def search_gadgets(self, gadgets):
binary = Binary(self.__options.binary)
section = binary.get_exec_sections()
vaddr = binary.get_entry_point()
arch = binary.get_arch()
mode = binary.get_arch_mode()
ret = []
md = Cs(arch, mode)
for gad in gadgets:
all_ref_ret = [
m.start() for m in re.finditer(gad[INSTRUCTION_OP], section)
]
for ref in all_ref_ret:
for depth in range(self.__options.depth):
decodes = md.disasm(
section[ref - depth:ref + gad[INSTRUCTION_SIZE]],
vaddr + ref - depth)
gadget = ""
for decode in decodes:
gadget += (decode.mnemonic + " " + decode.op_str +
" ; ").replace(" ", " ")
if len(gadget) > 0:
gadget = gadget[:-3]
ret += [{
"vaddr":
vaddr + ref - depth,
"gadget":
gadget,
"bytes":
section[ref - depth:ref + gad[INSTRUCTION_SIZE]]
}]
return ret
def get_operation(self, op):
binary = Binary(self.__options.binary)
parser = Parser(op)
arch = binary.get_arch()
mode = binary.get_arch_mode()
md = Cs(arch, mode)
md.detail = True
operation = parser.get_operation()
return md, operation, parser
def test_binary(self, file, silent=False):
start = datetime.datetime.now()
print("============================================")
print("FILE: %s" % file)
binary = Binary(file)
if binary.get_arch_mode() == CS_MODE_32:
self.__mode = REG_32
self.__gadgets = self.get_gadgets(file)
regs_found = self.load_constant(file)
turing_completeness = True
result = self.load_memory(file, regs_found)
turing_completeness = turing_completeness and result
result = self.store_memory(file, regs_found)
turing_completeness = turing_completeness and result
result = self.add(file, regs_found)
turing_completeness = turing_completeness and result
result = self.sub(file, regs_found)
turing_completeness = turing_completeness and result
result = self.xor(file, regs_found)
turing_completeness = turing_completeness and result
result = self.and_(file, regs_found)
turing_completeness = turing_completeness and result
result = self.or_(file, regs_found)
turing_completeness = turing_completeness and result
result = self.not_(file, regs_found)
turing_completeness = turing_completeness and result
result = self.cond1(file, regs_found)
turing_completeness = turing_completeness and result
result = self.cond2(file, regs_found)
turing_completeness = turing_completeness and result
result = self.move(file, regs_found)
turing_completeness = turing_completeness and result
if turing_completeness:
print("All operations found!")
end = datetime.datetime.now() - start
if not silent:
print('\nTime elapsed: %s' % str(end))