diff options
| -rw-r--r-- | example/unpack_upx.py | 12 | ||||
| -rw-r--r-- | miasm2/core/bin_stream.py | 32 | ||||
| -rw-r--r-- | miasm2/jitter/jitload.py | 122 | ||||
| -rw-r--r-- | miasm2/jitter/loader/pe.py | 74 |
4 files changed, 113 insertions, 127 deletions
diff --git a/example/unpack_upx.py b/example/unpack_upx.py index 3dcfdb33..313f75a2 100644 --- a/example/unpack_upx.py +++ b/example/unpack_upx.py @@ -1,10 +1,9 @@ -from pdb import pm import os -from miasm2.analysis.sandbox import Sandbox_Win_x86_32 import logging -from miasm2.core import asmbloc -from elfesteem.strpatchwork import StrPatchwork +from pdb import pm from elfesteem import pe +from miasm2.analysis.sandbox import Sandbox_Win_x86_32 +from miasm2.core import asmbloc filename = os.environ.get('PYTHONSTARTUP') if filename and os.path.isfile(filename): @@ -89,12 +88,11 @@ def update_binary(jitter): # Set callbacks sb.jitter.add_breakpoint(end_label, update_binary) - +# Run sb.run() -regs = sb.jitter.cpu.get_gpreg() +# Rebuild PE new_dll = [] -# XXXXX sb.pe.SHList.align_sections(0x1000, 0x1000) logging.info(repr(sb.pe.SHList)) diff --git a/miasm2/core/bin_stream.py b/miasm2/core/bin_stream.py index 6dafecfd..48471b2f 100644 --- a/miasm2/core/bin_stream.py +++ b/miasm2/core/bin_stream.py @@ -171,3 +171,35 @@ class bin_stream_pe(bin_stream): class bin_stream_elf(bin_stream_pe): pass + + +class bin_stream_vm(bin_stream): + + def __init__(self, vm, offset=0L, base_offset=0L): + self.offset = offset + self.base_offset = base_offset + self.vm = vm + + def getlen(self): + return 0xFFFFFFFFFFFFFFFF + + def getbytes(self, start, l=1): + try: + s = self.vm.get_mem(start + self.base_offset, l) + except: + raise IOError('cannot get mem ad', hex(start)) + return s + + def readbs(self, l=1): + try: + s = self.vm.get_mem(self.offset + self.base_offset, l) + except: + raise IOError('cannot get mem ad', hex(self.offset)) + self.offset += l + return s + + def writebs(self, l=1): + raise ValueError('writebs unsupported') + + def setoffset(self, val): + self.offset = val diff --git a/miasm2/jitter/jitload.py b/miasm2/jitter/jitload.py index f12e326b..c297ba50 100644 --- a/miasm2/jitter/jitload.py +++ b/miasm2/jitter/jitload.py @@ -3,13 +3,10 @@ import os from miasm2.core import asmbloc -from csts import * +from miasm2.jitter.csts import * from miasm2.core.utils import * -from miasm2.core.bin_stream import bin_stream - +from miasm2.core.bin_stream import bin_stream_vm from miasm2.ir.ir2C import init_arch_C -from miasm2.core.interval import interval -import inspect import logging @@ -35,45 +32,6 @@ except ImportError: log.error('cannot import jit python') -def whoami(): - return inspect.stack()[2][3] - - -class bin_stream_vm(bin_stream): - - def __init__(self, vm, offset=0L, base_offset=0L): - self.offset = offset - self.base_offset = base_offset - self.vm = vm - - def getlen(self): - return 0xFFFFFFFFFFFFFFFF - - def getbytes(self, start, l=1): - try: - s = self.vm.get_mem(start + self.base_offset, l) - except: - raise IOError('cannot get mem ad', hex(start)) - return s - - def readbs(self, l=1): - try: - s = self.vm.get_mem(self.offset + self.base_offset, l) - except: - raise IOError('cannot get mem ad', hex(self.offset)) - self.offset += l - return s - - def writebs(self, l=1): - raise ValueError('writebs unsupported') - - def setoffset(self, val): - self.offset = val - - - - - class CallbackHandler(object): "Handle a list of callback" @@ -393,79 +351,3 @@ class jitter: """Set an unicode string in memory""" s = "\x00".join(list(s)) + '\x00' * 3 self.vm.set_mem(addr, s) - - - - -def vm2pe(myjit, fname, libs=None, e_orig=None, - min_addr=None, max_addr=None, - min_section_offset=0x1000, img_base=None, - added_funcs=None): - mye = pe_init.PE() - - if min_addr is None and e_orig is not None: - min_addr = min([e_orig.rva2virt(s.addr) for s in e_orig.SHList]) - if max_addr is None and e_orig is not None: - max_addr = max([e_orig.rva2virt(s.addr + s.size) for s in e_orig.SHList]) - - - if img_base is None: - img_base = e_orig.NThdr.ImageBase - - mye.NThdr.ImageBase = img_base - all_mem = myjit.vm.get_all_memory() - addrs = all_mem.keys() - addrs.sort() - mye.Opthdr.AddressOfEntryPoint = mye.virt2rva(myjit.cpu.EIP) - first = True - for ad in addrs: - if not min_addr <= ad < max_addr: - continue - log.debug('%s' % hex(ad)) - if first: - mye.SHList.add_section( - "%.8X" % ad, - addr=ad - mye.NThdr.ImageBase, - data=all_mem[ad]['data'], - offset=min_section_offset) - else: - mye.SHList.add_section( - "%.8X" % ad, - addr=ad - mye.NThdr.ImageBase, - data=all_mem[ad]['data']) - first = False - if libs: - if added_funcs is not None: - # name_inv = dict([(x[1], x[0]) for x in libs.name2off.items()]) - - for addr, funcaddr in added_func: - libbase, dllname = libs.fad2info[funcaddr] - libs.lib_get_add_func(libbase, dllname, addr) - - new_dll = libs.gen_new_lib(mye, lambda x: mye.virt.is_addr_in(x)) - else: - new_dll = {} - - log.debug('%s' % new_dll) - - mye.DirImport.add_dlldesc(new_dll) - s_imp = mye.SHList.add_section("import", rawsize=len(mye.DirImport)) - mye.DirImport.set_rva(s_imp.addr) - log.debug('%s' % repr(mye.SHList)) - if e_orig: - # resource - xx = str(mye) - mye.content = xx - ad = e_orig.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva - log.debug('dirres %s' % hex(ad)) - if ad != 0: - mye.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva = ad - mye.DirRes = pe.DirRes.unpack(xx, ad, mye) - # log.debug('%s' % repr(mye.DirRes)) - s_res = mye.SHList.add_section( - name="myres", rawsize=len(mye.DirRes)) - mye.DirRes.set_rva(s_res.addr) - log.debug('%s' % repr(mye.DirRes)) - # generation - open(fname, 'w').write(str(mye)) - return mye diff --git a/miasm2/jitter/loader/pe.py b/miasm2/jitter/loader/pe.py index 880f8f61..c0053f35 100644 --- a/miasm2/jitter/loader/pe.py +++ b/miasm2/jitter/loader/pe.py @@ -181,3 +181,77 @@ def vm_fix_imports_pe_libs(lib_imgs, libs, lib_path_base="win_dll", patch_vm_imp=True, **kargs): for e in lib_imgs.values(): preload_pe(e, libs, patch_vm_imp) + + +def vm2pe(myjit, fname, libs=None, e_orig=None, + min_addr=None, max_addr=None, + min_section_offset=0x1000, img_base=None, + added_funcs=None): + mye = pe_init.PE() + + if min_addr is None and e_orig is not None: + min_addr = min([e_orig.rva2virt(s.addr) for s in e_orig.SHList]) + if max_addr is None and e_orig is not None: + max_addr = max([e_orig.rva2virt(s.addr + s.size) for s in e_orig.SHList]) + + + if img_base is None: + img_base = e_orig.NThdr.ImageBase + + mye.NThdr.ImageBase = img_base + all_mem = myjit.vm.get_all_memory() + addrs = all_mem.keys() + addrs.sort() + mye.Opthdr.AddressOfEntryPoint = mye.virt2rva(myjit.cpu.EIP) + first = True + for ad in addrs: + if not min_addr <= ad < max_addr: + continue + log.debug('%s' % hex(ad)) + if first: + mye.SHList.add_section( + "%.8X" % ad, + addr=ad - mye.NThdr.ImageBase, + data=all_mem[ad]['data'], + offset=min_section_offset) + else: + mye.SHList.add_section( + "%.8X" % ad, + addr=ad - mye.NThdr.ImageBase, + data=all_mem[ad]['data']) + first = False + if libs: + if added_funcs is not None: + # name_inv = dict([(x[1], x[0]) for x in libs.name2off.items()]) + + for addr, funcaddr in added_func: + libbase, dllname = libs.fad2info[funcaddr] + libs.lib_get_add_func(libbase, dllname, addr) + + new_dll = libs.gen_new_lib(mye, lambda x: mye.virt.is_addr_in(x)) + else: + new_dll = {} + + log.debug('%s' % new_dll) + + mye.DirImport.add_dlldesc(new_dll) + s_imp = mye.SHList.add_section("import", rawsize=len(mye.DirImport)) + mye.DirImport.set_rva(s_imp.addr) + log.debug('%s' % repr(mye.SHList)) + if e_orig: + # resource + xx = str(mye) + mye.content = xx + ad = e_orig.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva + log.debug('dirres %s' % hex(ad)) + if ad != 0: + mye.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva = ad + mye.DirRes = pe.DirRes.unpack(xx, ad, mye) + # log.debug('%s' % repr(mye.DirRes)) + s_res = mye.SHList.add_section( + name="myres", rawsize=len(mye.DirRes)) + mye.DirRes.set_rva(s_res.addr) + log.debug('%s' % repr(mye.DirRes)) + # generation + open(fname, 'w').write(str(mye)) + return mye |