From 321d298a5265e94fde00c3c8068dc87612ac1e5a Mon Sep 17 00:00:00 2001 From: William Bruneau Date: Tue, 22 Feb 2022 14:54:54 +0100 Subject: Add memory breakpoints in debugger and examples --- example/jitter/memory_breakpoint.py | 55 +++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 example/jitter/memory_breakpoint.py (limited to 'example/jitter/memory_breakpoint.py') diff --git a/example/jitter/memory_breakpoint.py b/example/jitter/memory_breakpoint.py new file mode 100644 index 00000000..fc41eae8 --- /dev/null +++ b/example/jitter/memory_breakpoint.py @@ -0,0 +1,55 @@ +from __future__ import print_function +import logging +from miasm.analysis.sandbox import Sandbox_Win_x86_32 +from miasm.core.locationdb import LocationDB +from miasm.jitter.csts import PAGE_WRITE, PAGE_READ, EXCEPT_BREAKPOINT_MEMORY + + +parser = Sandbox_Win_x86_32.parser(description="Displays accesses to a specified memory space") +parser.add_argument("filename", help="PE Filename") +parser.add_argument("memory_address", + help="Starting address of the memory space") +parser.add_argument("size", + help="Size of the address space") +parser.add_argument("--access", + help="Access type", + choices=["r", "w", "rw"], + default="rw") +options = parser.parse_args() + +# Create sandbox +loc_db = LocationDB() +sb = Sandbox_Win_x86_32(loc_db, options.filename, options, globals()) + +# Add a memory breakpoint +address = int(options.memory_address, 0) +size = int(options.size, 0) +access_type = 0 +if 'r' in options.access: + access_type |= PAGE_WRITE +if 'w' in options.access: + access_type |= PAGE_READ +sb.jitter.vm.add_memory_breakpoint(address, size, access_type) +# And add a custom handler for memory breakpoints +def memory_breakpoint_handler(jitter): + memory_read = jitter.vm.get_memory_read() + if len(memory_read) > 0: + print("Read at instruction 0x%s:" % jitter.pc) + for start_address, end_address in memory_read: + print("- from %s to %s" % (hex(start_address), hex(end_address))) + + memory_write = jitter.vm.get_memory_write() + if len(memory_write) > 0: + print("Write at instruction 0x%s:" % jitter.pc) + for start_address, end_address in memory_write: + print("- from %s to %s" % (hex(start_address), hex(end_address))) + + # Cleanup + jitter.vm.set_exception(jitter.vm.get_exception() ^ EXCEPT_BREAKPOINT_MEMORY) + jitter.vm.reset_memory_access() + + return True +sb.jitter.add_exception_handler(EXCEPT_BREAKPOINT_MEMORY, memory_breakpoint_handler) + +# Run +sb.run() -- cgit 1.4.1 From 35bb4bc0a147672c970962c187515ab67adf2212 Mon Sep 17 00:00:00 2001 From: William Bruneau Date: Wed, 23 Feb 2022 16:48:43 +0100 Subject: Add test for memory breakpoint example --- example/jitter/memory_breakpoint.py | 3 ++- test/test_all.py | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'example/jitter/memory_breakpoint.py') diff --git a/example/jitter/memory_breakpoint.py b/example/jitter/memory_breakpoint.py index fc41eae8..900b1621 100644 --- a/example/jitter/memory_breakpoint.py +++ b/example/jitter/memory_breakpoint.py @@ -48,7 +48,8 @@ def memory_breakpoint_handler(jitter): jitter.vm.set_exception(jitter.vm.get_exception() ^ EXCEPT_BREAKPOINT_MEMORY) jitter.vm.reset_memory_access() - return True + # Stop the jitter + return False sb.jitter.add_exception_handler(EXCEPT_BREAKPOINT_MEMORY, memory_breakpoint_handler) # Run diff --git a/test/test_all.py b/test/test_all.py index a49f6ff9..1ec49324 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -796,6 +796,11 @@ for jitter in ExampleJitter.jitter_engines: products=[Example.get_sample("box_upx_exe_unupx.bin")], tags=tags.get(jitter, [])) + testset += ExampleJitter(["memory_breakpoint.py", + Example.get_sample("box_upx.exe")] + + ["--jitter", jitter] + + ["-o", "0x401130", "0x100", "--access", "rw"], + tags=tags.get(jitter, [])) for script, dep in [(["x86_32.py", Example.get_sample("x86_32_sc.bin")], []), (["arm.py", Example.get_sample("md5_arm"), "--mimic-env"], -- cgit 1.4.1