diff options
| -rw-r--r-- | miasm/analysis/sandbox.py | 4 | ||||
| -rw-r--r-- | miasm/jitter/jitload.py | 7 | ||||
| -rw-r--r-- | miasm/jitter/loader/pe.py | 8 | ||||
| -rw-r--r-- | miasm/os_dep/win_api_x86_32.py | 4 | ||||
| -rw-r--r-- | miasm/os_dep/win_api_x86_32_seh.py | 6 |
5 files changed, 19 insertions, 10 deletions
diff --git a/miasm/analysis/sandbox.py b/miasm/analysis/sandbox.py index e5595071..b8aaf788 100644 --- a/miasm/analysis/sandbox.py +++ b/miasm/analysis/sandbox.py @@ -51,6 +51,8 @@ class Sandbox(object): """ # Initialize + if not isinstance(fname, bytes): + fname = fname.encode('utf8') self.fname = fname self.options = options if custom_methods is None: @@ -185,7 +187,7 @@ class OS_Win(OS): "ole32.dll", "urlmon.dll", "ws2_32.dll", 'advapi32.dll', "psapi.dll", ] - modules_path = "win_dll" + modules_path = b"win_dll" def __init__(self, custom_methods, *args, **kwargs): from miasm.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\ diff --git a/miasm/jitter/jitload.py b/miasm/jitter/jitload.py index 0d8ab722..ebecb103 100644 --- a/miasm/jitter/jitload.py +++ b/miasm/jitter/jitload.py @@ -439,7 +439,8 @@ class Jitter(object): self.vm.get_mem(tmp, 1) != b"\x00"): tmp += 1 l += 1 - return self.vm.get_mem(addr, l) + value = self.vm.get_mem(addr, l) + return value.decode('utf8') def get_str_unic(self, addr, max_char=None): """Get unicode str from vm. @@ -460,9 +461,9 @@ class Jitter(object): s = s + b"\x00" self.vm.set_mem(addr, s) - def set_str_unic(self, addr, s): + def set_str_unic(self, addr, string): """Set an unicode string in memory""" - s = b"\x00".join(list(s)) + b'\x00' * 3 + s = (string + "\x00").encode('utf-16le') self.vm.set_mem(addr, s) @staticmethod diff --git a/miasm/jitter/loader/pe.py b/miasm/jitter/loader/pe.py index a82b79f6..c779f508 100644 --- a/miasm/jitter/loader/pe.py +++ b/miasm/jitter/loader/pe.py @@ -266,8 +266,12 @@ def vm_load_pe_libs(vm, libs_name, libs, lib_path_base, **kargs): Return a dictionary Filename -> PE instances Extra arguments are passed to vm_load_pe_lib """ - return {fname: vm_load_pe_lib(vm, fname, libs, lib_path_base, **kargs) - for fname in libs_name} + out = {} + for fname in libs_name: + if not isinstance(fname, bytes): + fname = fname.encode('utf8') + out[fname] = vm_load_pe_lib(vm, fname, libs, lib_path_base, **kargs) + return out def vm_fix_imports_pe_libs(lib_imgs, libs, lib_path_base, diff --git a/miasm/os_dep/win_api_x86_32.py b/miasm/os_dep/win_api_x86_32.py index ebf40cb0..89af729a 100644 --- a/miasm/os_dep/win_api_x86_32.py +++ b/miasm/os_dep/win_api_x86_32.py @@ -774,7 +774,7 @@ def kernel32_VirtualAlloc(jitter): if args.lpvoid == 0: alloc_addr = winobjs.heap.next_addr(args.dwsize) jitter.vm.add_memory_page( - alloc_addr, ACCESS_DICT[args.flprotect], "\x00" * args.dwsize, + alloc_addr, ACCESS_DICT[args.flprotect], b"\x00" * args.dwsize, "Alloc in %s ret 0x%X" % (whoami(), ret_ad)) else: all_mem = jitter.vm.get_all_memory() @@ -785,7 +785,7 @@ def kernel32_VirtualAlloc(jitter): alloc_addr = winobjs.heap.next_addr(args.dwsize) # alloc_addr = args.lpvoid jitter.vm.add_memory_page( - alloc_addr, ACCESS_DICT[args.flprotect], "\x00" * args.dwsize, + alloc_addr, ACCESS_DICT[args.flprotect], b"\x00" * args.dwsize, "Alloc in %s ret 0x%X" % (whoami(), ret_ad)) log.info('VirtualAlloc addr: 0x%x', alloc_addr) diff --git a/miasm/os_dep/win_api_x86_32_seh.py b/miasm/os_dep/win_api_x86_32_seh.py index 40f15480..d1be9ad2 100644 --- a/miasm/os_dep/win_api_x86_32_seh.py +++ b/miasm/os_dep/win_api_x86_32_seh.py @@ -253,9 +253,9 @@ def create_modules_chain(jitter, name2module): fname) continue addr = base_addr + i * 0x1000 - bpath = fname.replace('/', '\\') + bpath = fname.replace(b'/', b'\\') bname_str = os.path.split(fname)[1].lower() - bname_unicode = bname_str.encode("utf-16le") + bname_unicode = bname_str.decode('utf8').encode("utf-16le") log.info("Add module %x %r", pe_obj.NThdr.ImageBase, bname_str) modules_info.add(bname_str, pe_obj, addr) @@ -287,6 +287,8 @@ def create_modules_chain(jitter, name2module): "Module name %r" % bname_str ) + if isinstance(bpath, bytes): + bpath = bpath.decode('utf8') bpath_unicode = bpath.encode('utf-16le') jitter.vm.add_memory_page( addr + offset_path, |