Beispiel #1
0
    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\
            preload_pe, libimp_pe, vm_load_pe_and_dependencies
        from miasm2.os_dep import win_api_x86_32, win_api_x86_32_seh
        methods = win_api_x86_32.__dict__
        methods.update(custom_methods)

        super(OS_Win, self).__init__(methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        self.name2module = {}
        fname_basename = os.path.basename(self.fname).lower()

        # Load main pe
        with open(self.fname) as fstream:
            self.pe = vm_load_pe(self.jitter.vm,
                                 fstream.read(),
                                 load_hdr=self.options.load_hdr,
                                 **kwargs)
            self.name2module[fname_basename] = self.pe

        # Load library
        if self.options.loadbasedll:

            # Load libs in memory
            self.name2module.update(
                vm_load_pe_libs(self.jitter.vm, self.ALL_IMP_DLL, libs,
                                self.modules_path, **kwargs))

            # Patch libs imports
            for pe in self.name2module.itervalues():
                preload_pe(self.jitter.vm, pe, libs)

        if self.options.dependencies:
            vm_load_pe_and_dependencies(self.jitter.vm, fname_basename,
                                        self.name2module, libs,
                                        self.modules_path, **kwargs)

        win_api_x86_32.winobjs.current_pe = self.pe

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = fname_basename
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32.winobjs.hcurmodule = self.pe.NThdr.ImageBase
            win_api_x86_32_seh.name2module = self.name2module
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
Beispiel #2
0
    def init_stub(self):
        """Initialize stubbing capabilities"""
        if not isinstance(self.engine, MiasmEngine):
            # Unsupported capability
            return

        # Get stubs' implementation
        context = {}
        for fpath in config.stubs:
            execfile(fpath, context)
        if not context:
            return

        libs = None
        if isinstance(self.ctr, ContainerPE):
            from miasm2.jitter.loader.pe import preload_pe, libimp_pe
            libs = libimp_pe()
            preload_pe(self.jitter.vm, self.ctr.executable, libs)

        elif isinstance(self.ctr, ContainerELF):
            from miasm2.jitter.loader.elf import preload_elf, libimp_elf
            libs = libimp_elf()
            preload_elf(self.jitter.vm, self.ctr.executable, libs)

        else:
            return

        # Add associated breakpoints
        self.jitter.add_lib_handler(libs, context)
Beispiel #3
0
    def init_stub(self):
        """Initialize stubbing capabilities"""
        if not isinstance(self.engine, MiasmEngine):
            # Unsupported capability
            return

        # Get stubs' implementation
        context = {}
        for fpath in config.stubs:
            execfile(fpath, context)
        if not context:
            return

        libs = None
        if isinstance(self.ctr, ContainerPE):
            from miasm2.jitter.loader.pe import preload_pe, libimp_pe
            libs = libimp_pe()
            preload_pe(self.jitter.vm, self.ctr.executable, libs)

        elif isinstance(self.ctr, ContainerELF):
            from miasm2.jitter.loader.elf import preload_elf, libimp_elf
            libs = libimp_elf()
            preload_elf(self.jitter.vm, self.ctr.executable, libs)

        else:
            return

        # Add associated breakpoints
        self.jitter.add_lib_handler(libs, context)
Beispiel #4
0
    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs, preload_pe, libimp_pe
        from miasm2.os_dep import win_api_x86_32
        methods = win_api_x86_32.__dict__
        methods.update(custom_methods)

        super(OS_Win, self).__init__(methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        # Load library
        if self.options.loadbasedll:
            all_pe = []

            # Load libs in memory
            all_pe = vm_load_pe_libs(self.jitter.vm, self.ALL_IMP_DLL, libs)

            # Patch libs imports
            for pe in all_pe.values():
                preload_pe(self.jitter.vm, pe, libs)

        # Load main pe
        with open(self.fname) as fstream:
            self.pe = vm_load_pe(self.jitter.vm, fstream.read())

        win_api_x86_32.winobjs.current_pe = self.pe

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = self.fname
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
Beispiel #5
0
    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs, preload_pe, libimp_pe
        from miasm2.os_dep import win_api_x86_32
        methods = win_api_x86_32.__dict__
        methods.update(custom_methods)

        super(OS_Win, self).__init__(methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        # Load library
        if self.options.loadbasedll:
            all_pe = []

            # Load libs in memory
            all_pe = vm_load_pe_libs(self.jitter.vm, self.ALL_IMP_DLL, libs)

            # Patch libs imports
            for pe in all_pe.values():
                preload_pe(self.jitter.vm, pe, libs)

        # Load main pe
        with open(self.fname) as fstream:
            self.pe = vm_load_pe(self.jitter.vm, fstream.read())

        win_api_x86_32.winobjs.current_pe = self.pe

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = self.fname
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point =  self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
Beispiel #6
0
    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, preload_pe, libimp_pe

        super(OS_Win, self).__init__(custom_methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        # Load library
        if self.options.loadbasedll:
            all_pe = []

            # Load libs in memory
            for dll_fname in self.ALL_IMP_DLL:
                fname = os.path.join('win_dll', dll_fname)
                e_lib = vm_load_pe(self.jitter.vm, fname)

                libs.add_export_lib(e_lib, dll_fname)
                all_pe.append(e_lib)

            # Patch libs imports
            for pe in all_pe:
                preload_pe(self.jitter.vm, pe, libs)

        # Load main pe
        self.pe = vm_load_pe(self.jitter.vm, self.fname)

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, custom_methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = self.fname
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point =  self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
Beispiel #7
0
    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\
            preload_pe, libimp_pe, vm_load_pe_and_dependencies
        from miasm2.os_dep import win_api_x86_32, win_api_x86_32_seh
        methods = win_api_x86_32.__dict__
        methods.update(custom_methods)

        super(OS_Win, self).__init__(methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        self.name2module = {}
        fname_basename = os.path.basename(self.fname).lower()

        # Load main pe
        with open(self.fname) as fstream:
            self.pe = vm_load_pe(self.jitter.vm, fstream.read(),
                                 load_hdr=self.options.load_hdr, **kwargs)
            self.name2module[fname_basename] = self.pe

        # Load library
        if self.options.loadbasedll:

            # Load libs in memory
            self.name2module.update(vm_load_pe_libs(self.jitter.vm,
                                                    self.ALL_IMP_DLL,
                                                    libs,
                                                    self.modules_path,
                                                    **kwargs))

            # Patch libs imports
            for pe in self.name2module.itervalues():
                preload_pe(self.jitter.vm, pe, libs)

        if self.options.dependencies:
            vm_load_pe_and_dependencies(self.jitter.vm,
                                        fname_basename,
                                        self.name2module,
                                        libs,
                                        self.modules_path,
                                        **kwargs)

        win_api_x86_32.winobjs.current_pe = self.pe

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = fname_basename
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32.winobjs.hcurmodule = self.pe.NThdr.ImageBase
            win_api_x86_32_seh.name2module = self.name2module
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point = self.pe.rva2virt(
            self.pe.Opthdr.AddressOfEntryPoint)