diff options
Diffstat (limited to '')
| -rw-r--r-- | miasm2/analysis/binary.py | 24 | ||||
| -rw-r--r-- | miasm2/jitter/loader/elf.py | 18 | ||||
| -rw-r--r-- | miasm2/jitter/loader/pe.py | 10 |
3 files changed, 49 insertions, 3 deletions
diff --git a/miasm2/analysis/binary.py b/miasm2/analysis/binary.py index f5cecc87..c71c5e9b 100644 --- a/miasm2/analysis/binary.py +++ b/miasm2/analysis/binary.py @@ -88,6 +88,13 @@ class Container(object): def __init__(self, *args, **kwargs): "Alias for 'parse'" + # Init attributes + self._executable = None + self._bin_stream = None + self._entry_point = None + self._arch = None + + # Launch parsing self.parse(*args, **kwargs) @property @@ -105,14 +112,18 @@ class Container(object): "Return the detected entry_point" return self._entry_point + @property + def arch(self): + "Return the guessed architecture" + return self._arch + ## Format dependent classes class ContainerPE(Container): "Container abstraction for PE" - def parse(self, data, vm=None): - from miasm2.jitter.loader.pe import vm_load_pe, preload_pe + from miasm2.jitter.loader.pe import vm_load_pe, preload_pe, guess_arch from elfesteem import pe_init # Parse signature @@ -133,6 +144,9 @@ class ContainerPE(Container): self._executable.NTsig.signature_value != 0x4550: raise ContainerSignatureException() + # Guess the architecture + self._arch = guess_arch(self._executable) + # Build the bin_stream instance and set the entry point try: self._bin_stream = bin_stream_pe(self._executable.virt) @@ -146,7 +160,8 @@ class ContainerELF(Container): "Container abstraction for ELF" def parse(self, data, vm=None): - from miasm2.jitter.loader.elf import vm_load_elf, preload_elf + from miasm2.jitter.loader.elf import \ + vm_load_elf, preload_elf, guess_arch from elfesteem import elf_init # Parse signature @@ -162,6 +177,9 @@ class ContainerELF(Container): except Exception, error: raise ContainerParsingException('Cannot read ELF: %s' % error) + # Guess the architecture + self._arch = guess_arch(self._executable) + # Build the bin_stream instance and set the entry point try: self._bin_stream = bin_stream_elf(self._executable.virt) diff --git a/miasm2/jitter/loader/elf.py b/miasm2/jitter/loader/elf.py index 916b37c4..c0427e79 100644 --- a/miasm2/jitter/loader/elf.py +++ b/miasm2/jitter/loader/elf.py @@ -3,6 +3,8 @@ from collections import defaultdict from elfesteem import cstruct from elfesteem import * +import elfesteem.elf as elf_csts + from miasm2.jitter.csts import * from miasm2.jitter.loader.utils import canon_libname_libfunc, libimp from miasm2.core.interval import interval @@ -80,3 +82,19 @@ def vm_load_elf(vm, fdata, **kargs): class libimp_elf(libimp): pass + + +# machine, size, sex -> arch_name +ELF_machine = {(elf_csts.EM_ARM, 32, elf_csts.ELFDATA2LSB): "arml", + (elf_csts.EM_ARM, 32, elf_csts.ELFDATA2MSB): "armb", + (elf_csts.EM_MIPS, 32, elf_csts.ELFDATA2MSB): "mips32b", + (elf_csts.EM_MIPS, 32, elf_csts.ELFDATA2LSB): "mips32l", + (elf_csts.EM_386, 32, elf_csts.ELFDATA2LSB): "x86_32", + (elf_csts.EM_X86_64, 64, elf_csts.ELFDATA2LSB): "x86_64", + (elf_csts.EM_SH, 32, elf_csts.ELFDATA2LSB): "sh4", + } + +def guess_arch(elf): + """Return the architecture specified by the ELF container @elf. + If unknown, return None""" + return ELF_machine.get((elf.Ehdr.machine, elf.size, elf.sex), None) diff --git a/miasm2/jitter/loader/pe.py b/miasm2/jitter/loader/pe.py index a3834d03..7c11b9c5 100644 --- a/miasm2/jitter/loader/pe.py +++ b/miasm2/jitter/loader/pe.py @@ -406,3 +406,13 @@ class libimp_pe(libimp): all_ads = all_ads[i + 1:] return new_lib + +# machine -> arch +PE_machine = {0x14c: "x86_32", + 0x8664: "x86_64", + } + +def guess_arch(pe): + """Return the architecture specified by the PE container @pe. + If unknown, return None""" + return PE_machine.get(pe.Coffhdr.machine, None) |