def load_macho_interp(self, p, interp):
for k, f in p.bin.la_symbol_ptr.items():
xfunc = cpu.ext(f, size=64)
xfunc.stub = p.OS.stub(f)
p.state.mmap.write(k, xfunc)
# we want to add stubs addresses as symbols as well
# to improve asm block views:
p.bin.functions.update(p.bin.la_symbol_ptr)
got = None
plt = p.bin.getsection('__stubs')
if plt:
address = plt.addr
pltco = p.bin.readsection(plt)
while (pltco):
i = p.cpu.disassemble(pltco)
if i.mnemonic == 'JMP' and i.operands[0]._is_mem:
target = i.operands[0].a
if target.base is p.cpu.rip:
target = address + i.length + target.disp
elif target.base._is_reg:
target = got.sh_addr + target.disp
elif target.base._is_cst:
target = target.base.value + target.disp
if target in p.bin.functions:
p.bin.functions[address] = p.bin.functions[target]
pltco = pltco[i.length:]
address += i.length
def load_elf_interp(self, p, interp):
for k, f in p.bin._Elf__dynamic(None).items():
xfunc = cpu.ext(f, size=64)
xfunc.stub = p.OS.stub(f)
p.state.mmap.write(k, xfunc)
# we want to add .plt addresses as symbols as well
# to improve asm block views:
plt = got = None
for s in p.bin.Shdr:
if s.name=='.plt':
plt = s
elif s.name=='.got':
got = s
if plt and got:
address = plt.sh_addr
pltco = p.bin.readsection(plt)
while(pltco):
i = p.cpu.disassemble(pltco)
if i.mnemonic=='JMP' and i.operands[0]._is_mem:
target = i.operands[0].a
if target.base is p.cpu.rip:
target = address+target.disp
elif target.base._is_reg:
target = got.sh_addr+target.disp
elif target.base._is_cst:
target = target.base.value+target.disp
if target in p.bin.functions:
p.bin.functions[address] = p.bin.functions[target]
pltco = pltco[i.length:]
address += i.length
def check_sym(self,v):
if v._is_cst:
x = self.bin.functions.get(v.value,None) or self.bin.variables.get(v.value,None)
if x is not None:
if isinstance(x,str): x=cpu.ext(x,size=64)
else: x=cpu.sym(x[0],v.value,v.size)
return x
return None
def check_sym(self, v):
if v._is_cst:
x = self.bin.functions.get(
v.value, None) or self.bin.variables.get(v.value, None)
if x is not None:
if isinstance(x, str): x = cpu.ext(x, size=64)
else: x = cpu.sym(x[0], v.value, v.size)
return x
return None
def check_sym(self,v):
if v._is_cst:
x = self.symbols.get(v.value,None)
if x is not None:
if isinstance(x,str):
x=cpu.ext(x,size=64)
else:
x=cpu.sym(x[0],v.value,v.size)
return x
return None
def libc_start_main(m, **kargs):
"tags: func_call"
m[cpu.rip] = m(cpu.rdi)
cpu.push(m, cpu.ext("exit", size=64))
def load_shlib(self):
for k, f in self.bin._Elf64__dynamic(None).iteritems():
self.mmap.write(k, cpu.ext(f, size=64))
def load_macho_interp(self, p, interp):
for k, f in p.bin.la_symbol_ptr.items():
xfunc = cpu.ext(f, size=64)
xfunc.stub = p.OS.stub(f)
p.state.mmap.write(k, xfunc)
def load_shlib(self):
for k, f in self.bin.functions.iteritems():
self.mmap.write(k, cpu.ext(f, size=64))
def load_shlib(self):
for k,f in self.bin.functions.iteritems():
self.mmap.write(k,cpu.ext(f,size=64))
def load_elf_interp(self, p, interp):
for k, f in p.bin._Elf__dynamic(None).items():
xfunc = cpu.ext(f, size=64)
xfunc.stub = p.OS.stub(f)
p.state.mmap.write(k, xfunc)
def load_pe_iat(self, p):
for k, f in iter(p.bin.functions.items()):
xf = cpu.ext(f, size=64)
xf.stub = p.OS.stub(f)
p.state.mmap.write(k, xf)
def load_shlib(self):
for k,f in self.bin._Elf64__dynamic(None).iteritems():
self.mmap.write(k,cpu.ext(f,size=64))
def __libc_start_main(m,**kargs):
"tags: func_call"
m[cpu.rip] = m(cpu.rdi)
cpu.push(m,cpu.ext('exit',size=64))
