diff options
Diffstat (limited to 'miasm2/analysis')
| -rw-r--r-- | miasm2/analysis/data_analysis.py | 6 | ||||
| -rw-r--r-- | miasm2/analysis/depgraph.py | 6 | ||||
| -rw-r--r-- | miasm2/analysis/sandbox.py | 134 |
3 files changed, 82 insertions, 64 deletions
diff --git a/miasm2/analysis/data_analysis.py b/miasm2/analysis/data_analysis.py index 8462f150..9451a407 100644 --- a/miasm2/analysis/data_analysis.py +++ b/miasm2/analysis/data_analysis.py @@ -150,7 +150,7 @@ def inter_bloc_flow_link(ir_arch, flow_graph, todo, link_exec_to_data): x_nodes = tuple(sorted(list(irb.dst.get_r()))) todo = set() - for lbl_dst in ir_arch.g.successors(irb.label): + for lbl_dst in ir_arch.graph.successors(irb.label): todo.add((lbl_dst, tuple(current_nodes.items()), x_nodes)) # pp(('OUT', lbl, [(str(x[0]), str(x[1])) for x in current_nodes.items()])) @@ -166,7 +166,7 @@ def create_implicit_flow(ir_arch, flow_graph): while todo: lbl = todo.pop() irb = ir_arch.blocs[lbl] - for lbl_son in ir_arch.g.successors(irb.label): + for lbl_son in ir_arch.graph.successors(irb.label): if not lbl_son in ir_arch.blocs: print "cannot find bloc!!", lbl continue @@ -189,7 +189,7 @@ def create_implicit_flow(ir_arch, flow_graph): irb.in_nodes[n_r] = irb.label, 0, n_r node_n_r = irb.in_nodes[n_r] # print "###", node_n_r - for lbl_p in ir_arch.g.predecessors(irb.label): + for lbl_p in ir_arch.graph.predecessors(irb.label): todo.add(lbl_p) flow_graph.add_uniq_edge(node_n_r, node_n_w) diff --git a/miasm2/analysis/depgraph.py b/miasm2/analysis/depgraph.py index 838183bf..0a5d38aa 100644 --- a/miasm2/analysis/depgraph.py +++ b/miasm2/analysis/depgraph.py @@ -686,7 +686,6 @@ class DependencyGraph(object): def __init__(self, ira, implicit=False, apply_simp=True, follow_mem=True, follow_call=True): """Create a DependencyGraph linked to @ira - The IRA graph must have been computed @ira: IRAnalysis instance @implicit: (optional) Imply implicit dependencies @@ -702,9 +701,6 @@ class DependencyGraph(object): self._step_counter = itertools.count() self._current_step = next(self._step_counter) - # The IRA graph must be computed - assert hasattr(self._ira, 'g') - # Create callback filters. The order is relevant. self._cb_follow = [] if apply_simp: @@ -892,7 +888,7 @@ class DependencyGraph(object): def _get_previousblocks(self, label): """Return an iterator on predecessors blocks of @label, with their lengths""" - preds = self._ira.g.predecessors_iter(label) + preds = self._ira.graph.predecessors_iter(label) for pred_label in preds: length = len(self._get_irs(pred_label)) yield (pred_label, length) diff --git a/miasm2/analysis/sandbox.py b/miasm2/analysis/sandbox.py index b3184626..115fd521 100644 --- a/miasm2/analysis/sandbox.py +++ b/miasm2/analysis/sandbox.py @@ -1,13 +1,15 @@ +import os import logging from argparse import ArgumentParser from miasm2.analysis.machine import Machine -from miasm2.os_dep import win_api_x86_32_seh from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE from miasm2.analysis import debugging from miasm2.jitter.jitload import log_func + class Sandbox(object): + """ Parent class for Sandbox abstraction """ @@ -29,9 +31,9 @@ class Sandbox(object): yield base_cls - classes = property(lambda x:x.__class__._classes_()) + classes = property(lambda x: x.__class__._classes_()) - def __init__(self, fname, options, custom_methods = {}): + def __init__(self, fname, options, custom_methods={}, **kwargs): """ Initialize a sandbox @fname: str file name @@ -46,9 +48,9 @@ class Sandbox(object): if cls == Sandbox: continue if issubclass(cls, OS): - cls.__init__(self, custom_methods) + cls.__init__(self, custom_methods, **kwargs) else: - cls.__init__(self) + cls.__init__(self, **kwargs) # Logging options if self.options.singlestep: @@ -84,8 +86,11 @@ class Sandbox(object): parser.add_argument("-j", "--jitter", help="Jitter engine. Possible values are: tcc (default), llvm, python", default="tcc") - parser.add_argument('-q', "--quiet-function-calls", action="store_true", + parser.add_argument( + '-q', "--quiet-function-calls", action="store_true", help="Don't log function calls") + parser.add_argument('-i', "--dependencies", action="store_true", + help="Load PE and its dependencies") for base_cls in cls._classes_(): base_cls.update_parser(parser) @@ -121,11 +126,12 @@ class Sandbox(object): class OS(object): + """ Parent class for OS abstraction """ - def __init__(self, custom_methods): + def __init__(self, custom_methods, **kwargs): pass @classmethod @@ -134,13 +140,15 @@ class OS(object): class Arch(object): + """ Parent class for Arch abstraction """ # Architecture name _ARCH_ = None - def __init__(self): + + def __init__(self, **kwargs): self.machine = Machine(self._ARCH_) self.jitter = self.machine.jitter(self.options.jitter) @@ -155,10 +163,12 @@ class OS_Win(OS): "ole32.dll", "urlmon.dll", "ws2_32.dll", 'advapi32.dll', "psapi.dll", ] + modules_path = "win_dll" def __init__(self, custom_methods, *args, **kwargs): - from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs, preload_pe, libimp_pe - from miasm2.os_dep import win_api_x86_32 + from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\ + preload_pe, libimp_pe, vm_load_pe_and_dependencies + from miasm2.os_dep import win_api_x86_32, win_api_x86_32_seh methods = win_api_x86_32.__dict__ methods.update(custom_methods) @@ -169,20 +179,36 @@ class OS_Win(OS): self.libs = libs win_api_x86_32.winobjs.runtime_dll = libs + self.name2module = {} + fname_basename = os.path.basename(self.fname).lower() + + # Load main pe + with open(self.fname) as fstream: + self.pe = vm_load_pe(self.jitter.vm, fstream.read(), + load_hdr=self.options.load_hdr, **kwargs) + self.name2module[fname_basename] = self.pe + # Load library if self.options.loadbasedll: - all_pe = [] # Load libs in memory - all_pe = vm_load_pe_libs(self.jitter.vm, self.ALL_IMP_DLL, libs) + self.name2module.update(vm_load_pe_libs(self.jitter.vm, + self.ALL_IMP_DLL, + libs, + self.modules_path, + **kwargs)) # Patch libs imports - for pe in all_pe.values(): + for pe in self.name2module.itervalues(): preload_pe(self.jitter.vm, pe, libs) - # Load main pe - with open(self.fname) as fstream: - self.pe = vm_load_pe(self.jitter.vm, fstream.read()) + if self.options.dependencies: + vm_load_pe_and_dependencies(self.jitter.vm, + fname_basename, + self.name2module, + libs, + self.modules_path, + **kwargs) win_api_x86_32.winobjs.current_pe = self.pe @@ -194,20 +220,20 @@ class OS_Win(OS): # Manage SEH if self.options.use_seh: - win_api_x86_32_seh.main_pe_name = self.fname + win_api_x86_32_seh.main_pe_name = fname_basename win_api_x86_32_seh.main_pe = self.pe - win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL + win_api_x86_32.winobjs.hcurmodule = self.pe.NThdr.ImageBase + win_api_x86_32_seh.name2module = self.name2module win_api_x86_32_seh.init_seh(self.jitter) win_api_x86_32_seh.set_win_fs_0(self.jitter) - self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint) + self.entry_point = self.pe.rva2virt( + self.pe.Opthdr.AddressOfEntryPoint) @classmethod def update_parser(cls, parser): - parser.add_argument('-o', "--loadhdr", action="store_true", + parser.add_argument('-o', "--load-hdr", action="store_true", help="Load pe hdr") - parser.add_argument('-e', "--loadmainpe", action="store_true", - help="Load main pe") parser.add_argument('-y', "--use-seh", action="store_true", help="Use windows SEH") parser.add_argument('-l', "--loadbasedll", action="store_true", @@ -230,7 +256,7 @@ class OS_Linux(OS): self.libs = libimp_elf() with open(self.fname) as fstream: - self.elf = vm_load_elf(self.jitter.vm, fstream.read()) + self.elf = vm_load_elf(self.jitter.vm, fstream.read(), **kwargs) preload_elf(self.jitter.vm, self.elf, self.libs) self.entry_point = self.elf.Ehdr.entry @@ -238,7 +264,9 @@ class OS_Linux(OS): # Library calls handler self.jitter.add_lib_handler(self.libs, methods) + class OS_Linux_str(OS): + def __init__(self, custom_methods, *args, **kwargs): from miasm2.jitter.loader.elf import libimp_elf from miasm2.os_dep import linux_stdlib @@ -253,7 +281,8 @@ class OS_Linux_str(OS): data = open(self.fname).read() self.options.load_base_addr = int(self.options.load_base_addr, 0) - self.jitter.vm.add_memory_page(self.options.load_base_addr, PAGE_READ | PAGE_WRITE, data) + self.jitter.vm.add_memory_page( + self.options.load_base_addr, PAGE_READ | PAGE_WRITE, data) # Library calls handler self.jitter.add_lib_handler(libs, methods) @@ -264,16 +293,16 @@ class OS_Linux_str(OS): class Arch_x86(Arch): - _ARCH_ = None # Arch name + _ARCH_ = None # Arch name STACK_SIZE = 0x10000 STACK_BASE = 0x130000 - def __init__(self): - super(Arch_x86, self).__init__() + def __init__(self, **kwargs): + super(Arch_x86, self).__init__(**kwargs) if self.options.usesegm: - self.jitter.ir_arch.do_stk_segm= True - self.jitter.ir_arch.do_ds_segm= True + self.jitter.ir_arch.do_stk_segm = True + self.jitter.ir_arch.do_ds_segm = True self.jitter.ir_arch.do_str_segm = True self.jitter.ir_arch.do_all_segm = True @@ -282,11 +311,10 @@ class Arch_x86(Arch): self.jitter.stack_base = self.STACK_BASE self.jitter.init_stack() - @classmethod def update_parser(cls, parser): parser.add_argument('-s', "--usesegm", action="store_true", - help="Use segments") + help="Use segments") class Arch_x86_32(Arch_x86): @@ -302,34 +330,36 @@ class Arch_arml(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self): - super(Arch_arml, self).__init__() + def __init__(self, **kwargs): + super(Arch_arml, self).__init__(**kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE self.jitter.stack_base = self.STACK_BASE self.jitter.init_stack() + class Arch_armb(Arch): _ARCH_ = "armb" STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self): - super(Arch_armb, self).__init__() + def __init__(self, **kwargs): + super(Arch_armb, self).__init__(**kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE self.jitter.stack_base = self.STACK_BASE self.jitter.init_stack() + class Arch_aarch64l(Arch): _ARCH_ = "aarch64l" STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self): - super(Arch_aarch64l, self).__init__() + def __init__(self, **kwargs): + super(Arch_aarch64l, self).__init__(**kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -342,8 +372,8 @@ class Arch_aarch64b(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self): - super(Arch_aarch64b, self).__init__() + def __init__(self, **kwargs): + super(Arch_aarch64b, self).__init__(**kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -351,7 +381,6 @@ class Arch_aarch64b(Arch): self.jitter.init_stack() - class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): def __init__(self, *args, **kwargs): @@ -366,8 +395,7 @@ class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): """ If addr is not set, use entrypoint """ @@ -391,8 +419,7 @@ class Sandbox_Win_x86_64(Sandbox, Arch_x86_64, OS_Win): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): """ If addr is not set, use entrypoint """ @@ -415,8 +442,7 @@ class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): """ If addr is not set, use entrypoint """ @@ -440,8 +466,7 @@ class Sandbox_Linux_x86_64(Sandbox, Arch_x86_64, OS_Linux): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): """ If addr is not set, use entrypoint """ @@ -460,12 +485,12 @@ class Sandbox_Linux_arml(Sandbox, Arch_arml, OS_Linux): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): if addr is None and self.options.address is not None: addr = int(self.options.address, 16) super(Sandbox_Linux_arml, self).run(addr) + class Sandbox_Linux_armb_str(Sandbox, Arch_armb, OS_Linux_str): def __init__(self, *args, **kwargs): @@ -476,8 +501,7 @@ class Sandbox_Linux_armb_str(Sandbox, Arch_armb, OS_Linux_str): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): if addr is None and self.options.address is not None: addr = int(self.options.address, 0) super(Sandbox_Linux_armb_str, self).run(addr) @@ -493,8 +517,7 @@ class Sandbox_Linux_arml_str(Sandbox, Arch_arml, OS_Linux_str): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): if addr is None and self.options.address is not None: addr = int(self.options.address, 0) super(Sandbox_Linux_arml_str, self).run(addr) @@ -510,8 +533,7 @@ class Sandbox_Linux_aarch64l(Sandbox, Arch_aarch64l, OS_Linux): # Set the runtime guard self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle) - - def run(self, addr = None): + def run(self, addr=None): if addr is None and self.options.address is not None: addr = int(self.options.address, 0) super(Sandbox_Linux_aarch64l, self).run(addr) |