Python Machine.add_exception_handler Beispiele

Beispiel #1

if __name__ == "__main__":
    parser = ArgumentParser(description="x86 64 basic Jitter")
    parser.add_argument("filename", help="x86 64 shellcode filename")
    parser.add_argument("-j",
                        "--jitter",
                        help="Jitter engine (default is 'gcc')",
                        default="gcc")
    parser.add_argument("--verbose",
                        "-v",
                        action="store_true",
                        help="Verbose mode")
    args = parser.parse_args()
    loc_db = LocationDB()

    myjit = Machine("x86_64").jitter(loc_db, args.jitter)
    myjit.init_stack()

    with open(args.filename, 'rb') as f:
        data = f.read()
    run_addr = 0x40000000
    myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data)

    if args.verbose:
        myjit.set_trace_log()
    myjit.push_uint64_t(0x1337beef)
    myjit.add_breakpoint(0x1337beef, code_sentinelle)
    # Add routine catching syscalls
    myjit.add_exception_handler(EXCEPT_SYSCALL, log_syscalls)
    myjit.run(run_addr)

Beispiel #2

Datei: simu_sc_linux64.py Projekt: un0rthodox/analyst-scripts

def get_str(jit, addr):
    data = jit.vm.get_mem(addr, 10)
    return data[:data.find(b'\x00')].decode('utf-8')


def exception_int(jitter):
    print("SYSCALL {}".format(jitter.cpu.EAX))
    jitter.cpu.set_exception(0)
    return True


if __name__ == '__main__':
    parser = ArgumentParser(description="x86 64 basic Jitter")
    parser.add_argument("filename", help="x86 64 shellcode filename")
    parser.add_argument("-j",
                        "--jitter",
                        help="Jitter engine",
                        default="python")
    args = parser.parse_args()

    myjit = Machine("x86_64").jitter(args.jitter)
    myjit.init_stack()

    data = open(args.filename, 'rb').read()
    run_addr = 0x40000000
    myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data)
    #myjit.set_trace_log()
    myjit.add_exception_handler(EXCEPT_SYSCALL, exception_int)
    myjit.run(run_addr)

Beispiel #3

Datei: simu_sc_linux32.py Projekt: un0rthodox/analyst-scripts

    return False


if __name__ == '__main__':
    parser = ArgumentParser(description="x86 32 basic Jitter")
    parser.add_argument("filename", help="x86 32 shellcode filename")
    parser.add_argument("-j",
                        "--jitter",
                        help="Jitter engine",
                        default="python")
    parser.add_argument("--verbose",
                        "-v",
                        action="store_true",
                        help="Verbose mode")
    args = parser.parse_args()

    myjit = Machine("x86_32").jitter(args.jitter)
    myjit.init_stack()

    data = open(args.filename, 'rb').read()
    run_addr = 0x40000000
    myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data)
    if args.verbose:
        myjit.set_trace_log()
    myjit.add_exception_handler(EXCEPT_INT_XX, exception_int)
    myjit.add_exception_handler(EXCEPT_PRIV_INSN, priv)
    myjit.push_uint32_t(0x1337beef)
    myjit.add_exception_handler(EXCEPT_ACCESS_VIOL, code_sentinelle)
    myjit.add_breakpoint(0x1337beef, code_sentinelle)
    myjit.run(run_addr)