blob: f1844748ed36fd3cbe28bfbce65ee3bd2dad200f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
reverse engineering framework in python
What is Miasm?
Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm
aims at analyzing/modifying/generating binary programs. Here is a non exhausting
list of features:
opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem
Assembling/Disassembling ia32/ppc/arm
Representing assembly semantic using intermediate language
Emulating using jit (dynamic code analysis, unpacking, ...)
Expression simplification for automatic de-obfuscation
Graphic disassembler using Grandalf
...
How does it work?
Miasm embed its own disassembler, intermediate language and instruction
semantic. It is written in Python.
To emulate code, it uses libtcc to jit C code generate from intermediate
representation. It can emulate shellcodes, parts of binaries. Python callback
can be executed to emulate library functions.
Documentation
Documentation can be found under =doc/=.
Obtain Miasm
clone repo: http://code.google.com/p/smiasm/
Software requirements
Miasm uses:
Grandalf (https://github.com/bdcht/grandalf) in order to render graphical
disassembler.
Modified libtcc (http://bellard.org/tcc/) to Jit code for emulation
mode. see below
python-ply for parsing
numpy
python-virtualenv
python-dev
python-qt4
Configuration
The libtcc needs a little fix in makefile to be used on 64bit systems
remove libtcc-dev from the system to avoid conflicts
clone http://repo.or.cz/w/tinycc.git
edit makefile
add option -fPIC to the CFLAGS definition
./configure && make && make install
clone grandalf repository
set path:
$ export PYTHONPATH=$PYTHONPATH:path_to_miasm:path_to_elfesteem
Compile miasm emulation library:
$ cd tools/emul_lib
$ make
Misc
Man, does miasm has a link with rr0d?
Yes! crappy code and uggly documentation.
|