Beispiel #1
0
 def __init__(self, filename):
     from amoco.system.loader import read_program
     self.rom = read_program(filename)
     self.ivt = IVT(self.rom, offset=self.IVT_offset)
     assert self.ivt.self != 0
     ILR = DataIO(self.rom[0:4096])
     RawExec.__init__(self, ILR, cpu=cpu_armv7)
     start = self.ivt.self - self.IVT_offset
     self.relocate(start)
     if self.ivt.boot_data:
         self.boot_data = BootData(self.mmap, self.ivt.boot_data)
         off = self.boot_data.start - start
         data = self.rom[off:off + self.boot_data.size]
     self.mmap.write(self.boot_data.start, data)
     assert self.ivt.csf
     self.csf = CSF(self.mmap, self.ivt.csf)
Beispiel #2
0
def load_program(f):
    '''
    Detects program format header (ELF/PE), and *maps* the program in abstract
    memory, loading the associated "system" (linux/win) and "arch" (x86/arm),
    based header informations.

    Arguments:
        f (str):

    Returns:
        an ELF, PE or RawExec system instance
    '''

    p = read_program(f)

    if isinstance(p, (elf.Elf32, elf.Elf64)):

        if p.Ehdr.e_machine == elf.EM_386:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS32 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x86 import ELF
                logger.info("linux_x86 program created")
                return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_X86_64:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS64 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x64 import ELF
                logger.info("linux_x64 program created")
                return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_ARM:
            from amoco.system.linux_arm import ELF
            logger.info("linux_arm program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_SPARC:
            from amoco.system.leon2 import ELF
            logger.info("leon2 program created")
            return ELF(p)
        else:
            logger.error(u'machine type not supported:\n%s' % p.Ehdr)
            raise ValueError

    elif isinstance(p, pe.PE):

        if p.NT.Machine == pe.IMAGE_FILE_MACHINE_I386:
            from amoco.system.win32 import PE
            logger.info("win32 program created")
            return PE(p)
        elif p.NT.Machine == pe.IMAGE_FILE_MACHINE_AMD64:
            from amoco.system.win64 import PE
            logger.info("win64 program created")
            return PE(p)
        else:
            logger.error('machine type not supported')
            raise ValueError

    else:
        assert isinstance(p, DataIO)
        from amoco.system.raw import RawExec
        return RawExec(p)
Beispiel #3
0
def load_program(file):

    p = read_program(file)

    if isinstance(p,(elf.Elf32,elf.Elf64)):

        if p.Ehdr.e_machine==elf.EM_386:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS32 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x86 import ELF
                logger.info("linux_x86 program created")
                return ELF(p)
        elif p.Ehdr.e_machine==elf.EM_X86_64:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS64 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x64 import ELF
                logger.info("linux_x64 program created")
                return ELF(p)
        elif p.Ehdr.e_machine==elf.EM_ARM:
            from amoco.system.linux_arm import ELF
            logger.info("linux_arm program created")
            return ELF(p)
        elif p.Ehdr.e_machine==elf.EM_SPARC:
            from amoco.system.leon2 import ELF
            logger.info("leon2 program created")
            return ELF(p)
        else:
            logger.error('machine type not supported:\n%s'%p.Ehdr)
            raise ValueError

    elif isinstance(p,pe.PE):

        if p.NT.Machine==pe.IMAGE_FILE_MACHINE_I386:
            from amoco.system.win32 import PE
            logger.info("win32 program created")
            return PE(p)
        elif p.NT.Machine==pe.IMAGE_FILE_MACHINE_AMD64:
            from amoco.system.win64 import PE
            logger.info("win64 program created")
            return PE(p)
        else:
            logger.error('machine type not supported')
            raise ValueError

    else:
        assert isinstance(p,DataIO)
        from amoco.system.raw import RawExec
        return RawExec(p)
Beispiel #4
0
 def __init__(self, p):
     RawExec.__init__(self, p, cpu)
Beispiel #5
0
def test_raw_001(samples):
    for f in samples:
        if f[-4:] == '.raw':
            p = RawExec(DataIO(open(f, 'rb')))
Beispiel #6
0
def test_raw_002(sc1):
    p = RawExec(DataIO(sc1))
Beispiel #7
0
def load_program(f, cpu=None):
    '''
    Detects program format header (ELF/PE), and *maps* the program in abstract
    memory, loading the associated "system" (linux/win) and "arch" (x86/arm),
    based header informations.

    Arguments:
        f (str): the program filename or string of bytes.

    Returns:
        an ELF/CoreExec, PE/CoreExec or RawExec system instance
    '''

    p = read_program(f)

    if isinstance(p, (elf.Elf32, elf.Elf64)):

        if p.Ehdr.e_machine == elf.EM_386:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS32 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x86 import ELF
                logger.info("linux_x86 program created")
                return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_X86_64:
            if p.Ehdr.e_ident['EI_CLASS']==elf.ELFCLASS64 and \
               p.Ehdr.e_ident['EI_DATA']==elf.ELFDATA2LSB:
                from amoco.system.linux_x64 import ELF
                logger.info("linux_x64 program created")
                return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_ARM:
            from amoco.system.linux_arm import ELF
            logger.info("linux_arm program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_AARCH64:
            from amoco.system.linux_arm64 import ELF
            logger.info("linux_arm64 program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_SPARC:
            from amoco.system.leon2 import ELF
            logger.info("leon2 program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_AVR:
            from amoco.system.avr import ELF
            logger.info("AVR program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_RISCV:
            from amoco.system.riscv import ELF
            logger.info("RISC-V program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_BPF:
            from amoco.system.ebpf import ELF
            logger.info("EBPF program created")
            return ELF(p)
        elif p.Ehdr.e_machine == elf.EM_SH:
            from amoco.system.linux_j2core import ELF
            logger.info("J2 core (SH-2A) program created")
            return ELF(p)
        else:
            logger.error(u'machine type not supported:\n%s' % p.Ehdr)
            return None

    elif isinstance(p, pe.PE):

        if p.NT.Machine == pe.IMAGE_FILE_MACHINE_I386:
            from amoco.system.win32 import PE
            logger.info("win32 program created")
            return PE(p)
        elif p.NT.Machine == pe.IMAGE_FILE_MACHINE_AMD64:
            from amoco.system.win64 import PE
            logger.info("win64 program created")
            return PE(p)
        else:
            logger.error('machine type not supported')
            return None

    else:
        assert isinstance(p, (utils.HEX, DataIO))
        from amoco.system.raw import RawExec
        return RawExec(p, cpu)
Beispiel #8
0
def test_raw_001(samples):
    for filename in samples:
        if filename[-4:] == '.raw':
            with open(filename, 'rb') as f:
                p = RawExec(DataIO(f))
Beispiel #9
0
def test_raw_002(sc1):
    p = RawExec(shellcode(DataIO(sc1)))