Beispiel #1
0
 def load_elf_interp(self, p, interp):
     for k, f in p.bin._Elf__dynamic(None).items():
         xf = cpu.ext(f, size=32)
         xf.stub = self.stub(xf.ref)
         p.state.mmap.write(k, xf)
     # we want to add .plt addresses as symbols as well
     # to improve asm block views:
     plt = got = None
     for s in p.bin.Shdr:
         if s.name=='.plt':
             plt = s
         elif s.name=='.got':
             got = s
     if plt and got:
         address = plt.sh_addr
         pltco = p.bin.readsection(plt)
         while(pltco):
             i = p.cpu.disassemble(pltco)
             if i.mnemonic=='JMP' and i.operands[0]._is_mem:
                 target = i.operands[0].a
                 if target.base is p.cpu.pc:
                     target = address+target.disp
                 elif target.base._is_reg:
                     target = got.sh_addr+target.disp
                 elif target.base._is_cst:
                     target = target.base.value+target.disp
                 if target in p.bin.functions:
                     p.bin.functions[address] = p.bin.functions[target]
             pltco = pltco[i.length:]
             address += i.length
Beispiel #2
0
 def load_elf_interp(self, p, interp):
     for k, f in p.bin._Elf__dynamic(None).items():
         xf = cpu.ext(f, size=32, task=p)
         xf.stub = self.stub(xf.ref)
         p.state.mmap.write(k, xf)
     # we want to add .plt addresses as symbols as well
     # to improve asm block views:
     plt = got = None
     for s in p.bin.Shdr:
         if s.name == '.plt':
             plt = s
         elif s.name == '.got':
             got = s
     if plt and got:
         address = p.cpu.cst(plt.sh_addr, 32)
         thunk = address.value
         pltco = p.bin.readsection(plt)
         # we assume that plt code is not in Thumb...
         mode = p.cpu.internals['isetstate']
         p.cpu.internals['isetstate'] = 0
         m = None
         while (pltco):
             i = p.cpu.disassemble(pltco)
             if i is None:
                 pltco = pltco[4:]
                 address += 4
                 continue
             if i.mnemonic == 'ADR':
                 thunk = address.value
                 m = p.state.__class__()
                 m[p.cpu.pc_] = address
                 m[p.cpu.pc] = address + 4
             if m is not None:
                 i(m)
                 target = p.state(m(p.cpu.pc))
                 if target._is_ext:
                     p.bin.functions[thunk] = target.ref
             pltco = pltco[i.length:]
             address += i.length
         #restore mode:
         p.cpu.internals['isetstate'] = mode
Beispiel #3
0
 def load_elf_interp(self,p,interp):
     for k,f in p.bin._Elf__dynamic(None).items():
         xfunc = cpu.ext(f,size=32)
         xfunc.stub = p.OS.stub(f)
         p.state.mmap.write(k,xfunc)
Beispiel #4
0
 def load_shlib(self):
     for k, f in self.bin._Elf32__dynamic(None).iteritems():
         self.mmap.write(k, cpu.ext(f, size=32))
Beispiel #5
0
 def load_shlib(self):
     for k,f in self.bin._Elf32__dynamic(None).iteritems():
         self.mmap.write(k,cpu.ext(f,size=32))
Beispiel #6
0
def libc_start_main(m, **kargs):
    "tags: func_call"
    m[cpu.pc] = m(cpu.mem(cpu.sp + 4, 32))
    cpu.push(m, cpu.ext("exit", size=32))