mutex = {} self.env_variables = {} + self.events_pool = {} winobjs = c_winobjs() @@ -1016,8 +1018,13 @@ def kernel32_GetProcAddress(): fname = fname else: fname = get_str_ansi(fname, 0x100) + if not fname: + fname = None print repr(fname) - + if fname != None: + ad = winobjs.runtime_dll.lib_get_add_func(libbase, fname) + else: + ad = 0 ad = winobjs.runtime_dll.lib_get_add_func(libbase, fname) regs = vm_get_gpreg() @@ -1975,7 +1982,10 @@ def my_CreateEvent(funcname, get_str): lpname = vm_pop_uint32_t() print funcname, hex(lpeventattributes), hex(bmanualreset), hex(binitialstate), hex(lpname) - s = get_str(lpname) + if lpname: + s = get_str(lpname) + else: + s = None print repr(s) if not s in winobjs.events_pool: winobjs.events_pool[s] = (bmanualreset, binitialstate) |