diff options
39 files changed, 404 insertions, 492 deletions
diff --git a/.codespell_ignore b/.codespell_ignore index 8eab9f6f..06b8df87 100644 --- a/.codespell_ignore +++ b/.codespell_ignore @@ -5,3 +5,5 @@ mye iff nto rela +daa +od diff --git a/example/elfesteem/test_pe.py b/example/elfesteem/test_pe.py deleted file mode 100644 index 543cbea5..00000000 --- a/example/elfesteem/test_pe.py +++ /dev/null @@ -1,31 +0,0 @@ -#! /usr/bin/env python - -import miasm.loader.pe as pe -from miasm.loader.pe_init import PE -import rlcompleter -import readline -import pdb -import sys -from pprint import pprint as pp -readline.parse_and_bind("tab: complete") - - -e_ = PE() -mysh = b"\xc3" -s_text = e_.SHList.add_section( - name="text", addr=0x1000, rawsize=0x1000, data=mysh) -e_.Opthdr.AddressOfEntryPoint = s_text.addr -new_dll = [({"name": "kernel32.dll", - "firstthunk": s_text.addr + 0x100}, - ["CreateFileA", "SetFilePointer", "WriteFile", "CloseHandle"] - ), - ({"name": "USER32.dll", - "firstthunk": None}, - ["SetDlgItemInt", "GetMenu", "HideCaret"] - ) - ] -e_.DirImport.add_dlldesc(new_dll) - -s_myimp = e_.SHList.add_section(name="myimp", rawsize=0x1000) -e_.DirImport.set_rva(s_myimp.addr) -open('uu.bin', 'wb').write(bytes(e_)) diff --git a/example/loader/build_pe.py b/example/loader/build_pe.py new file mode 100644 index 00000000..6baeb645 --- /dev/null +++ b/example/loader/build_pe.py @@ -0,0 +1,33 @@ +#! /usr/bin/env python + +from miasm.loader.pe_init import PE + +# Build an empty PE object +pe_object = PE() + +# Add a section with a just a "RET" +payload = b"\xc3" +s_text = pe_object.SHList.add_section( + name="text", addr=0x1000, rawsize=0x1000, data=payload +) + +# Set the entry point on this instruction +pe_object.Opthdr.AddressOfEntryPoint = s_text.addr + +# Add some imports +new_dll = [ + ({"name": "kernel32.dll", + "firstthunk": s_text.addr + 0x100}, + ["CreateFileA", "SetFilePointer", "WriteFile", "CloseHandle"] + ), + ({"name": "USER32.dll", + "firstthunk": None}, + ["SetDlgItemInt", "GetMenu", "HideCaret"] + ) +] +pe_object.DirImport.add_dlldesc(new_dll) +s_myimp = pe_object.SHList.add_section(name="myimp", rawsize=0x1000) +pe_object.DirImport.set_rva(s_myimp.addr) + +# Rebuild the PE and dump it to a file +open('fresh_pe.exe', 'wb').write(bytes(pe_object)) diff --git a/example/elfesteem/minidump_to_pe.py b/example/loader/minidump_to_pe.py index 30a95325..30a95325 100644 --- a/example/elfesteem/minidump_to_pe.py +++ b/example/loader/minidump_to_pe.py diff --git a/miasm/analysis/data_flow.py b/miasm/analysis/data_flow.py index c86bece5..be0e4528 100644 --- a/miasm/analysis/data_flow.py +++ b/miasm/analysis/data_flow.py @@ -185,7 +185,7 @@ class DiGraphDefUse(DiGraph): self._edge_attr[(src, dst)] = edge_label def add_data_edge(self, src, dst): - """Adds an edge representing a data dependencie + """Adds an edge representing a data dependency and sets the label accordingly""" self.add_uniq_labeled_edge(src, dst, ATTR_DEP) diff --git a/miasm/analysis/depgraph.py b/miasm/analysis/depgraph.py index 219a32ee..80e94c7f 100644 --- a/miasm/analysis/depgraph.py +++ b/miasm/analysis/depgraph.py @@ -357,7 +357,7 @@ class DependencyResultImplicit(DependencyResult): conds = z3.Or(*out) else: # Ex: expr: lblgen1, expected: 0x1234 - # -> Avoid unconsistent solution lblgen1 = 0x1234 + # -> Avoid inconsistent solution lblgen1 = 0x1234 conds = translator.from_expr(self.unsat_expr) return conds diff --git a/miasm/arch/mep/arch.py b/miasm/arch/mep/arch.py index 171f5fab..8a9f60fd 100644 --- a/miasm/arch/mep/arch.py +++ b/miasm/arch/mep/arch.py @@ -293,7 +293,7 @@ class mn_mep(cls_mn): """ # Define variables that stores information used to disassemble & assemble - # Notes: - theses variables are mandatory + # Notes: - these variables are mandatory # - they could be moved to the cls_mn class num = 0 # holds the number of mnemonics diff --git a/miasm/arch/msp430/sem.py b/miasm/arch/msp430/sem.py index 52056e5a..68605ae4 100644 --- a/miasm/arch/msp430/sem.py +++ b/miasm/arch/msp430/sem.py @@ -268,7 +268,7 @@ def xor_w(ir, instr, a, b): e += [ExprAssign(zf, ExprOp('FLAG_EQ_CMP', arg2, arg1))] e += update_flag_nf(res) e += reset_sr_res() - e += update_flag_cf_inv_zf(c) + e += update_flag_cf_inv_zf(res) e.append(ExprAssign(of, arg2.msb() & arg1.msb())) return e, [] diff --git a/miasm/core/graph.py b/miasm/core/graph.py index f585379b..01f580a3 100644 --- a/miasm/core/graph.py +++ b/miasm/core/graph.py @@ -978,7 +978,7 @@ class MatchGraph(DiGraph): """ # Partial solution: nodes corrects, edges between these nodes corrects # A partial solution is a dictionary MatchGraphJoker -> @graph's node - todo = list() # Dictionnaries containing partial solution + todo = list() # Dictionaries containing partial solution done = list() # Already computed partial solutions # Elect first candidates diff --git a/miasm/expression/expression.py b/miasm/expression/expression.py index 6c54b9a2..6f171d93 100644 --- a/miasm/expression/expression.py +++ b/miasm/expression/expression.py @@ -279,6 +279,11 @@ class Expr(object): def __ne__(self, other): return not self.__eq__(other) + def __lt__(self, other): + weight1 = EXPR_ORDER_DICT[self.__class__] + weight2 = EXPR_ORDER_DICT[other.__class__] + return weight1 < weight2 + def __add__(self, other): return ExprOp('+', self, other) diff --git a/miasm/ir/ir.py b/miasm/ir/ir.py index eb9857b1..372b712a 100644 --- a/miasm/ir/ir.py +++ b/miasm/ir/ir.py @@ -831,7 +831,7 @@ class IntermediateRepresentation(object): def add_block(self, block, gen_pc_updt=False): """ DEPRECATED function - Use add_block instead of add_block + Use add_asmblock_to_ircfg instead of add_block """ warnings.warn("""DEPRECATION WARNING ircfg is now out of IntermediateRepresentation @@ -844,7 +844,7 @@ class IntermediateRepresentation(object): def add_bloc(self, block, gen_pc_updt=False): """ DEPRECATED function - Use add_block instead of add_block + Use add_asmblock_to_ircfg instead of add_bloc """ self.add_block(block, gen_pc_updt) diff --git a/miasm/jitter/JitCore.c b/miasm/jitter/JitCore.c index 37b69aa3..1ba082c5 100644 --- a/miasm/jitter/JitCore.c +++ b/miasm/jitter/JitCore.c @@ -6,8 +6,8 @@ #include "compat_py23.h" #include "queue.h" #include "vm_mngr.h" -#include "vm_mngr_py.h" #include "bn.h" +#include "vm_mngr_py.h" #include "JitCore.h" @@ -226,41 +226,3 @@ void MEM_WRITE_INT_BN_FROM_PTR(JitCpu* jitcpu, int size, uint64_t addr, char* pt memcpy(&val, ptr, size / 8); MEM_WRITE_INT_BN(jitcpu, size, addr, val); } - - - -PyObject* vm_get_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_len; - - uint64_t addr; - uint64_t size; - size_t size_st; - PyObject *obj_out; - char * buf_out; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_len)) - return NULL; - - PyGetInt_uint64_t(py_addr, addr); - PyGetInt_uint64_t(py_len, size); - - - if (size > SSIZE_MAX) { - fprintf(stderr, "Read size wider than supported system\n"); - exit(EXIT_FAILURE); - } - size_st = (size_t)size; - - ret = vm_read_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, &buf_out, size_st); - if (ret < 0) { - PyErr_SetString(PyExc_RuntimeError, "cannot find address"); - return NULL; - } - - obj_out = PyBytes_FromStringAndSize(buf_out, (Py_ssize_t)size_st); - free(buf_out); - return obj_out; -} diff --git a/miasm/jitter/JitCore.h b/miasm/jitter/JitCore.h index 85be57da..7b7f6c13 100644 --- a/miasm/jitter/JitCore.h +++ b/miasm/jitter/JitCore.h @@ -25,63 +25,26 @@ static PyObject *JitCpu_get_ ## regname (JitCpu *self, void *closure) \ { \ bn_t bn; \ - int j; \ PyObject* py_long; \ - PyObject* py_long_new; \ - PyObject* py_tmp; \ - PyObject* cst_32; \ - uint64_t tmp; \ - py_long = PyLong_FromLong(0); \ - cst_32 = PyLong_FromLong(32); \ bn = (self->cpu)->regname; \ bn = bignum_mask(bn, (size)); \ - for (j = BN_BYTE_SIZE - 4; j >= 0 ; j -= 4) { \ - tmp = bignum_to_uint64(bignum_mask(bignum_rshift(bn, 8 * j), 32)); \ - py_tmp = PyLong_FromUnsignedLong((unsigned long)tmp); \ - py_long_new = PyObject_CallMethod(py_long, "__lshift__", "O", cst_32); \ - Py_DECREF(py_long); \ - py_long = PyObject_CallMethod(py_long_new, "__add__", "O", py_tmp); \ - Py_DECREF(py_long_new); \ - Py_DECREF(py_tmp); \ - } \ - Py_DECREF(cst_32); \ + py_long = bn_to_PyLong(bn); \ return py_long; \ } \ \ static PyObject *JitCpu_set_ ## regname (JitCpu *self, PyObject *value, void *closure) \ { \ bn_t bn; \ - int j; \ PyObject* py_long = value; \ - PyObject* py_long_new; \ - PyObject* py_tmp; \ - PyObject* cst_32; \ - PyObject* cst_ffffffff; \ - uint64_t tmp; \ if (PyLong_Check(py_long)){ \ Py_INCREF(py_long); \ } else { \ RAISE(PyExc_TypeError,"arg must be int"); \ } \ \ - cst_ffffffff = PyLong_FromLong(0xffffffff); \ - cst_32 = PyLong_FromLong(32); \ - bn = bignum_from_int(0); \ - \ - for (j = 0; j < BN_BYTE_SIZE; j += 4) { \ - py_tmp = PyObject_CallMethod(py_long, "__and__", "O", cst_ffffffff); \ - py_long_new = PyObject_CallMethod(py_long, "__rshift__", "O", cst_32); \ - Py_DECREF(py_long); \ - py_long = py_long_new; \ - tmp = PyLong_AsUnsignedLongMask(py_tmp); \ - Py_DECREF(py_tmp); \ - bn = bignum_or(bn, bignum_lshift(bignum_from_uint64(tmp), 8 * j)); \ - } \ + bn = PyLong_to_bn(py_long); \ \ (self->cpu)->regname = bignum_mask(bn, (size)); \ - Py_DECREF(py_long); \ - Py_DECREF(cst_32); \ - Py_DECREF(cst_ffffffff); \ return 0; \ } @@ -91,38 +54,17 @@ static PyObject *JitCpu_get_ ## regname (JitCpu *self, void *closure) \ { \ bn_t bn; \ - int j; \ PyObject* py_long; \ - PyObject* py_long_new; \ - PyObject* py_tmp; \ - PyObject* cst_32; \ - uint64_t tmp; \ - py_long = PyLong_FromLong(0); \ - cst_32 = PyLong_FromLong(32); \ bn = (self->cpu)->regname; \ bn = bignum_mask(bn, (size)); \ - for (j = BN_BYTE_SIZE - 4; j >= 0 ; j -= 4) { \ - tmp = bignum_to_uint64(bignum_mask(bignum_rshift(bn, 8 * j), 32)); \ - py_tmp = PyLong_FromUnsignedLong((unsigned long)tmp); \ - py_long_new = PyObject_CallMethod(py_long, "__lshift__", "O", cst_32); \ - Py_DECREF(py_long); \ - py_long = PyObject_CallMethod(py_long_new, "__add__", "O", py_tmp); \ - Py_DECREF(py_long_new); \ - Py_DECREF(py_tmp); \ - } \ - Py_DECREF(cst_32); \ + py_long = bn_to_PyLong(bn); \ return py_long; \ } \ \ static PyObject *JitCpu_set_ ## regname (JitCpu *self, PyObject *value, void *closure) \ { \ bn_t bn; \ - int j; \ PyObject* py_long = value; \ - PyObject* py_long_new; \ - PyObject* py_tmp; \ - PyObject* cst_32; \ - PyObject* cst_ffffffff; \ uint64_t tmp; \ \ if (PyInt_Check(py_long)){ \ @@ -135,24 +77,9 @@ RAISE(PyExc_TypeError,"arg must be int"); \ } \ \ - cst_ffffffff = PyLong_FromLong(0xffffffff); \ - cst_32 = PyLong_FromLong(32); \ - bn = bignum_from_int(0); \ - \ - for (j = 0; j < BN_BYTE_SIZE; j += 4) { \ - py_tmp = PyObject_CallMethod(py_long, "__and__", "O", cst_ffffffff); \ - py_long_new = PyObject_CallMethod(py_long, "__rshift__", "O", cst_32); \ - Py_DECREF(py_long); \ - py_long = py_long_new; \ - tmp = PyLong_AsUnsignedLongMask(py_tmp); \ - Py_DECREF(py_tmp); \ - bn = bignum_or(bn, bignum_lshift(bignum_from_uint64(tmp), 8 * j)); \ - } \ + bn = PyLong_to_bn(py_long); \ \ self->cpu->regname = bignum_mask(bn, (size)); \ - Py_DECREF(py_long); \ - Py_DECREF(cst_32); \ - Py_DECREF(cst_ffffffff); \ return 0; \ } #endif @@ -231,28 +158,12 @@ #define get_reg_bn(reg, size) do { \ bn_t bn; \ - int j; \ PyObject* py_long; \ - PyObject* py_long_new; \ - PyObject* py_tmp; \ - PyObject* cst_32; \ - uint64_t tmp; \ - py_long = PyLong_FromLong(0); \ - cst_32 = PyLong_FromLong(32); \ bn = self->cpu->reg; \ bn = bignum_mask(bn, size); \ - for (j = BN_BYTE_SIZE - 4; j >= 0 ; j -= 4) { \ - tmp = bignum_to_uint64(bignum_mask(bignum_rshift(bn, 8 * j), 32)); \ - py_tmp = PyLong_FromUnsignedLong((unsigned long)tmp); \ - py_long_new = PyObject_CallMethod(py_long, "__lshift__", "O", cst_32); \ - Py_DECREF(py_long); \ - py_long = PyObject_CallMethod(py_long_new, "__add__", "O", py_tmp); \ - Py_DECREF(py_long_new); \ - Py_DECREF(py_tmp); \ - } \ + py_long = bn_to_PyLong(bn); \ PyDict_SetItemString(dict, #reg, py_long); \ Py_DECREF(py_long); \ - Py_DECREF(cst_32); \ } while(0); @@ -315,8 +226,6 @@ _MIASM_EXPORT void MEM_WRITE_BN_INT(JitCpu* jitcpu, int size, bn_t addr, uint64_ _MIASM_EXPORT void MEM_WRITE_INT_BN(JitCpu* jitcpu, int size, uint64_t addr, bn_t src); -PyObject* vm_get_mem(JitCpu *self, PyObject* args); - _MIASM_EXPORT void MEM_LOOKUP_INT_BN_TO_PTR(JitCpu* jitcpu, int size, uint64_t addr, char* ptr); _MIASM_EXPORT void MEM_WRITE_INT_BN_FROM_PTR(JitCpu* jitcpu, int size, uint64_t addr, char* ptr); diff --git a/miasm/jitter/Jitllvm.c b/miasm/jitter/Jitllvm.c index 7617954b..3420c254 100644 --- a/miasm/jitter/Jitllvm.c +++ b/miasm/jitter/Jitllvm.c @@ -6,8 +6,8 @@ #include "compat_py23.h" #include "queue.h" #include "vm_mngr.h" -#include "vm_mngr_py.h" #include "bn.h" +#include "vm_mngr_py.h" #include "JitCore.h" // Needed to get the JitCpu.cpu offset, arch independent #include "arch/JitCore_x86.h" diff --git a/miasm/jitter/arch/JitCore_aarch64.c b/miasm/jitter/arch/JitCore_aarch64.c index c1a89285..7961f3cc 100644 --- a/miasm/jitter/arch/JitCore_aarch64.c +++ b/miasm/jitter/arch/JitCore_aarch64.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "../op_semantics.h" #include "JitCore_aarch64.h" @@ -252,39 +252,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) } -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - RAISE(PyExc_TypeError,"Cannot parse arguments"); - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ }; @@ -304,10 +271,6 @@ static PyMethodDef JitCpu_methods[] = { "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, - "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, - "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_arm.c b/miasm/jitter/arch/JitCore_arm.c index 13dcb3f4..b39ae4d2 100644 --- a/miasm/jitter/arch/JitCore_arm.c +++ b/miasm/jitter/arch/JitCore_arm.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "../op_semantics.h" #include "JitCore_arm.h" @@ -204,39 +204,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) vm_MEM_WRITE_64(&((VmMngr*)jitcpu->pyvm)->vm_mngr, addr, src); } -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - RAISE(PyExc_TypeError,"Cannot parse arguments"); - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - PyObject* cpu_set_interrupt_num(JitCpu* self, PyObject* args) { PyObject *item1; @@ -280,10 +247,6 @@ static PyMethodDef JitCpu_methods[] = { "X"}, {"set_interrupt_num", (PyCFunction)cpu_set_interrupt_num, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, - "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, - "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_mep.c b/miasm/jitter/arch/JitCore_mep.c index a69110bc..286a12ac 100644 --- a/miasm/jitter/arch/JitCore_mep.c +++ b/miasm/jitter/arch/JitCore_mep.c @@ -8,8 +8,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "JitCore_mep.h" @@ -269,39 +269,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) } -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret = 0x1337; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - return NULL; - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ }; @@ -314,8 +281,6 @@ static PyMethodDef JitCpu_methods[] = { {"set_gpreg", (PyCFunction)cpu_set_gpreg, METH_VARARGS, "X"}, {"get_exception", (PyCFunction)cpu_get_exception, METH_VARARGS, "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_mips32.c b/miasm/jitter/arch/JitCore_mips32.c index ce894e2a..dc576dfb 100644 --- a/miasm/jitter/arch/JitCore_mips32.c +++ b/miasm/jitter/arch/JitCore_mips32.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "../op_semantics.h" #include "JitCore_mips32.h" @@ -228,39 +228,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) } -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - RAISE(PyExc_TypeError,"Cannot parse arguments"); - - PyGetInt_uint64_t(py_addr, addr); - - if (!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ @@ -279,10 +246,6 @@ static PyMethodDef JitCpu_methods[] = { "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, - "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, - "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_msp430.c b/miasm/jitter/arch/JitCore_msp430.c index 3716756e..2bb51c68 100644 --- a/miasm/jitter/arch/JitCore_msp430.c +++ b/miasm/jitter/arch/JitCore_msp430.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "JitCore_msp430.h" @@ -204,40 +204,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) } -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - RAISE(PyExc_TypeError,"Cannot parse arguments"); - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ }; @@ -257,10 +223,6 @@ static PyMethodDef JitCpu_methods[] = { "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, - "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, - "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_ppc32.c b/miasm/jitter/arch/JitCore_ppc32.c index 49dc0b1e..086b140f 100644 --- a/miasm/jitter/arch/JitCore_ppc32.c +++ b/miasm/jitter/arch/JitCore_ppc32.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "JitCore_ppc32.h" @@ -161,39 +161,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) -PyObject * -vm_set_mem(JitCpu *self, PyObject *args) { - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char *buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret = 0x1337; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - return NULL; - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ }; @@ -207,8 +174,6 @@ static PyMethodDef JitCpu_methods[] = { {"get_exception", (PyCFunction)cpu_get_exception, METH_VARARGS, "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, {"get_spr_access", (PyCFunction)cpu_get_spr_access, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, "X"}, {NULL} /* Sentinel */ }; diff --git a/miasm/jitter/arch/JitCore_x86.c b/miasm/jitter/arch/JitCore_x86.c index 608893a7..361b18b4 100644 --- a/miasm/jitter/arch/JitCore_x86.c +++ b/miasm/jitter/arch/JitCore_x86.c @@ -5,8 +5,8 @@ #include "../compat_py23.h" #include "../queue.h" #include "../vm_mngr.h" -#include "../vm_mngr_py.h" #include "../bn.h" +#include "../vm_mngr_py.h" #include "../JitCore.h" #include "../op_semantics.h" #include "JitCore_x86.h" @@ -209,13 +209,7 @@ PyObject* cpu_set_gpreg(JitCpu* self, PyObject *args) case 128: { bn_t bn; - int j; PyObject* py_long = d_value; - PyObject* py_long_new; - PyObject* py_tmp; - PyObject* cst_32; - PyObject* cst_ffffffff; - uint64_t tmp; #if PY_MAJOR_VERSION >= 3 @@ -227,6 +221,8 @@ PyObject* cpu_set_gpreg(JitCpu* self, PyObject *args) RAISE(PyExc_TypeError,"arg must be int"); } #else + uint64_t tmp; + if (PyInt_Check(py_long)){ tmp = (uint64_t)PyInt_AsLong(py_long); py_long = PyLong_FromLong((long)tmp); @@ -240,25 +236,7 @@ PyObject* cpu_set_gpreg(JitCpu* self, PyObject *args) } #endif - - cst_ffffffff = PyLong_FromLong(0xffffffff); - cst_32 = PyLong_FromLong(32); - bn = bignum_from_int(0); - - for (j = 0; j < BN_BYTE_SIZE; j += 4) { - py_tmp = PyObject_CallMethod(py_long, "__and__", "O", cst_ffffffff); - tmp = PyLong_AsUnsignedLongMask(py_tmp); - Py_DECREF(py_tmp); - bn = bignum_lshift(bn, 32); - bn = bignum_or(bn, bignum_from_uint64(tmp)); - - py_long_new = PyObject_CallMethod(py_long, "__rshift__", "O", cst_32); - Py_DECREF(py_long); - py_long = py_long_new; - } - Py_DECREF(py_long); - Py_DECREF(cst_32); - Py_DECREF(cst_ffffffff); + bn = PyLong_to_bn(py_long); *(bn_t*)(((char*)(self->cpu)) + gpreg_dict[i].offset) = bignum_mask(bn, 128); } break; @@ -482,39 +460,6 @@ void MEM_WRITE_64(JitCpu* jitcpu, uint64_t addr, uint64_t src) -PyObject* vm_set_mem(JitCpu *self, PyObject* args) -{ - PyObject *py_addr; - PyObject *py_buffer; - Py_ssize_t py_length; - - char * buffer; - Py_ssize_t pysize; - uint64_t addr; - int ret; - - if (!PyArg_ParseTuple(args, "OO", &py_addr, &py_buffer)) - RAISE(PyExc_TypeError,"Cannot parse arguments"); - - PyGetInt_uint64_t(py_addr, addr); - - if(!PyBytes_Check(py_buffer)) - RAISE(PyExc_TypeError,"arg must be bytes"); - - pysize = PyBytes_Size(py_buffer); - if (pysize < 0) { - RAISE(PyExc_TypeError,"Python error"); - } - PyBytes_AsStringAndSize(py_buffer, &buffer, &py_length); - - ret = vm_write_mem(&(((VmMngr*)self->pyvm)->vm_mngr), addr, buffer, pysize); - if (ret < 0) - RAISE(PyExc_TypeError,"arg must be str"); - - Py_INCREF(Py_None); - return Py_None; -} - static PyMemberDef JitCpu_members[] = { {NULL} /* Sentinel */ }; @@ -538,10 +483,6 @@ static PyMethodDef JitCpu_methods[] = { "X"}, {"set_exception", (PyCFunction)cpu_set_exception, METH_VARARGS, "X"}, - {"set_mem", (PyCFunction)vm_set_mem, METH_VARARGS, - "X"}, - {"get_mem", (PyCFunction)vm_get_mem, METH_VARARGS, - "X"}, {"get_interrupt_num", (PyCFunction)cpu_get_interrupt_num, METH_VARARGS, "X"}, {"set_interrupt_num", (PyCFunction)cpu_set_interrupt_num, METH_VARARGS, diff --git a/miasm/jitter/codegen.py b/miasm/jitter/codegen.py index 792feae0..abbf65d2 100644 --- a/miasm/jitter/codegen.py +++ b/miasm/jitter/codegen.py @@ -187,7 +187,7 @@ class CGen(object): def add_local_var(self, dst_var, dst_index, expr): """ - Add local variable used to store temporay result + Add local variable used to store temporary result @dst_var: dictionary of Expr -> local_var_expr @dst_index : dictionary of size -> local var count @expr: Expression source diff --git a/miasm/jitter/compat_py23.h b/miasm/jitter/compat_py23.h index 936c08f3..6dce7818 100644 --- a/miasm/jitter/compat_py23.h +++ b/miasm/jitter/compat_py23.h @@ -2,15 +2,35 @@ #define __COMPAT_PY23_H__ +#include "bn.h" #if PY_MAJOR_VERSION >= 3 #define PyGetInt_uint_t(size_type, item, value) \ if (PyLong_Check(item)) { \ - unsigned long long tmp; \ - tmp = PyLong_AsUnsignedLongLong(item); \ - if ( tmp > (size_type) -1) { \ + Py_INCREF(item); \ + PyObject* py_long = item; \ + PyObject* py_long_new; \ + bn_t bn; \ + uint64_t tmp; \ + int neg = 0; \ + \ + if (Py_SIZE(py_long) < 0) { \ + neg = 1; \ + py_long_new = PyObject_CallMethod(py_long, "__neg__", NULL); \ + Py_DECREF(py_long); \ + py_long = py_long_new; \ + } \ + \ + bn = PyLong_to_bn(py_long); \ + \ + bn_t mask_bn = bignum_lshift(bignum_from_int(1), sizeof(size_type)*8); \ + if (bignum_is_inf_equal_unsigned(mask_bn, bn)) { \ RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + if (neg) { \ + bn = bignum_sub(mask_bn, bn); \ } \ + tmp = bignum_to_uint64(bn); \ value = (size_type) tmp; \ } \ else{ \ @@ -20,12 +40,31 @@ #define PyGetInt_uint_t_retneg(size_type, item, value) \ if (PyLong_Check(item)) { \ - unsigned long long tmp; \ - tmp = PyLong_AsUnsignedLongLong(item); \ - if ( tmp > (size_type) -1) { \ + Py_INCREF(item); \ + PyObject* py_long = item; \ + PyObject* py_long_new; \ + bn_t bn; \ + uint64_t tmp; \ + int neg = 0; \ + \ + if (Py_SIZE(py_long) < 0) { \ + neg = 1; \ + py_long_new = PyObject_CallMethod(py_long, "__neg__", NULL); \ + Py_DECREF(py_long); \ + py_long = py_long_new; \ + } \ + \ + bn = PyLong_to_bn(py_long); \ + \ + bn_t mask_bn = bignum_lshift(bignum_from_int(1), sizeof(size_type)*8); \ + if (bignum_is_inf_equal_unsigned(mask_bn, bn)) { \ PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ return -1; \ + } \ + if (neg) { \ + bn = bignum_sub(mask_bn, bn); \ } \ + tmp = bignum_to_uint64(bn); \ value = (size_type) tmp; \ } \ else{ \ @@ -45,17 +84,42 @@ if (PyInt_Check(item)) { \ long tmp; \ tmp = PyInt_AsLong(item); \ - if ( tmp > (size_type) -1) { \ + \ + if (Py_SIZE(item) < 0) { \ + if (-tmp > ((size_type) -1)) { \ + RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + } \ + else if (tmp > (size_type) -1) { \ RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ } \ value = (size_type) tmp; \ } \ else if (PyLong_Check(item)){ \ - unsigned long long tmp; \ - tmp = PyLong_AsUnsignedLongLong(item); \ - if ( tmp > (size_type) -1) { \ + Py_INCREF(item); \ + PyObject* py_long = item; \ + PyObject* py_long_new; \ + bn_t bn; \ + uint64_t tmp; \ + int neg = 0; \ + \ + if (Py_SIZE(py_long) < 0) { \ + neg = 1; \ + py_long_new = PyObject_CallMethod(py_long, "__neg__", NULL); \ + Py_DECREF(py_long); \ + py_long = py_long_new; \ + } \ + \ + bn = PyLong_to_bn(py_long); \ + \ + bn_t mask_bn = bignum_lshift(bignum_from_int(1), sizeof(size_type)*8); \ + if (bignum_is_inf_equal_unsigned(mask_bn, bn)) { \ RAISE(PyExc_TypeError, "Arg too big for " #size_type ""); \ + } \ + if (neg) { \ + bn = bignum_sub(mask_bn, bn); \ } \ + tmp = bignum_to_uint64(bn); \ value = (size_type) tmp; \ } \ else{ \ @@ -66,20 +130,46 @@ #define PyGetInt_uint_t_retneg(size_type, item, value) \ if (PyInt_Check(item)) { \ long tmp; \ - tmp = PyLong_AsLong(item); \ - if ( tmp > (size_type) -1) { \ + tmp = PyInt_AsLong(item); \ + \ + if (Py_SIZE(item) < 0) { \ + if (-tmp > ((size_type) -1)) { \ + PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ + return -1; \ + } \ + } \ + else if (tmp > (size_type) -1) { \ PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ return -1; \ } \ value = (size_type) tmp; \ } \ else if (PyLong_Check(item)){ \ - unsigned long long tmp; \ - tmp = PyLong_AsUnsignedLongLong(item); \ - if ( tmp > (size_type) -1) { \ + Py_INCREF(item); \ + PyObject* py_long = item; \ + PyObject* py_long_new; \ + bn_t bn; \ + uint64_t tmp; \ + int neg = 0; \ + \ + if (Py_SIZE(py_long) < 0) { \ + neg = 1; \ + py_long_new = PyObject_CallMethod(py_long, "__neg__", NULL); \ + Py_DECREF(py_long); \ + py_long = py_long_new; \ + } \ + \ + bn = PyLong_to_bn(py_long); \ + \ + bn_t mask_bn = bignum_lshift(bignum_from_int(1), sizeof(size_type)*8); \ + if (bignum_is_inf_equal_unsigned(mask_bn, bn)) { \ PyErr_SetString(PyExc_TypeError, "Arg too big for " #size_type ""); \ return -1; \ + } \ + if (neg) { \ + bn = bignum_sub(mask_bn, bn); \ } \ + tmp = bignum_to_uint64(bn); \ value = (size_type) tmp; \ } \ else{ \ diff --git a/miasm/jitter/emulatedsymbexec.py b/miasm/jitter/emulatedsymbexec.py index 4355c0b9..aacfba9f 100644 --- a/miasm/jitter/emulatedsymbexec.py +++ b/miasm/jitter/emulatedsymbexec.py @@ -19,6 +19,36 @@ class EmulatedSymbExec(SymbolicExecutionEngine): 2: 0x00000209, 3: 0x078bf9ff }, + 2: { + 0: 0, + 1: 0, + 2: 0, + 3: 0 + }, + 4: { + 0: 0, + 1: 0, + 2: 0, + 3: 0 + }, + 7: { + 0: 0, + 1: (1 << 0) | (1 << 3), + 2: 0, + 3: 0 + }, + 0x80000000: { + 0: 0x80000008, + 1: 0, + 2: 0, + 3: 0 + }, + 0x80000001: { + 0: 0, + 1: 0, + 2: (1 << 0) | (1 << 8), + 3: (1 << 11) | (1 << 29), + }, } def __init__(self, cpu, vm, *args, **kwargs): @@ -45,7 +75,7 @@ class EmulatedSymbExec(SymbolicExecutionEngine): return super(EmulatedSymbExec, self).mem_read(expr_mem) addr = int(addr) size = expr_mem.size // 8 - value = self.cpu.get_mem(addr, size) + value = self.vm.get_mem(addr, size) if self.vm.is_little_endian(): value = value[::-1] self.vm.add_mem_read(addr, size) @@ -77,8 +107,7 @@ class EmulatedSymbExec(SymbolicExecutionEngine): content = content[::-1] # Write in VmMngr context - self.cpu.set_mem(addr, content) - self.vm.add_mem_write(addr, len(content)) + self.vm.set_mem(addr, content) # Interaction symbexec <-> jitter def update_cpu_from_engine(self): diff --git a/miasm/jitter/jitcore_cc_base.py b/miasm/jitter/jitcore_cc_base.py index 4ec0e358..995c458b 100644 --- a/miasm/jitter/jitcore_cc_base.py +++ b/miasm/jitter/jitcore_cc_base.py @@ -18,8 +18,8 @@ def gen_core(arch, attrib): txt += '#include "%s/queue.h"\n' % lib_dir txt += '#include "%s/op_semantics.h"\n' % lib_dir txt += '#include "%s/vm_mngr.h"\n' % lib_dir - txt += '#include "%s/vm_mngr_py.h"\n' % lib_dir txt += '#include "%s/bn.h"\n' % lib_dir + txt += '#include "%s/vm_mngr_py.h"\n' % lib_dir txt += '#include "%s/JitCore.h"\n' % lib_dir txt += '#include "%s/arch/JitCore_%s.h"\n' % (lib_dir, arch.name) diff --git a/miasm/jitter/llvmconvert.py b/miasm/jitter/llvmconvert.py index d0e0407b..c4467411 100644 --- a/miasm/jitter/llvmconvert.py +++ b/miasm/jitter/llvmconvert.py @@ -1720,7 +1720,7 @@ class LLVMFunction(object): self.gen_bad_block(asmblock) return - # Create basic blocks (for label branchs) + # Create basic blocks (for label branches) entry_bbl, builder = self.entry_bbl, self.builder for instr in asmblock.lines: lbl = self.llvm_context.ir_arch.loc_db.get_or_create_offset_location(instr.offset) diff --git a/miasm/jitter/op_semantics.c b/miasm/jitter/op_semantics.c index 79dcdcf4..6725ae64 100644 --- a/miasm/jitter/op_semantics.c +++ b/miasm/jitter/op_semantics.c @@ -380,6 +380,41 @@ unsigned int x86_cpuid(unsigned int a, unsigned int reg_num) return 0x00000000; } } + // Extended Function CPUID Information + else if (a == 0x80000000){ + switch(reg_num){ + case 0: + // Pentium 4 Processor supporting Hyper-Threading + // Technology to Intel Xeon Processor 5100 Series + return 0x80000008; + case 1: + return 0x00000000; + case 2: + return 0x00000000; + case 3: + return 0x00000000; + } + } + else if (a == 0x80000001){ + switch(reg_num){ + case 0: + // Extended Processor Signature and Extended Feature + // Bits + return 0x00000000; + case 1: + return 0x00000000; + case 2: + return (/* LAHF-SAHF */ 1 << 0) + | (/* LZCNT */ 0 << 5) + | (/* PREFETCHW */ 1 << 8); + case 3: + return (/* SYSCALL/SYSRET */ 1 << 11) + | (/* Execute Disable Bit available */ 0 << 20) + | (/* 1-GByte pages available */ 0 << 26) + | (/* RDTSCP and IA32_TSC_AUX available */ 0 << 27) + | (/* Intel ® 64 Architecture available */ 1 << 29); + } + } else{ fprintf(stderr, "WARNING not implemented x86_cpuid index %X!\n", a); exit(EXIT_FAILURE); diff --git a/miasm/jitter/vm_mngr.h b/miasm/jitter/vm_mngr.h index e7d0c123..35a648a5 100644 --- a/miasm/jitter/vm_mngr.h +++ b/miasm/jitter/vm_mngr.h @@ -35,10 +35,8 @@ #ifdef __APPLE__ #define __BYTE_ORDER __BYTE_ORDER__ -#ifndef __BIG_ENDIAN -#define __BIG_ENDIAN '>' -#define __LITTLE_ENDIAN '<' -#endif +#define __BIG_ENDIAN BIG_ENDIAN +#define __LITTLE_ENDIAN LITTLE_ENDIAN #elif defined(__NetBSD__) || defined(__OpenBSD__) #define __BYTE_ORDER _BYTE_ORDER #define __BIG_ENDIAN _BIG_ENDIAN diff --git a/miasm/jitter/vm_mngr_py.c b/miasm/jitter/vm_mngr_py.c index 9ec87b0d..69e62fef 100644 --- a/miasm/jitter/vm_mngr_py.c +++ b/miasm/jitter/vm_mngr_py.c @@ -23,6 +23,7 @@ #include "compat_py23.h" #include "queue.h" #include "vm_mngr.h" +#include "bn.h" #include "vm_mngr_py.h" #define MIN(a,b) (((a)<(b))?(a):(b)) @@ -1010,3 +1011,60 @@ MOD_INIT(VmMngr) RET_MODULE; } + +bn_t PyLong_to_bn(PyObject* py_long) +{ + int j; + uint64_t tmp_mask; + PyObject* py_tmp; + PyObject* py_long_tmp; + PyObject* cst_32; + PyObject* cst_ffffffff; + bn_t bn; + + cst_ffffffff = PyLong_FromLong(0xffffffff); + cst_32 = PyLong_FromLong(32); + bn = bignum_from_int(0); + + for (j = 0; j < BN_BYTE_SIZE; j += 4) { + py_tmp = PyObject_CallMethod(py_long, "__and__", "O", cst_ffffffff); + py_long_tmp = PyObject_CallMethod(py_long, "__rshift__", "O", cst_32); + Py_DECREF(py_long); + py_long = py_long_tmp; + tmp_mask = PyLong_AsUnsignedLongLongMask(py_tmp); + Py_DECREF(py_tmp); + bn = bignum_or(bn, bignum_lshift(bignum_from_uint64(tmp_mask), 8 * j)); + } + + Py_DECREF(cst_32); + Py_DECREF(cst_ffffffff); + + return bn; +} + +PyObject* bn_to_PyLong(bn_t bn) +{ + int j; + PyObject* py_long; + PyObject* py_long_new; + PyObject* py_tmp; + PyObject* cst_32; + uint64_t tmp; + + py_long = PyLong_FromLong(0); + cst_32 = PyLong_FromLong(32); + + for (j = BN_BYTE_SIZE - 4; j >= 0 ; j -= 4) { + tmp = bignum_to_uint64(bignum_mask(bignum_rshift(bn, 8 * j), 32)); + py_tmp = PyLong_FromUnsignedLong((unsigned long)tmp); + py_long_new = PyObject_CallMethod(py_long, "__lshift__", "O", cst_32); + Py_DECREF(py_long); + py_long = PyObject_CallMethod(py_long_new, "__add__", "O", py_tmp); + Py_DECREF(py_long_new); + Py_DECREF(py_tmp); + } + + Py_DECREF(cst_32); + + return py_long; +} diff --git a/miasm/jitter/vm_mngr_py.h b/miasm/jitter/vm_mngr_py.h index e2e43c65..a8f7dcd0 100644 --- a/miasm/jitter/vm_mngr_py.h +++ b/miasm/jitter/vm_mngr_py.h @@ -11,5 +11,7 @@ typedef struct { vm_mngr_t vm_mngr; } VmMngr; - #endif// VM_MNGR_PY_H + +bn_t PyLong_to_bn(PyObject* py_long); +PyObject* bn_to_PyLong(bn_t bn); diff --git a/miasm/loader/elf_init.py b/miasm/loader/elf_init.py index 36c4cfaf..786d030b 100644 --- a/miasm/loader/elf_init.py +++ b/miasm/loader/elf_init.py @@ -104,6 +104,8 @@ class WRel64(StructWrapper): wrapped._fields.append(("type", "u32")) def get_sym(self): + if not hasattr(self.parent.linksection, 'symtab'): + return None return self.parent.linksection.symtab[self.cstr.info >> 32].name def get_type(self): diff --git a/miasm/os_dep/linux/syscall.py b/miasm/os_dep/linux/syscall.py index 1edf72c4..353d61cf 100644 --- a/miasm/os_dep/linux/syscall.py +++ b/miasm/os_dep/linux/syscall.py @@ -6,6 +6,7 @@ import struct import termios from miasm.jitter.csts import EXCEPT_PRIV_INSN, EXCEPT_INT_XX +from miasm.core.utils import pck64 log = logging.getLogger('syscalls') hnd = logging.StreamHandler() @@ -347,6 +348,18 @@ def sys_x86_64_arch_prctl(jitter, linux_env): 0x1002: "ARCH_SET_FS", 0x1003: "ARCH_GET_FS", 0x1004: "ARCH_GET_GS", + 0x1011: "ARCH_GET_CPUID", + 0x1012: "ARCH_SET_CPUID", + 0x2001: "ARCH_MAP_VDSO_X32", + 0x2002: "ARCH_MAP_VDSO_32", + 0x2003: "ARCH_MAP_VDSO_64", + 0x3001: "ARCH_CET_STATUS", + 0x3002: "ARCH_CET_DISABLE", + 0x3003: "ARCH_CET_LOCK", + 0x3004: "ARCH_CET_EXEC", + 0x3005: "ARCH_CET_ALLOC_SHSTK", + 0x3006: "ARCH_CET_PUSH_SHSTK", + 0x3007: "ARCH_CET_LEGACY_BITMAP", } code = jitter.cpu.RDI rcode = code_name[code] @@ -355,6 +368,9 @@ def sys_x86_64_arch_prctl(jitter, linux_env): if code == 0x1002: jitter.cpu.set_segm_base(jitter.cpu.FS, addr) + elif code == 0x3001: + # CET status (disabled) + jitter.cpu.set_mem(addr, pck64(0)) else: raise RuntimeError("Not implemented") jitter.cpu.RAX = 0 diff --git a/optional_requirements.txt b/optional_requirements.txt index d6a28948..88d09170 100644 --- a/optional_requirements.txt +++ b/optional_requirements.txt @@ -1,2 +1,3 @@ pycparser z3-solver==4.5.1.0 +llvmlite==0.26.0 diff --git a/requirements.txt b/requirements.txt index 135ca071..eb542916 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ pyparsing future -llvmlite==0.26.0 diff --git a/setup.py b/setup.py index 9a687160..e8ea7b3a 100755..100644 --- a/setup.py +++ b/setup.py @@ -3,6 +3,7 @@ from __future__ import print_function from distutils.core import setup, Extension from distutils.util import get_platform +from distutils.sysconfig import get_python_lib, get_config_vars import io import os import platform @@ -10,6 +11,13 @@ from shutil import copy2 import sys is_win = platform.system() == "Windows" +is_mac = platform.system() == "Darwin" + +def set_extension_compile_args(extension): + rel_lib_path = extension.name.replace('.', '/') + abs_lib_path = os.path.join(get_python_lib(), rel_lib_path) + lib_name = abs_lib_path + '.so' + extension.extra_link_args = [ '-Wl,-install_name,' + lib_name] def buil_all(): packages=[ @@ -49,6 +57,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_x86.c" @@ -59,6 +68,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_arm.c" @@ -69,6 +79,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_aarch64.c" @@ -79,6 +90,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_msp430.c" @@ -89,6 +101,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_mep.c" ] @@ -98,6 +111,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_mips32.c" @@ -108,6 +122,7 @@ def buil_all(): [ "miasm/jitter/JitCore.c", "miasm/jitter/vm_mngr.c", + "miasm/jitter/vm_mngr_py.c", "miasm/jitter/op_semantics.c", "miasm/jitter/bn.c", "miasm/jitter/arch/JitCore_ppc32.c" @@ -132,6 +147,11 @@ def buil_all(): # Force setuptools to use whatever msvc version installed os.environ['MSSdk'] = '1' os.environ['DISTUTILS_USE_SDK'] = '1' + elif is_mac: + for extension in ext_modules_all: + set_extension_compile_args(extension) + cfg_vars = get_config_vars() + cfg_vars['LDSHARED'] = cfg_vars['LDSHARED'].replace('-bundle', '-dynamiclib') print("building") build_ok = False diff --git a/test/arch/mep/asm/test_asm.py b/test/arch/mep/asm/test_asm.py index 7762669a..e8b8afb9 100644 --- a/test/arch/mep/asm/test_asm.py +++ b/test/arch/mep/asm/test_asm.py @@ -22,12 +22,12 @@ class TestMisc(object): for mn_str, mn_hex in unit_tests: print("-" * 49) # Tests separation - # Dissassemble + # Disassemble mn_bin = decode_hex(mn_hex) mn = mn_mep.dis(mn_bin, "b") print("dis: %s -> %s" % (mn_hex.rjust(20), str(mn).rjust(20))) - assert(str(mn) == mn_str) # dissassemble assertion + assert(str(mn) == mn_str) # disassemble assertion # Assemble and return all possible candidates instr = mn_mep.fromstring(str(mn), "b") diff --git a/test/arch/mep/asm/test_major_opcode_4.py b/test/arch/mep/asm/test_major_opcode_4.py index a6f57ac2..fd466b62 100644 --- a/test/arch/mep/asm/test_major_opcode_4.py +++ b/test/arch/mep/asm/test_major_opcode_4.py @@ -107,7 +107,7 @@ class TestMajor4(object): check_instruction("LBU $4, 0x22($TP)", "4ca2", multi=2) # Note: the following instruction can not be easily manipulated due to # expressions simplifications performed by miasm at assembly and - # dissassembly, i.e. ExprMem($TP + 0) is simplified into ExprMem($TP) + # disassembly, i.e. ExprMem($TP + 0) is simplified into ExprMem($TP) #check_instruction("LBU $6, 0x0($TP)", "4e80", multi=2) check_instruction("LBU $7, 0x3C($TP)", "4fbc", multi=2) check_instruction("LBU $2, 0x4($TP)", "4a84", multi=2) diff --git a/test/jitter/jitcore.py b/test/jitter/jitcore.py new file mode 100644 index 00000000..75360542 --- /dev/null +++ b/test/jitter/jitcore.py @@ -0,0 +1,47 @@ +import sys + +from miasm.analysis.machine import Machine +machine = Machine("x86_64") +jitter = machine.jitter(sys.argv[1]) + +jitter.cpu.RAX = 16565615892967251934 +assert jitter.cpu.RAX == 16565615892967251934 + +jitter.cpu.RAX = -1 +assert jitter.cpu.RAX == 0xffffffffffffffff + +jitter.cpu.RAX = -2 +assert jitter.cpu.RAX == 0xfffffffffffffffe + +jitter.cpu.EAX = -2 +assert jitter.cpu.EAX == 0xfffffffe + +jitter.cpu.RAX = -0xffffffffffffffff +assert jitter.cpu.RAX == 1 + +try: + jitter.cpu.RAX = 0x1ffffffffffffffff +except TypeError: + pass +else: + raise Exception("Should see that 0x1ffffffffffffffff is too big for RAX") + +try: + jitter.cpu.RAX = 0x10000000000000000 +except TypeError: + pass +else: + raise Exception("Should see that 0x10000000000000000 is too big for RAX") + +jitter.cpu.EAX = -0xefffffff +assert jitter.cpu.EAX == 0x10000001 + +jitter.cpu.EAX = -0xFFFFFFFF +assert jitter.cpu.EAX == 1 + +try: + jitter.cpu.EAX = -0x1ffffffff +except TypeError: + pass +else: + raise Exception("Should see that -0x1ffffffff is too big for EAX") diff --git a/test/test_all.py b/test/test_all.py index a8a0d599..ce223211 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -457,6 +457,7 @@ for i, test_args in enumerate(test_args): for script in ["jitload.py", "vm_mngr.py", "jit_options.py", + "jitcore.py", "test_post_instr.py", "bad_block.py", "jmp_out_mem.py", @@ -696,6 +697,18 @@ for script in [["basic_op.py"], ]: testset += ExampleExpression(script) +## Loader +class ExampleLoader(Example): + """Loader examples specificities: + - script path begins with "loader/" + """ + example_dir = "loader" + + +testset += ExampleLoader(["build_pe.py"], products=["fresh_pe.exe"]) +# A sample is required, so "minidump_to_pe.py" is disabled for now + + ## Symbolic Execution class ExampleSymbolExec(Example): """Symbol Exec examples specificities: |