def parse(self, data, vm=None, **kwargs): from miasm.jitter.loader.pe import vm_load_pe, guess_arch from miasm.loader import pe_init # Parse signature if not data.startswith(b'MZ'): raise ContainerSignatureException() # Build executable instance try: if vm is not None: self._executable = vm_load_pe(vm, data) else: self._executable = pe_init.PE(data) except Exception as error: raise ContainerParsingException('Cannot read PE: %s' % error) # Check instance validity if not self._executable.isPE() or \ self._executable.NTsig.signature_value != 0x4550: raise ContainerSignatureException() # Guess the architecture self._arch = guess_arch(self._executable) # Build the bin_stream instance and set the entry point try: self._bin_stream = bin_stream_pe(self._executable) ep_detected = self._executable.Opthdr.AddressOfEntryPoint self._entry_point = self._executable.rva2virt(ep_detected) except Exception as error: raise ContainerParsingException('Cannot read PE: %s' % error)
def __init__(self, file_name, conn=None, cont=None, exectbl=None, *args, **kwargs): super(ExtendedAsmCFG, self).__init__(loc_db=LocationDB(), *args, **kwargs) self.file_name = file_name if not cont: if conn: stream = conn.builtins.open(file_name, 'rb') else: stream = open(file_name, 'rb') cont = Container.from_stream(stream) self.cont = cont self.mode = int(cont.arch[-2:]) self.address_size = self.mode // 8 self.pck = pck32 self.upck = upck32 self.machine = Machine(cont.arch) self.disassembler = self.machine.dis_engine if self.mode == 64: self.pck = pck64 self.upck = upck64 self._exectbl = exectbl if not exectbl: self._exectbl = pe_init.PE(cont.executable) self._dis_engine = None self.func_addr = None self.jmp_table_loc_keys = set()
machine = Machine(args.architecture) try: attrib = machine.dis_engine.attrib size = int(attrib) except AttributeError: attrib = None size = 32 except ValueError: size = 32 reg_and_id = dict(machine.mn.regs.all_regs_ids_byname) base_expr = machine.base_expr dst_interval = None # Output format if args.PE: pe = pe_init.PE(wsize=size) s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000) s_iat = pe.SHList.add_section(name="iat", rawsize=0x100) new_dll = [({ "name": "USER32.dll", "firstthunk": s_iat.addr }, ["MessageBoxA"])] pe.DirImport.add_dlldesc(new_dll) s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport)) pe.DirImport.set_rva(s_myimp.addr) pe.Opthdr.AddressOfEntryPoint = s_text.addr addr_main = pe.rva2virt(s_text.addr) virt = pe.virt output = pe dst_interval = interval([(pe.rva2virt(s_text.addr),
import sys from argparse import ArgumentParser from miasm.loader import pe_init parser = ArgumentParser(description="Create a PE from a shellcode") parser.add_argument("filename", help="x86 shellcode filename") parser.add_argument("-p", "--pename", help="new PE filename (default is 'sc_pe.exe')", default="sc_pe.exe") parser.add_argument("-w", "--word-size", help="word size (default is 32 bits)", choices=[32, 64], type=int, default=32) args = parser.parse_args() data = open(args.filename, 'rb').read() pe = pe_init.PE(wsize=args.word_size) s_text = pe.SHList.add_section(name="text", addr=0x1000, data=data) pe.Opthdr.AddressOfEntryPoint = s_text.addr open(args.pename, 'wb').write(bytes(pe))