diff options
Diffstat (limited to 'example/jitter')
| -rwxr-xr-x | example/jitter/arm.py | 3 | ||||
| -rwxr-xr-x | example/jitter/arm_sc.py | 7 | ||||
| -rwxr-xr-x | example/jitter/example_types.py | 54 | ||||
| -rwxr-xr-x | example/jitter/mips32.py | 9 | ||||
| -rwxr-xr-x | example/jitter/msp430.py | 9 | ||||
| -rw-r--r-- | example/jitter/run_with_linuxenv.py | 43 | ||||
| -rw-r--r-- | example/jitter/sandbox_elf_ppc32.py | 6 | ||||
| -rw-r--r-- | example/jitter/trace.py | 8 | ||||
| -rw-r--r-- | example/jitter/unpack_upx.py | 12 | ||||
| -rw-r--r-- | example/jitter/x86_32.py | 2 |
10 files changed, 87 insertions, 66 deletions
diff --git a/example/jitter/arm.py b/example/jitter/arm.py index e475abeb..86772874 100755 --- a/example/jitter/arm.py +++ b/example/jitter/arm.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function import logging from pdb import pm @@ -22,7 +23,7 @@ else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) # Run the code sb.run() diff --git a/example/jitter/arm_sc.py b/example/jitter/arm_sc.py index 7720ad68..b81d3784 100755 --- a/example/jitter/arm_sc.py +++ b/example/jitter/arm_sc.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from miasm2.core.utils import int_to_byte from miasm2.analysis.sandbox import Sandbox_Linux_armb_str from miasm2.analysis.sandbox import Sandbox_Linux_arml_str from elfesteem.strpatchwork import StrPatchwork @@ -35,8 +36,8 @@ stop = sb.jitter.cpu.R1 s = sb.jitter.vm.get_mem(start, stop-start) s = StrPatchwork(s) for i, c in enumerate(s): - s[i] = chr(ord(c)^0x11) -s = str(s) -assert(s == "test string\x00") + s[i] = int_to_byte(ord(c)^0x11) +s = bytes(s) +assert(s == b"test string\x00") diff --git a/example/jitter/example_types.py b/example/jitter/example_types.py index bcf9bf70..d0751bbd 100755 --- a/example/jitter/example_types.py +++ b/example/jitter/example_types.py @@ -4,7 +4,9 @@ For a more complete view of what is possible, tests/core/types.py covers most of the module possibilities, and the module doc gives useful information as well. """ +from __future__ import print_function +from miasm2.core.utils import iterbytes from miasm2.analysis.machine import Machine from miasm2.core.types import MemStruct, Self, Void, Str, Array, Ptr, \ Num, Array, set_allocator @@ -145,9 +147,9 @@ class DataStr(MemStruct): ] -print "This script demonstrates a LinkedList implementation using the types " -print "module in the first part, and how to play with some casts in the second." -print +print("This script demonstrates a LinkedList implementation using the types ") +print("module in the first part, and how to play with some casts in the second.") +print() # A random jitter # You can also use miasm2.jitter.VmMngr.Vm(), but it does not happen in real @@ -172,17 +174,17 @@ assert link.size == 3 # If you get it directly from the VM, it is updated as well raw_size = vm.get_mem(link.get_addr("size"), link.get_type() .get_field_type("size").size) -assert raw_size == '\x03\x00\x00\x00' +assert raw_size == b'\x03\x00\x00\x00' -print "The linked list just built:" -print repr(link), '\n' +print("The linked list just built:") +print(repr(link), '\n') -print "Its uninitialized data elements:" +print("Its uninitialized data elements:") for data in link: # __iter__ returns MemVoids here, just cast them to the real data type real_data = data.cast(DataArray) - print repr(real_data) -print + print(repr(real_data)) +print() # Now let's play with one data data = link.pop(DataArray) @@ -196,9 +198,9 @@ assert data.arrayptr.deref == data.array # Let's say that it is a DataStr: datastr = data.cast(DataStr) -print "First element casted to DataStr:" -print repr(datastr) -print +print("First element casted to DataStr:") +print(repr(datastr)) +print() # data and datastr really share the same memory: data.val1 = 0x34 @@ -212,29 +214,29 @@ memstr = datastr.data.deref # Note that memstr is Str("utf16") memstr.val = 'Miams' -print "Cast data.array to MemStr and set the string value:" -print repr(memstr) -print +print("Cast data.array to MemStr and set the string value:") +print(repr(memstr)) +print() # If you followed, memstr and data.array point to the same object, so: -raw_miams = '\x00'.join('Miams') + '\x00'*3 -raw_miams_array = [ord(c) for c in raw_miams] +raw_miams = 'Miams'.encode('utf-16le') + b'\x00'*2 +raw_miams_array = [ord(c) for c in iterbytes(raw_miams)] assert list(data.array)[:len(raw_miams_array)] == raw_miams_array assert data.array.cast(Str("utf16")) == memstr # Default is "ansi" assert data.array.cast(Str()) != memstr assert data.array.cast(Str("utf16")).val == memstr.val -print "See that the original array has been modified:" -print repr(data) -print +print("See that the original array has been modified:") +print(repr(data)) +print() # Some type manipulation examples, for example let's construct an argv for # a program: # Let's say that we have two arguments, +1 for the program name and +1 for the # final null ptr in argv, the array has 4 elements: argv_t = Array(Ptr("<I", Str()), 4) -print "3 arguments argv type:", argv_t +print("3 arguments argv type:", argv_t) # alloc argv somewhere argv = argv_t.lval(vm) @@ -249,10 +251,10 @@ argv[3].val = 0 # If you changed your mind on the second arg, you could do: argv[2].deref.val = "42" -print "An argv instance:", repr(argv) -print "argv values:", repr([val.deref.val for val in argv[:-1]]) -print +print("An argv instance:", repr(argv)) +print("argv values:", repr([val.deref.val for val in argv[:-1]])) +print() -print "See test/core/types.py and the miasm2.core.types module doc for " -print "more information." +print("See test/core/types.py and the miasm2.core.types module doc for ") +print("more information.") diff --git a/example/jitter/mips32.py b/example/jitter/mips32.py index 70181a2a..2eb06c87 100755 --- a/example/jitter/mips32.py +++ b/example/jitter/mips32.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function from argparse import ArgumentParser from miasm2.analysis import debugging from miasm2.jitter.csts import * @@ -44,12 +45,16 @@ def jit_mips32_binary(args): trace_new_blocks=args.log_newbloc ) - myjit.vm.add_memory_page(0, PAGE_READ | PAGE_WRITE, open(filepath).read()) + myjit.vm.add_memory_page( + 0, + PAGE_READ | PAGE_WRITE, + open(filepath, 'rb').read() + ) myjit.add_breakpoint(0x1337BEEF, code_sentinelle) # for stack - myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, "\x00"*0x1000) + myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, b"\x00"*0x1000) myjit.cpu.SP = 0xF800 diff --git a/example/jitter/msp430.py b/example/jitter/msp430.py index 36e45421..1ecb4cef 100755 --- a/example/jitter/msp430.py +++ b/example/jitter/msp430.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function from argparse import ArgumentParser from miasm2.analysis import debugging from miasm2.jitter.csts import * @@ -39,12 +40,16 @@ def jit_msp430_binary(args): trace_new_blocks=args.log_newbloc ) - myjit.vm.add_memory_page(0, PAGE_READ | PAGE_WRITE, open(filepath, "rb").read()) + myjit.vm.add_memory_page( + 0, + PAGE_READ | PAGE_WRITE, + open(filepath, "rb").read() + ) myjit.add_breakpoint(0x1337, lambda _: exit(0)) # for stack - myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, "\x00"*0x1000) + myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, b"\x00"*0x1000) myjit.cpu.SP = 0xF800 diff --git a/example/jitter/run_with_linuxenv.py b/example/jitter/run_with_linuxenv.py index f4900a96..fda76f9a 100644 --- a/example/jitter/run_with_linuxenv.py +++ b/example/jitter/run_with_linuxenv.py @@ -24,8 +24,8 @@ if args.verbose: syscall.log.setLevel(logging.DEBUG) # Get corresponding interpreter and reloc address -cont_target_tmp = Container.from_stream(open(args.target)) -ld_path = str(cont_target_tmp.executable.getsectionbyname(".interp").content).strip("\x00") +cont_target_tmp = Container.from_stream(open(args.target, 'rb')) +ld_path = bytes(cont_target_tmp.executable.getsectionbyname(".interp").content).strip(b"\x00") if cont_target_tmp.executable.Ehdr.type in [elf_csts.ET_REL, elf_csts.ET_DYN]: elf_base_addr = 0x40000000 elif cont_target_tmp.executable.Ehdr.type == elf_csts.ET_EXEC: @@ -52,29 +52,38 @@ else: # Load the interpreter in memory, applying relocation linux_env = LinuxEnvironment() -linux_env.filesystem.passthrough.append(re.compile(args.passthrough)) +linux_env.filesystem.passthrough.append(re.compile(args.passthrough.encode())) ld_path = linux_env.filesystem.resolve_path(ld_path) -cont_ld = Container.from_stream(open(ld_path), - vm=jitter.vm, - addr=0x80000000, - apply_reloc=True) +cont_ld = Container.from_stream( + open(ld_path, "rb"), + vm=jitter.vm, + addr=0x80000000, + apply_reloc=True +) # Load the target ELF in memory, without applying reloc loc_db = cont_ld.loc_db -cont_target = Container.from_stream(open(args.target), vm=jitter.vm, - loc_db=loc_db, - addr=elf_base_addr, - apply_reloc=False) +cont_target = Container.from_stream( + open(args.target, "rb"), + vm=jitter.vm, + loc_db=loc_db, + addr=elf_base_addr, + apply_reloc=False +) # PHDR containing the PH header -elf_phdr_header = [ph32.ph for ph32 in cont_target.executable.ph - if ph32.ph.type == elf_csts.PT_PHDR][0] +elf_phdr_header = next( + ph32.ph for ph32 in cont_target.executable.ph + if ph32.ph.type == elf_csts.PT_PHDR +) # Prepare the desired environment -argv = [args.target] + args.extra_args +argv = [args.target.encode()] + [arg.encode() for arg in args.extra_args] if args.flags: argv += ["-%s" % args.flags] -envp = {"PATH": "/usr/local/bin", "USER": linux_env.user_name} -auxv = environment.AuxVec(elf_base_addr + elf_phdr_header.vaddr, - cont_target.entry_point, linux_env) +envp = {b"PATH": b"/usr/local/bin", b"USER": linux_env.user_name} +auxv = environment.AuxVec( + elf_base_addr + elf_phdr_header.vaddr, + cont_target.entry_point, linux_env +) prepare_loader(jitter, argv, envp, auxv, linux_env) syscall.enable_syscall_handling(jitter, linux_env, syscall_callbacks) diff --git a/example/jitter/sandbox_elf_ppc32.py b/example/jitter/sandbox_elf_ppc32.py index c5960e8e..04ecfd9e 100644 --- a/example/jitter/sandbox_elf_ppc32.py +++ b/example/jitter/sandbox_elf_ppc32.py @@ -5,12 +5,6 @@ from miasm2.jitter.csts import * from miasm2.jitter.jitload import log_func import logging - -# Python auto completion -filename = os.environ.get('PYTHONSTARTUP') -if filename and os.path.isfile(filename): - execfile(filename) - # Insert here user defined methods # Parse arguments diff --git a/example/jitter/trace.py b/example/jitter/trace.py index e1683450..9f025bfd 100644 --- a/example/jitter/trace.py +++ b/example/jitter/trace.py @@ -6,6 +6,8 @@ This example demonstrates two instrumentation possibility: Note: for better performance, one can also extend Codegen to produce instrumentation at the C / LLVM level """ +from __future__ import print_function + import os import time from pdb import pm @@ -26,11 +28,11 @@ class ESETrackMemory(EmulatedSymbExec): def mem_read(self, expr_mem): value = super(ESETrackMemory, self).mem_read(expr_mem) - print "Read %s: %s" % (expr_mem, value) + print("Read %s: %s" % (expr_mem, value)) return value def mem_write(self, dest, data): - print "Write %s: %s" % (dest, data) + print("Write %s: %s" % (dest, data)) return super(ESETrackMemory, self).mem_write(dest, data) # Parse arguments @@ -55,4 +57,4 @@ sb.run() stop_time = time.time() assert sb.jitter.run is False -print "Instr speed: %02.f / sec" % (instr_count / (stop_time - start_time)) +print("Instr speed: %02.f / sec" % (instr_count / (stop_time - start_time))) diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index 6bcef1ab..5d862dd1 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -1,3 +1,4 @@ +from __future__ import print_function import os import logging from pdb import pm @@ -12,12 +13,12 @@ def kernel32_GetProcAddress(jitter): # When the function is called, EBX is a pointer to the destination buffer dst_ad = jitter.cpu.EBX - logging.info('EBX ' + hex(dst_ad)) + logging.error('EBX ' + hex(dst_ad)) # Handle ordinal imports fname = (args.fname if args.fname < 0x10000 else jitter.get_str_ansi(args.fname)) - logging.info(fname) + logging.error(fname) # Get the generated address of the library, and store it in memory to # dst_ad @@ -38,6 +39,7 @@ parser.add_argument("--graph", action="store_true") options = parser.parse_args() options.load_hdr = True + sb = Sandbox_Win_x86_32(options.filename, options, globals(), parse_reloc=False) @@ -48,7 +50,7 @@ else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) # Ensure there is one and only one leave (for OEP discovering) mdis = sb.machine.dis_engine(sb.jitter.bs) @@ -70,7 +72,7 @@ if options.graph is True: if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) def update_binary(jitter): @@ -114,4 +116,4 @@ sb.pe.NThdr.optentries[pe.DIRECTORY_ENTRY_DELAY_IMPORT].rva = 0 bname, fname = os.path.split(options.filename) fname = os.path.join(bname, fname.replace('.', '_')) -open(fname + '_unupx.bin', 'w').write(str(sb.pe)) +open(fname + '_unupx.bin', 'wb').write(bytes(sb.pe)) diff --git a/example/jitter/x86_32.py b/example/jitter/x86_32.py index 5272f732..2a73a2ad 100644 --- a/example/jitter/x86_32.py +++ b/example/jitter/x86_32.py @@ -20,7 +20,7 @@ def code_sentinelle(jitter): myjit = Machine("x86_32").jitter(args.jitter) myjit.init_stack() -data = open(args.filename).read() +data = open(args.filename, 'rb').read() run_addr = 0x40000000 myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data) |