diff options
Diffstat (limited to 'example')
33 files changed, 145 insertions, 63 deletions
diff --git a/example/asm/shellcode.py b/example/asm/shellcode.py index 67c882e9..d33d6231 100755 --- a/example/asm/shellcode.py +++ b/example/asm/shellcode.py @@ -83,7 +83,7 @@ with open(args.source) as fstream: loc_db = LocationDB() -asmcfg, loc_db = parse_asm.parse_txt(machine.mn, attrib, source, loc_db) +asmcfg = parse_asm.parse_txt(machine.mn, attrib, source, loc_db) # Fix shellcode addrs loc_db.set_location_offset(loc_db.get_name_location("main"), addr_main) diff --git a/example/asm/simple.py b/example/asm/simple.py index 8f6aac92..6197556b 100644 --- a/example/asm/simple.py +++ b/example/asm/simple.py @@ -4,10 +4,12 @@ from pprint import pprint from miasm.arch.x86.arch import mn_x86 from miasm.core import parse_asm, asmblock - +from miasm.core.locationdb import LocationDB # Assemble code -asmcfg, loc_db = parse_asm.parse_txt(mn_x86, 32, ''' +loc_db = LocationDB() +asmcfg = parse_asm.parse_txt( + mn_x86, 32, ''' main: MOV EAX, 1 MOV EBX, 2 @@ -20,7 +22,9 @@ loop: ADD EAX, ECX JZ loop RET -''') +''', + loc_db +) # Set 'main' loc_key's offset loc_db.set_location_offset(loc_db.get_name_location("main"), 0x0) diff --git a/example/disasm/callback.py b/example/disasm/callback.py index 1498b11e..eb999738 100644 --- a/example/disasm/callback.py +++ b/example/disasm/callback.py @@ -2,6 +2,7 @@ from __future__ import print_function from miasm.analysis.binary import Container from miasm.analysis.machine import Machine from miasm.core.asmblock import AsmConstraint +from miasm.core.locationdb import LocationDB def cb_x86_callpop(mdis, cur_bloc, offset_to_dis): @@ -50,8 +51,9 @@ shellcode = ( # Instantiate a x86 32 bit architecture machine = Machine("x86_32") -cont = Container.from_string(shellcode) -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) +loc_db = LocationDB() +cont = Container.from_string(shellcode, loc_db) +mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) print("Without callback:\n") asmcfg = mdis.dis_multiblock(0) diff --git a/example/disasm/dis_binary.py b/example/disasm/dis_binary.py index 37eabb14..af140f28 100644 --- a/example/disasm/dis_binary.py +++ b/example/disasm/dis_binary.py @@ -2,12 +2,14 @@ from __future__ import print_function import sys from miasm.analysis.binary import Container from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB fdesc = open(sys.argv[1], 'rb') +loc_db = LocationDB() # The Container will provide a *bin_stream*, bytes source for the disasm engine # It will prodive a view from a PE or an ELF. -cont = Container.from_stream(fdesc) +cont = Container.from_stream(fdesc, loc_db) # The Machine, instantiated with the detected architecture, will provide tools # (disassembler, etc.) to work with this architecture diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py index ff7a0d36..3facd74b 100644 --- a/example/disasm/dis_binary_ir.py +++ b/example/disasm/dis_binary_ir.py @@ -3,14 +3,16 @@ import sys from future.utils import viewvalues from miasm.analysis.binary import Container from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB ##################################### # Common section from dis_binary.py # ##################################### fdesc = open(sys.argv[1], 'rb') +loc_db = LocationDB() -cont = Container.from_stream(fdesc) +cont = Container.from_stream(fdesc, loc_db) machine = Machine(cont.arch) diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py index 3ecd5349..bfed3497 100644 --- a/example/disasm/dis_binary_ira.py +++ b/example/disasm/dis_binary_ira.py @@ -4,14 +4,16 @@ import sys from future.utils import viewvalues from miasm.analysis.binary import Container from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB ##################################### # Common section from dis_binary.py # ##################################### fdesc = open(sys.argv[1], 'rb') +loc_db = LocationDB() -cont = Container.from_stream(fdesc) +cont = Container.from_stream(fdesc, loc_db) machine = Machine(cont.arch) diff --git a/example/disasm/dis_x86_string.py b/example/disasm/dis_x86_string.py index 6d4e2c84..b944c6ad 100644 --- a/example/disasm/dis_x86_string.py +++ b/example/disasm/dis_x86_string.py @@ -1,16 +1,21 @@ from __future__ import print_function from miasm.analysis.binary import Container from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB # The Container will provide a *bin_stream*, bytes source for the disasm engine -cont = Container.from_string(b"\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3") +loc_db = LocationDB() +cont = Container.from_string( + b"\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3", + loc_db +) # Instantiate a x86 32 bit architecture machine = Machine("x86_32") # Instantiate a disassembler engine, using the previous bin_stream and its # associated location DB. -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) +mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) # Run a recursive traversal disassembling from address 0 asmcfg = mdis.dis_multiblock(0) diff --git a/example/disasm/full.py b/example/disasm/full.py index 57263a6f..9e739109 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -15,6 +15,7 @@ from miasm.expression.simplifications import expr_simp from miasm.analysis.ssa import SSADiGraph from miasm.ir.ir import AssignBlock, IRBlock from miasm.analysis.simplifier import IRCFGSimplifierCommon, IRCFGSimplifierSSA +from miasm.core.locationdb import LocationDB log = logging.getLogger("dis") console_handler = logging.StreamHandler() @@ -75,13 +76,20 @@ args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) +loc_db = LocationDB() log.info('Load binary') if args.rawbinary: - cont = Container.fallback_container(open(args.filename, "rb").read(), - vm=None, addr=args.base_address) + cont = Container.fallback_container( + open(args.filename, "rb").read(), + vm=None, addr=args.base_address, + loc_db=loc_db, + ) else: with open(args.filename, "rb") as fdesc: - cont = Container.from_stream(fdesc, addr=args.base_address) + cont = Container.from_stream( + fdesc, addr=args.base_address, + loc_db=loc_db, + ) default_addr = cont.entry_point bs = cont.bin_stream diff --git a/example/expression/access_c.py b/example/expression/access_c.py index c604a0bd..3cc8e6a2 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -55,6 +55,8 @@ from miasm.arch.x86.ctype import CTypeAMD64_unk from miasm.core.objc import ExprToAccessC, CHandler from miasm.core.objc import CTypesManagerNotPacked from miasm.core.ctypesmngr import CAstTypes, CTypePtr, CTypeStruct +from miasm.core.locationdb import LocationDB + def find_call(ircfg): """Returns (irb, index) which call""" @@ -116,6 +118,7 @@ class MyCHandler(CHandler): +loc_db = LocationDB() data = open(sys.argv[1], 'rb').read() # Digest C information text = """ @@ -143,12 +146,12 @@ cont = Container.fallback_container(data, None, addr=0) machine = Machine("x86_64") dis_engine, ira = machine.dis_engine, machine.ira -mdis = dis_engine(cont.bin_stream, loc_db=cont.loc_db) +mdis = dis_engine(cont.bin_stream, loc_db=loc_db) addr_head = 0 asmcfg = mdis.dis_multiblock(addr_head) -lbl_head = mdis.loc_db.get_offset_location(addr_head) +lbl_head = loc_db.get_offset_location(addr_head) -ir_arch_a = ira(mdis.loc_db) +ir_arch_a = ira(loc_db) ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg) open('graph_irflow.dot', 'w').write(ircfg.dot()) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 83eac728..edc23437 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -9,10 +9,13 @@ from miasm.expression.expression import * from miasm.core import asmblock from miasm.arch.x86.ira import ir_a_x86_32 from miasm.analysis.data_flow import DeadRemoval +from miasm.core.locationdb import LocationDB # First, asm code -asmcfg, loc_db = parse_asm.parse_txt(mn_x86, 32, ''' +loc_db = LocationDB() +asmcfg = parse_asm.parse_txt( + mn_x86, 32, ''' main: MOV EAX, 1 MOV EBX, 2 @@ -25,7 +28,9 @@ loop: ADD EAX, ECX JZ loop RET -''') +''', + loc_db +) loc_db.set_location_offset(loc_db.get_name_location("main"), 0x0) diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index 36a548c5..a5929eed 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -12,6 +12,8 @@ from miasm.analysis.cst_propag import propagate_cst_expr from miasm.analysis.data_flow import DeadRemoval, \ merge_blocks, remove_empty_assignblks from miasm.expression.simplifications import expr_simp +from miasm.core.locationdb import LocationDB + parser = ArgumentParser("Constant expression propagation") @@ -25,8 +27,9 @@ args = parser.parse_args() machine = Machine("x86_32") -cont = Container.from_stream(open(args.filename, 'rb')) -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) +loc_db = LocationDB() +cont = Container.from_stream(open(args.filename, 'rb'), loc_db) +mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) ir_arch = machine.ira(mdis.loc_db) addr = int(args.address, 0) deadrm = DeadRemoval(ir_arch) diff --git a/example/expression/export_llvm.py b/example/expression/export_llvm.py index 241a907d..a4c65787 100644 --- a/example/expression/export_llvm.py +++ b/example/expression/export_llvm.py @@ -6,18 +6,19 @@ from miasm.analysis.machine import Machine from miasm.jitter.llvmconvert import LLVMType, LLVMContext_IRCompilation, LLVMFunction_IRCompilation from llvmlite import ir as llvm_ir from miasm.expression.simplifications import expr_simp_high_to_explicit +from miasm.core.locationdb import LocationDB parser = ArgumentParser("LLVM export example") parser.add_argument("target", help="Target binary") parser.add_argument("addr", help="Target address") parser.add_argument("--architecture", "-a", help="Force architecture") args = parser.parse_args() - +loc_db = LocationDB() # This part focus on obtaining an IRCFG to transform # -cont = Container.from_stream(open(args.target, 'rb')) +cont = Container.from_stream(open(args.target, 'rb'), loc_db) machine = Machine(args.architecture if args.architecture else cont.arch) -ir = machine.ir(cont.loc_db) -dis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) +ir = machine.ir(loc_db) +dis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) asmcfg = dis.dis_multiblock(int(args.addr, 0)) ircfg = ir.new_ircfg_from_asmcfg(asmcfg) ircfg.simplify(expr_simp_high_to_explicit) diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index e7386e9e..4b428df7 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -10,6 +10,7 @@ from miasm.analysis.data_analysis import intra_block_flow_raw, inter_block_flow from miasm.core.graph import DiGraph from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.analysis.data_flow import DeadRemoval +from miasm.core.locationdb import LocationDB parser = ArgumentParser("Simple expression use for generating dataflow graph") @@ -126,19 +127,19 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): ad = int(args.addr, 16) - +loc_db = LocationDB() print('disasm...') -cont = Container.from_stream(open(args.filename, 'rb')) +cont = Container.from_stream(open(args.filename, 'rb'), loc_db) machine = Machine("x86_32") -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) +mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) mdis.follow_call = True asmcfg = mdis.dis_multiblock(ad) print('ok') print('generating dataflow graph for:') -ir_arch_analysis = machine.ira(mdis.loc_db) +ir_arch_analysis = machine.ira(loc_db) ircfg = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) deadrm = DeadRemoval(ir_arch_analysis) diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 2c654b77..3743bfad 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -15,6 +15,7 @@ from miasm.ir.symbexec import SymbolicExecutionEngine, get_block from miasm.expression.simplifications import expr_simp from miasm.core import parse_asm from miasm.ir.translators.translator import Translator +from miasm.core.locationdb import LocationDB machine = Machine("x86_32") @@ -79,24 +80,26 @@ def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): if __name__ == '__main__': - + loc_db = LocationDB() translator_smt2 = Translator.to_language("smt2") addr = int(options.address, 16) - cont = Container.from_stream(open(args[0], 'rb')) - mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) + cont = Container.from_stream(open(args[0], 'rb'), loc_db) + mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) ir_arch = machine.ir(mdis.loc_db) ircfg = ir_arch.new_ircfg() symbexec = SymbolicExecutionEngine(ir_arch) - asmcfg, loc_db = parse_asm.parse_txt(machine.mn, 32, ''' + asmcfg = parse_asm.parse_txt( + machine.mn, 32, ''' init: PUSH argv PUSH argc PUSH ret_addr ''', - loc_db=mdis.loc_db) + loc_db + ) argc_lbl = loc_db.get_name_location('argc') diff --git a/example/jitter/arm.py b/example/jitter/arm.py index daea2428..72fcbc49 100755 --- a/example/jitter/arm.py +++ b/example/jitter/arm.py @@ -5,6 +5,7 @@ import logging from pdb import pm from miasm.analysis.sandbox import Sandbox_Linux_arml +from miasm.core.locationdb import LocationDB # Get arguments parser = Sandbox_Linux_arml.parser(description="""Sandbox an elf binary with arm @@ -14,7 +15,8 @@ parser.add_argument('-v', "--verbose", help="verbose mode", action="store_true") options = parser.parse_args() # Prepare the sandbox -sb = Sandbox_Linux_arml(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_arml(loc_db, options.filename, options, globals()) # Handle 'verbose' option if options.verbose is True: diff --git a/example/jitter/arm_sc.py b/example/jitter/arm_sc.py index 9ff770ff..20118429 100755 --- a/example/jitter/arm_sc.py +++ b/example/jitter/arm_sc.py @@ -4,6 +4,7 @@ from miasm.core.utils import int_to_byte from miasm.analysis.sandbox import Sandbox_Linux_armb_str from miasm.analysis.sandbox import Sandbox_Linux_arml_str from miasm.loader.strpatchwork import StrPatchwork +from miasm.core.locationdb import LocationDB from pdb import pm @@ -23,7 +24,8 @@ elif options.endianness == 'l': else: raise ValueError("Bad endianness!") -sb = sandbox(options.filename, options, globals()) +loc_db = LocationDB() +sb = sandbox(loc_db, options.filename, options, globals()) if options.address is None: raise ValueError('invalid address') diff --git a/example/jitter/example_types.py b/example/jitter/example_types.py index 653adaf9..af44c6d8 100755 --- a/example/jitter/example_types.py +++ b/example/jitter/example_types.py @@ -11,6 +11,9 @@ from miasm.analysis.machine import Machine from miasm.core.types import MemStruct, Self, Void, Str, Array, Ptr, \ Num, Array, set_allocator from miasm.os_dep.common import heap +from miasm.core.locationdb import LocationDB + +loc_db = LocationDB() # Instantiate a heap my_heap = heap() @@ -154,7 +157,7 @@ print() # A random jitter # You can also use miasm.jitter.VmMngr.Vm(), but it does not happen in real # life scripts, so here is the usual way: -jitter = Machine("x86_32").jitter("python") +jitter = Machine("x86_32").jitter(loc_db, "python") vm = jitter.vm # Auto-allocated by my_heap. If you allocate memory at `addr`, diff --git a/example/jitter/mips32.py b/example/jitter/mips32.py index 4aeb576f..b84dc4e5 100755 --- a/example/jitter/mips32.py +++ b/example/jitter/mips32.py @@ -5,6 +5,8 @@ from argparse import ArgumentParser from miasm.analysis import debugging from miasm.jitter.csts import * from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB + parser = ArgumentParser( description="""Sandbox raw binary with mips32 engine @@ -34,8 +36,9 @@ def code_sentinelle(jitter): return True def jit_mips32_binary(args): + loc_db = LocationDB() filepath, entryp = args.binary, int(args.addr, 0) - myjit = machine.jitter(jit_type = args.jitter) + myjit = machine.jitter(loc_db, jit_type = args.jitter) myjit.init_stack() # Log level (if available with jitter engine) diff --git a/example/jitter/msp430.py b/example/jitter/msp430.py index 927fb47b..887985ba 100755 --- a/example/jitter/msp430.py +++ b/example/jitter/msp430.py @@ -5,6 +5,7 @@ from argparse import ArgumentParser from miasm.analysis import debugging from miasm.jitter.csts import * from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB parser = ArgumentParser( description="""Sandbox raw binary with msp430 engine @@ -29,8 +30,9 @@ parser.add_argument("addr", machine = Machine("msp430") def jit_msp430_binary(args): + loc_db = LocationDB() filepath, entryp = args.binary, int(args.addr, 0) - myjit = machine.jitter(jit_type = args.jitter) + myjit = machine.jitter(loc_db, jit_type = args.jitter) # Log level (if available with jitter engine) myjit.set_trace_log( diff --git a/example/jitter/run_with_linuxenv.py b/example/jitter/run_with_linuxenv.py index 9b17b172..9290e6a8 100644 --- a/example/jitter/run_with_linuxenv.py +++ b/example/jitter/run_with_linuxenv.py @@ -7,6 +7,7 @@ from miasm.loader import elf as elf_csts from miasm.os_dep.linux import environment, syscall from miasm.analysis.machine import Machine from miasm.analysis.binary import Container +from miasm.core.locationdb import LocationDB parser = ArgumentParser("Run an ELF in a Linux-like environment") parser.add_argument("target", help="Target ELF") @@ -23,8 +24,9 @@ args = parser.parse_args() if args.verbose: syscall.log.setLevel(logging.DEBUG) +loc_db = LocationDB() # Get corresponding interpreter and reloc address -cont_target_tmp = Container.from_stream(open(args.target, 'rb')) +cont_target_tmp = Container.from_stream(open(args.target, 'rb'), loc_db) ld_path = bytes(cont_target_tmp.executable.getsectionbyname(".interp").content).strip(b"\x00") if cont_target_tmp.executable.Ehdr.type in [elf_csts.ET_REL, elf_csts.ET_DYN]: elf_base_addr = 0x40000000 @@ -35,7 +37,7 @@ else: # Instantiate a jitter machine = Machine(cont_target_tmp.arch) -jitter = machine.jitter(args.jitter) +jitter = machine.jitter(loc_db, args.jitter) jitter.init_stack() # Get elements for the target architecture diff --git a/example/jitter/sandbox_call.py b/example/jitter/sandbox_call.py index 7d400b7d..6d24777a 100644 --- a/example/jitter/sandbox_call.py +++ b/example/jitter/sandbox_call.py @@ -5,16 +5,18 @@ from miasm.analysis.sandbox import Sandbox_Linux_arml from miasm.analysis.binary import Container from miasm.os_dep.linux_stdlib import linobjs from miasm.core.utils import hexdump +from miasm.core.locationdb import LocationDB # Parse arguments parser = Sandbox_Linux_arml.parser(description="ELF sandboxer") parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() -sb = Sandbox_Linux_arml(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_arml(loc_db, options.filename, options, globals()) with open(options.filename, "rb") as fdesc: - cont = Container.from_stream(fdesc) + cont = Container.from_stream(fdesc, loc_db) loc_key = cont.loc_db.get_name_location("md5_starts") addr_to_call = cont.loc_db.get_location_offset(loc_key) diff --git a/example/jitter/sandbox_elf_aarch64l.py b/example/jitter/sandbox_elf_aarch64l.py index 472b2354..7ad91118 100644 --- a/example/jitter/sandbox_elf_aarch64l.py +++ b/example/jitter/sandbox_elf_aarch64l.py @@ -1,6 +1,7 @@ import logging from pdb import pm from miasm.analysis.sandbox import Sandbox_Linux_aarch64l +from miasm.core.locationdb import LocationDB from miasm.jitter.jitload import log_func # Insert here user defined methods @@ -11,7 +12,8 @@ parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() # Create sandbox -sb = Sandbox_Linux_aarch64l(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_aarch64l(loc_db, options.filename, options, globals()) log_func.setLevel(logging.ERROR) diff --git a/example/jitter/sandbox_elf_ppc32.py b/example/jitter/sandbox_elf_ppc32.py index 829381fc..d59181de 100644 --- a/example/jitter/sandbox_elf_ppc32.py +++ b/example/jitter/sandbox_elf_ppc32.py @@ -1,6 +1,7 @@ import os from pdb import pm from miasm.analysis.sandbox import Sandbox_Linux_ppc32b +from miasm.core.locationdb import LocationDB from miasm.jitter.csts import * from miasm.jitter.jitload import log_func import logging @@ -13,7 +14,8 @@ parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() # Create sandbox -sb = Sandbox_Linux_ppc32b(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_ppc32b(loc_db, options.filename, options, globals()) log_func.setLevel(logging.ERROR) sb.run() diff --git a/example/jitter/sandbox_pe_x86_32.py b/example/jitter/sandbox_pe_x86_32.py index 263fad94..de7af95d 100644 --- a/example/jitter/sandbox_pe_x86_32.py +++ b/example/jitter/sandbox_pe_x86_32.py @@ -1,6 +1,6 @@ from pdb import pm from miasm.analysis.sandbox import Sandbox_Win_x86_32 - +from miasm.core.locationdb import LocationDB # Insert here user defined methods # Parse arguments @@ -9,7 +9,8 @@ parser.add_argument("filename", help="PE Filename") options = parser.parse_args() # Create sandbox -sb = Sandbox_Win_x86_32(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Win_x86_32(loc_db, options.filename, options, globals()) # Run sb.run() diff --git a/example/jitter/sandbox_pe_x86_64.py b/example/jitter/sandbox_pe_x86_64.py index 4d8f00ce..a168c325 100644 --- a/example/jitter/sandbox_pe_x86_64.py +++ b/example/jitter/sandbox_pe_x86_64.py @@ -1,5 +1,6 @@ from pdb import pm from miasm.analysis.sandbox import Sandbox_Win_x86_64 +from miasm.core.locationdb import LocationDB # Insert here user defined methods @@ -9,7 +10,8 @@ parser.add_argument("filename", help="PE Filename") options = parser.parse_args() # Create sandbox -sb = Sandbox_Win_x86_64(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Win_x86_64(loc_db, options.filename, options, globals()) # Run sb.run() diff --git a/example/jitter/test_x86_32_seh.py b/example/jitter/test_x86_32_seh.py index d29d3a22..e2c354a0 100644 --- a/example/jitter/test_x86_32_seh.py +++ b/example/jitter/test_x86_32_seh.py @@ -1,6 +1,7 @@ import os from pdb import pm from miasm.analysis.sandbox import Sandbox_Win_x86_32 +from miasm.core.locationdb import LocationDB from miasm.os_dep import win_api_x86_32_seh from miasm.jitter.csts import * @@ -42,7 +43,8 @@ options.usesegm = True options.use_windows_structs = True # Create sandbox -sb = Sandbox_Win_x86_32(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Win_x86_32(loc_db, options.filename, options, globals()) # Install Windows SEH callbacks sb.jitter.add_exception_handler(EXCEPT_ACCESS_VIOL, deal_exception_access_violation) diff --git a/example/jitter/trace.py b/example/jitter/trace.py index 46b313c1..968626f4 100644 --- a/example/jitter/trace.py +++ b/example/jitter/trace.py @@ -14,6 +14,7 @@ from pdb import pm from miasm.analysis.sandbox import Sandbox_Linux_arml from miasm.jitter.emulatedsymbexec import EmulatedSymbExec from miasm.jitter.jitcore_python import JitCore_Python +from miasm.core.locationdb import LocationDB # Function called at each instruction instr_count = 0 @@ -45,7 +46,8 @@ JitCore_Python.SymbExecClass = ESETrackMemory # Create sandbox, forcing Python jitter options.jitter = "python" -sb = Sandbox_Linux_arml(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_arml(loc_db, options.filename, options, globals()) # Force jit one instr per call, and register our callback sb.jitter.jit.set_options(jit_maxline=1, max_exec_per_call=1) diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index 2527f0c4..59f7389a 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -3,6 +3,7 @@ import os import logging from miasm.analysis.sandbox import Sandbox_Win_x86_32 from miasm.jitter.loader.pe import vm2pe +from miasm.core.locationdb import LocationDB from miasm.os_dep.common import get_win_str_a @@ -41,8 +42,11 @@ parser.add_argument("--graph", options = parser.parse_args() options.load_hdr = True -sb = Sandbox_Win_x86_32(options.filename, options, globals(), - parse_reloc=False) +loc_db = LocationDB() +sb = Sandbox_Win_x86_32( + loc_db, options.filename, options, globals(), + parse_reloc=False +) if options.verbose is True: @@ -54,7 +58,7 @@ if options.verbose is True: print(sb.jitter.vm) # Ensure there is one and only one leave (for OEP discovering) -mdis = sb.machine.dis_engine(sb.jitter.bs) +mdis = sb.machine.dis_engine(sb.jitter.bs, loc_db=loc_db) mdis.dont_dis_nulstart_bloc = True asmcfg = mdis.dis_multiblock(sb.entry_point) diff --git a/example/jitter/x86_32.py b/example/jitter/x86_32.py index cee9241a..427cd021 100644 --- a/example/jitter/x86_32.py +++ b/example/jitter/x86_32.py @@ -1,6 +1,7 @@ from argparse import ArgumentParser from miasm.jitter.csts import PAGE_READ, PAGE_WRITE from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB from pdb import pm @@ -16,8 +17,9 @@ def code_sentinelle(jitter): jitter.pc = 0 return True +loc_db = LocationDB() -myjit = Machine("x86_32").jitter(args.jitter) +myjit = Machine("x86_32").jitter(loc_db, args.jitter) myjit.init_stack() data = open(args.filename, 'rb').read() diff --git a/example/jitter/x86_64.py b/example/jitter/x86_64.py index 78d88c18..943f5624 100644 --- a/example/jitter/x86_64.py +++ b/example/jitter/x86_64.py @@ -2,6 +2,7 @@ from argparse import ArgumentParser from pdb import pm from miasm.jitter.csts import PAGE_READ, PAGE_WRITE, EXCEPT_SYSCALL from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB # Some syscalls often used by shellcodes @@ -76,8 +77,9 @@ if __name__ == "__main__": parser.add_argument("--verbose", "-v", action="store_true", help="Verbose mode") args = parser.parse_args() + loc_db = LocationDB() - myjit = Machine("x86_64").jitter(args.jitter) + myjit = Machine("x86_64").jitter(loc_db, args.jitter) myjit.init_stack() with open(args.filename, 'rb') as f: diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index c7b9017f..8285452e 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -10,6 +10,7 @@ from miasm.analysis.machine import Machine from miasm.analysis.binary import Container from miasm.analysis.depgraph import DependencyGraph from miasm.expression.expression import ExprMem, ExprId, ExprInt +from miasm.core.locationdb import LocationDB parser = ArgumentParser("Dependency grapher") parser.add_argument("filename", help="Binary to analyse") @@ -33,10 +34,10 @@ parser.add_argument("--json", help="Output solution in JSON", action="store_true") args = parser.parse_args() - +loc_db = LocationDB() # Get architecture with open(args.filename, "rb") as fstream: - cont = Container.from_stream(fstream) + cont = Container.from_stream(fstream, loc_db) arch = args.architecture if args.architecture else cont.arch machine = Machine(arch) @@ -50,8 +51,8 @@ for element in args.element: except KeyError: raise ValueError("Unknown element '%s'" % element) -mdis = machine.dis_engine(cont.bin_stream, dont_dis_nulstart_bloc=True) -ir_arch = machine.ira(mdis.loc_db) +mdis = machine.dis_engine(cont.bin_stream, dont_dis_nulstart_bloc=True, loc_db=loc_db) +ir_arch = machine.ira(loc_db) # Common argument forms init_ctx = {} diff --git a/example/symbol_exec/dse_crackme.py b/example/symbol_exec/dse_crackme.py index 82a7af08..e014ada2 100644 --- a/example/symbol_exec/dse_crackme.py +++ b/example/symbol_exec/dse_crackme.py @@ -21,6 +21,7 @@ from miasm.jitter.csts import PAGE_READ, PAGE_WRITE from miasm.analysis.sandbox import Sandbox_Linux_x86_64 from miasm.expression.expression import * from miasm.os_dep.win_api_x86_32 import get_win_str_a +from miasm.core.locationdb import LocationDB is_win = platform.system() == "Windows" @@ -75,7 +76,8 @@ parser.add_argument("--strategy", options = parser.parse_args() options.mimic_env = True options.command_line = ["%s" % TEMP_FILE.name] -sb = Sandbox_Linux_x86_64(options.filename, options, globals()) +loc_db = LocationDB() +sb = Sandbox_Linux_x86_64(loc_db, options.filename, options, globals()) # Init segment sb.jitter.ir_arch.do_stk_segm = True @@ -238,7 +240,7 @@ strategy = { "branch-cov": DSEPathConstraint.PRODUCE_SOLUTION_BRANCH_COV, "path-cov": DSEPathConstraint.PRODUCE_SOLUTION_PATH_COV, }[options.strategy] -dse = DSEPathConstraint(machine, produce_solution=strategy) +dse = DSEPathConstraint(machine, loc_db, produce_solution=strategy) # Attach to the jitter dse.attach(sb.jitter) diff --git a/example/symbol_exec/dse_strategies.py b/example/symbol_exec/dse_strategies.py index 3f968215..bcea2329 100644 --- a/example/symbol_exec/dse_strategies.py +++ b/example/symbol_exec/dse_strategies.py @@ -26,6 +26,7 @@ from miasm.analysis.machine import Machine from miasm.jitter.csts import PAGE_READ, PAGE_WRITE from miasm.analysis.dse import DSEPathConstraint from miasm.expression.expression import ExprMem, ExprId, ExprInt, ExprAssign +from miasm.core.locationdb import LocationDB # Argument handling parser = ArgumentParser("DSE Example") @@ -41,10 +42,12 @@ strategy = { "path-cov": DSEPathConstraint.PRODUCE_SOLUTION_PATH_COV, }[args.strategy] +loc_db = LocationDB() + # Map the shellcode run_addr = 0x40000 machine = Machine("x86_32") -jitter = machine.jitter("python") +jitter = machine.jitter(loc_db, "python") with open(args.filename, "rb") as fdesc: jitter.vm.add_memory_page( run_addr, @@ -72,7 +75,7 @@ jitter.push_uint32_t(ret_addr) jitter.init_run(run_addr) # Init a DSE instance with a given strategy -dse = DSEPathConstraint(machine, produce_solution=strategy) +dse = DSEPathConstraint(machine, loc_db, produce_solution=strategy) dse.attach(jitter) # Concretize everything except the argument dse.update_state_from_concrete() |