diff options
Diffstat (limited to 'miasm/tools')
| -rw-r--r-- | miasm/tools/emul_lib/libcodenat.c | 48 | ||||
| -rw-r--r-- | miasm/tools/emul_lib/libcodenat.h | 26 | ||||
| -rw-r--r-- | miasm/tools/seh_helper.py | 11 | ||||
| -rw-r--r-- | miasm/tools/to_c_helper.py | 31 | ||||
| -rw-r--r-- | miasm/tools/win_api.py | 3 |
5 files changed, 102 insertions, 17 deletions
diff --git a/miasm/tools/emul_lib/libcodenat.c b/miasm/tools/emul_lib/libcodenat.c index ba491e16..2030c66a 100644 --- a/miasm/tools/emul_lib/libcodenat.c +++ b/miasm/tools/emul_lib/libcodenat.c @@ -781,11 +781,26 @@ int rcl_rez_op(unsigned int size, unsigned int a, unsigned int b, unsigned int c { uint64_t tmp; - tmp = (cf << size) | a; size++; b %= size; + if (b == 0) { + switch(size){ + case 8+1: + return a&0xff; + case 16+1: + return a&0xffff; + case 32+1: + return a&0xffffffff; + default: + fprintf(stderr, "inv size in rclleft %d\n", size); + exit(0); + } + } + + tmp = (a<<1) | cf; + b -=1; switch(size){ case 8+1: tmp = (tmp << b) | ((tmp&0x1FF) >> (size-b)); @@ -1567,7 +1582,6 @@ void _vm_init_regs() } - unsigned int _get_memory_page_max_address_py(void) { unsigned int ret; @@ -1589,7 +1603,37 @@ unsigned int _get_memory_page_from_min_ad_py(unsigned int size) return ret; } +unsigned int access_segment(unsigned int d) +{ + // XXX TODO + printf("access segment %X\n", d); + return 0; +} +unsigned int access_segment_ok(unsigned int d) +{ + // XXX TODO + printf("access segment ok %X\n", d); + return 0; +} +unsigned int load_segment_limit(unsigned int d) +{ + // XXX TODO + printf("load segment limit %X\n", d); + return 0; +} +unsigned int load_segment_limit_ok(unsigned int d) +{ + // XXX TODO + printf("load segment limit ok %X\n", d); + return 0; +} + +unsigned int load_tr_segment_selector(unsigned int d) +{ + // XXX TODO + return 0; +} //#include "libcodenat_interface.c" diff --git a/miasm/tools/emul_lib/libcodenat.h b/miasm/tools/emul_lib/libcodenat.h index d0f4930a..b7c0360b 100644 --- a/miasm/tools/emul_lib/libcodenat.h +++ b/miasm/tools/emul_lib/libcodenat.h @@ -236,6 +236,25 @@ typedef struct { uint64_t pfmem64_6; uint64_t pfmem64_7; + + uint64_t mm0; + uint64_t mm1; + uint64_t mm2; + uint64_t mm3; + uint64_t mm4; + uint64_t mm5; + uint64_t mm6; + uint64_t mm7; + + uint64_t mm0_new; + uint64_t mm1_new; + uint64_t mm2_new; + uint64_t mm3_new; + uint64_t mm4_new; + uint64_t mm5_new; + uint64_t mm6_new; + uint64_t mm7_new; + uint32_t segm_base[0x10000]; }vm_cpu_t; @@ -514,6 +533,13 @@ double fadd(double a, double b); unsigned int double_to_mem_32(double d); uint64_t double_to_mem_64(double d); +unsigned int access_segment(unsigned int d); +unsigned int access_segment_ok(unsigned int d); + +unsigned int load_segment_limit(unsigned int d); +unsigned int load_segment_limit_ok(unsigned int d); + +unsigned int load_tr_segment_selector(unsigned int d); #define shift_right_arith_08(a, b)\ ((((char)(a)) >> ((int)(b)&0x1f))&0xff) diff --git a/miasm/tools/seh_helper.py b/miasm/tools/seh_helper.py index efdd7191..2ca499f2 100644 --- a/miasm/tools/seh_helper.py +++ b/miasm/tools/seh_helper.py @@ -297,10 +297,12 @@ def create_modules_chain(modules_name): bpath = fname.replace('/', '\\') bname = os.path.split(fname)[1].lower() bname = "\x00".join(bname)+"\x00" - print "add module", repr(bname), repr(bpath) + #print "add module", repr(bname), repr(bpath) #print hex(InInitializationOrderModuleList_address+i*0x1000) if e == None: e = pe_init.PE(open(fname, 'rb').read()) + print "add module", hex(e.NThdr.ImageBase), repr(bname) + modules_info[bname] = addr, e m_o = "" @@ -361,7 +363,7 @@ def fix_InLoadOrderModuleList(module_info): e, bname, addr = olist[i] p_e, p_bname, p_addr = olist[(i-1)%len(olist)] n_e, n_bname, n_addr = olist[(i+1)%len(olist)] - vm_set_mem(addr+0, pdw(p_addr)+pdw(n_addr)) + vm_set_mem(addr+0, pdw(n_addr)+pdw(p_addr)) @@ -397,7 +399,7 @@ def fix_InInitializationOrderModuleList(module_info): e, bname, addr = olist[i] p_e, p_bname, p_addr = olist[(i-1)%len(olist)] n_e, n_bname, n_addr = olist[(i+1)%len(olist)] - vm_set_mem(addr+0x10, pdw(p_addr)+pdw(n_addr)) + vm_set_mem(addr+0x10, pdw(n_addr+0x10)+pdw(p_addr+0x10)) def add_process_env(): @@ -478,11 +480,12 @@ def build_fake_InLoadOrderModuleList(modules_name): fname, e = m, None bname = os.path.split(fname)[1].lower() bname = "\x00".join(bname)+"\x00" - print "add module", repr(bname) print hex(InLoadOrderModuleList_address+i*0x1000) if e == None: e = pe_init.PE(open(fname, 'rb').read()) + print "add module", hex(e.NThdr.ImageBase), repr(bname) + next_ad = InLoadOrderModuleList_address + (i+1)*0x1000 if i == len(modules_name) -1: next_ad = InLoadOrderModuleList_address diff --git a/miasm/tools/to_c_helper.py b/miasm/tools/to_c_helper.py index d8d77db1..bbfe9bde 100644 --- a/miasm/tools/to_c_helper.py +++ b/miasm/tools/to_c_helper.py @@ -210,6 +210,15 @@ my_C_id = [ pfmem64_6, pfmem64_7, + mm0, + mm1, + mm2, + mm3, + mm4, + mm5, + mm6, + mm7, + ] float_id_e = [ @@ -1163,11 +1172,8 @@ def load_pe_in_vm(fname_in, options, all_imp_dll = None, **kargs): from miasm.tools import pe_helper from miasm.tools import codenat - parse_resources = True - if 'parse_resources' in kargs: - parse_resources = kargs['parse_resources'] e = pe_init.PE(open(fname_in, 'rb').read(), - parse_resources = parse_resources) + parse_resources = options.parse_resources) vm_init_regs() init_memory_page_pool_py() @@ -1250,19 +1256,25 @@ def load_pe_in_vm(fname_in, options, all_imp_dll = None, **kargs): return e, in_str, runtime_dll, segm_to_do, symbol_pool -def vm2pe(fname, runtime_dll = None, e_orig = None, max_addr = 1<<64): +def vm2pe(fname, runtime_dll = None, e_orig = None, max_addr = 1<<64, min_addr = 0x401000, min_section_offset = 0x1000): from elfesteem import pe mye = pe_init.PE() + mye.NThdr.ImageBase = e_orig.NThdr.ImageBase all_mem = vm_get_all_memory() - min_addr = 0x401000 addrs = all_mem.keys() addrs.sort() mye.Opthdr.AddressOfEntryPoint = mye.virt2rva(vm_get_gpreg()['eip']) + first = True for ad in addrs: if not min_addr <= ad < max_addr: continue - mye.SHList.add_section("%.8X"%ad, addr = ad - mye.NThdr.ImageBase, data = all_mem[ad]['data']) + if first: + mye.SHList.add_section("%.8X"%ad, addr = ad - mye.NThdr.ImageBase, data = all_mem[ad]['data'], + offset = min_section_offset) + else: + mye.SHList.add_section("%.8X"%ad, addr = ad - mye.NThdr.ImageBase, data = all_mem[ad]['data']) + first = False if runtime_dll: new_dll = runtime_dll.gen_new_lib(mye) @@ -1271,15 +1283,14 @@ def vm2pe(fname, runtime_dll = None, e_orig = None, max_addr = 1<<64): s_imp = mye.SHList.add_section("import", rawsize = len(mye.DirImport)) mye.DirImport.set_rva(s_imp.addr) - + print repr(mye.SHList) if e_orig: # resource xx = str(mye) mye.content = xx - ad = e_orig.rva2virt(e_orig.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva) + ad = e_orig.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva print 'dirres', hex(ad) if ad != 0: - ad = mye.virt2rva(ad) mye.NThdr.optentries[pe.DIRECTORY_ENTRY_RESOURCE].rva = ad mye.DirRes = pe.DirRes.unpack(xx,ad,mye) #print repr(mye.DirRes) diff --git a/miasm/tools/win_api.py b/miasm/tools/win_api.py index 741f1c7f..8eb62e95 100644 --- a/miasm/tools/win_api.py +++ b/miasm/tools/win_api.py @@ -1171,7 +1171,7 @@ def kernel32_GetCommandLineA(): print whoami(), hex(ret_ad) s = winobjs.module_path - + s = '"%s"'%s alloc_addr = get_next_alloc_addr(0x1000) vm_add_memory_page(alloc_addr, PAGE_READ|PAGE_WRITE, s) @@ -1963,6 +1963,7 @@ def my_GetEnvironmentVariable(funcname, get_str, set_str, mylen): s = get_str(lpname) if get_str == get_str_unic: s = s[::2] + print 'variable', repr(s) if s in winobjs.env_variables: v = set_str(winobjs.env_variables[s]) else: |