diff options
| -rw-r--r-- | miasm2/analysis/sandbox.py | 3 | ||||
| -rw-r--r-- | miasm2/arch/x86/jit.py | 5 | ||||
| -rw-r--r-- | miasm2/jitter/jitload.py | 13 | ||||
| -rw-r--r-- | miasm2/os_dep/win_api_x86_32.py | 13 |
4 files changed, 26 insertions, 8 deletions
diff --git a/miasm2/analysis/sandbox.py b/miasm2/analysis/sandbox.py index 6df2bde7..9c7bd8e3 100644 --- a/miasm2/analysis/sandbox.py +++ b/miasm2/analysis/sandbox.py @@ -5,6 +5,7 @@ from miasm2.jitter.jitload import vm_load_pe, preload_pe, libimp from miasm2.jitter.jitload import vm_load_elf, libimp, preload_elf from miasm2.os_dep import win_api_x86_32, win_api_x86_32_seh from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm2.analysis import debugging class Sandbox(object): """ @@ -313,7 +314,7 @@ class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): """ If addr is not set, use entrypoint """ - if addr is None: + if addr is None and self.options.address is None: addr = self.entry_point super(Sandbox_Win_x86_32, self).run(addr) diff --git a/miasm2/arch/x86/jit.py b/miasm2/arch/x86/jit.py index 556f70cb..e448e68b 100644 --- a/miasm2/arch/x86/jit.py +++ b/miasm2/arch/x86/jit.py @@ -80,7 +80,8 @@ class jitter_x86_32(jitter): args = [] for _ in xrange(n_args): args.append(self.pop_uint32_t()) - log.debug('%s %s %s' % (whoami(), hex(ret_ad), [hex(x) for x in args])) + if log.level <= logging.DEBUG: + log.debug('%s %s %s' % (whoami(), hex(ret_ad), [hex(x) for x in args])) return ret_ad, args def func_ret_stdcall(self, ret_addr, ret_value1=None, ret_value2=None): @@ -96,7 +97,7 @@ class jitter_x86_32(jitter): args = [] for i in xrange(n_args): args.append(self.get_stack_arg(i)) - if dolog: + if dolog and log.level <= logging.DEBUG: log.debug('%s %s %s' % (whoami(), hex(ret_ad), [hex(x) for x in args])) return ret_ad, args diff --git a/miasm2/jitter/jitload.py b/miasm2/jitter/jitload.py index 86fe8f8c..e3b7e8d9 100644 --- a/miasm2/jitter/jitload.py +++ b/miasm2/jitter/jitload.py @@ -804,12 +804,17 @@ class jitter: def vm2pe(myjit, fname, libs=None, e_orig=None, - max_addr=1 << 64, min_addr=None, + min_addr=None, max_addr=None, min_section_offset=0x1000, img_base=None, added_funcs=None): mye = pe_init.PE() - if min_addr is None: - min_addr=e_orig.rva2virt(e_orig.SHList[0].addr) + + if min_addr is None and e_orig is not None: + min_addr = min([e_orig.rva2virt(s.addr) for s in e_orig.SHList]) + if max_addr is None and e_orig is not None: + max_addr = max([e_orig.rva2virt(s.addr + s.size) for s in e_orig.SHList]) + + if img_base is None: img_base = e_orig.NThdr.ImageBase @@ -869,4 +874,4 @@ def vm2pe(myjit, fname, libs=None, e_orig=None, log.debug('%s' % repr(mye.DirRes)) # generation open(fname, 'w').write(str(mye)) - + return mye diff --git a/miasm2/os_dep/win_api_x86_32.py b/miasm2/os_dep/win_api_x86_32.py index f3571cbf..f09116e0 100644 --- a/miasm2/os_dep/win_api_x86_32.py +++ b/miasm2/os_dep/win_api_x86_32.py @@ -556,7 +556,7 @@ def kernel32_CreateFile(jitter, funcname, get_str): fname = fname.replace('\\', "/").lower() # go in sandbox files f = os.path.join('file_sb', fname) - if access & 0x80000000: + if access & 0x80000000 or access == 1: # read if dwcreationdisposition == 2: # create_always @@ -589,6 +589,17 @@ def kernel32_CreateFile(jitter, funcname, get_str): open(f, 'w') h = open(f, 'rb+') ret = winobjs.handle_pool.add(f, h) + elif dwcreationdisposition == 4: + # open_always + if os.access(f, os.R_OK): + s = os.stat(f) + if stat.S_ISDIR(s.st_mode): + ret = winobjs.handle_pool.add(f, 0x1337) + else: + h = open(f, 'rb+') + ret = winobjs.handle_pool.add(f, h) + else: + raise NotImplementedError("Untested case") else: raise NotImplementedError("Untested case") elif access & 0x40000000: |