Ejemplo n.º 1
0
    # Update instruction instance
    last_instr.name = 'PUSH'

    # Update next blocks to process in the disassembly engine
    cur_bloc.bto.clear()
    cur_bloc.add_cst(dst.name.offset, asm_constraint.c_next, symbol_pool)


# Prepare a tiny shellcode
shellcode = ''.join([
    "\xe8\x00\x00\x00\x00",  # CALL $
    "X",  # POP EAX
    "\xc3",  # RET
])
bin_stream = bin_stream_str(shellcode)
mdis = dis_x86_32(bin_stream)

print "Without callback:\n"
blocks = mdis.dis_multibloc(0)
print "\n".join(str(block) for block in blocks)

# Enable callback
cb_x86_funcs.append(cb_x86_callpop)
## Other method:
## mdis.dis_bloc_callback = cb_x86_callpop

# Clean disassembly cache
mdis.job_done.clear()

print "=" * 40
print "With callback:\n"
Ejemplo n.º 2
0
        print 'IN', [str(x) for x in irbloc.in_nodes]
        print 'OUT', [str(x) for x in irbloc.out_nodes]

    print '*' * 20, 'interbloc', '*' * 20
    inter_bloc_flow(ir_arch, flow_graph, irbloc_0.label)

    # from graph_qt import graph_qt
    # graph_qt(flow_graph)
    open('data.dot', 'w').write(flow_graph.dot())


data = open(args.filename).read()
ad = int(args.addr, 16)

print 'disasm...'
mdis = dis_x86_32(data)
mdis.follow_call = True
ab = mdis.dis_multibloc(ad)
print 'ok'


print 'generating dataflow graph for:'
ir_arch = ir_a_x86_32(mdis.symbol_pool)

blocs = ab
for bloc in blocs:
    print bloc
    ir_arch.add_bloc(bloc)
for irbloc in ir_arch.blocs.values():
    print irbloc
    if irbloc.label.offset != 0:
Ejemplo n.º 3
0
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.analysis.binary import Container
from miasm2.core.asmblock import AsmCFG, AsmConstraint, AsmBlock, \
    AsmLabel, AsmBlockBad, AsmConstraintTo, AsmConstraintNext, \
    bbl_simplifier
from miasm2.core.graph import DiGraphSimplifier, MatchGraphJoker
from miasm2.expression.expression import ExprId

# Initial data: from 'samples/simple_test.bin'
data = "5589e583ec10837d08007509c745fc01100000eb73837d08017709c745fc02100000eb64837d08057709c745fc03100000eb55837d080774138b450801c083f80e7509c745fc04100000eb3c8b450801c083f80e7509c745fc05100000eb298b450883e03085c07409c745fc06100000eb16837d08427509c745fc07100000eb07c745fc081000008b45fcc9c3".decode(
    "hex")
cont = Container.from_string(data)

# Test Disasm engine
mdis = dis_x86_32(cont.bin_stream)
## Disassembly of one block
first_block = mdis.dis_block(0)
assert len(first_block.lines) == 5
print first_block

## Test redisassemble blocks
first_block_bis = mdis.dis_block(0)
assert len(first_block.lines) == len(first_block_bis.lines)
print first_block_bis

## Disassembly of several block, with cache
blocks = mdis.dis_multiblock(0)
assert len(blocks) == 17

## Test redisassemble blocks
Ejemplo n.º 4
0
import sys
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph
from miasm2.analysis.binary import Container
from pdb import pm

if len(sys.argv) != 3:
    print 'Example:'
    print "%s samples/box_upx.exe 0x407570" % sys.argv[0]
    sys.exit(0)

addr = int(sys.argv[2], 16)
cont = Container.from_stream(open(sys.argv[1]))
mdis = dis_x86_32(cont.bin_stream)
# Inform the engine to avoid disassembling null instructions
mdis.dont_dis_nulstart_bloc = True
blocs = mdis.dis_multibloc(addr)

graph = bloc2graph(blocs)
open('graph.txt', 'w').write(graph)
Ejemplo n.º 5
0
import sys
from elfesteem import pe_init
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph
from miasm2.core.bin_stream import bin_stream_pe

if len(sys.argv) != 3:
    print "Example:"
    print "%s box_upx.exe 0x410f90" % sys.argv[0]
    sys.exit(0)

fname = sys.argv[1]
ad = int(sys.argv[2], 16)
e = pe_init.PE(open(fname).read())
bs = bin_stream_pe(e.virt)

mdis = dis_x86_32(bs)
# inform the engine not to disasm nul instructions
mdis.dont_dis_nulstart_bloc = True
blocs = mdis.dis_multibloc(ad)

g = bloc2graph(blocs)
open("graph.txt", "w").write(g)
Ejemplo n.º 6
0
from miasm2.arch.x86.disasm import dis_x86_32

# MOV        EAX, 0x1337BEEF
# MOV        ECX, 0x4
# loop:
# ROL        EAX, 0x8
# LOOP       loop
# RET
shellcode = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3'
mdis = dis_x86_32(shellcode)
blocks = mdis.dis_multibloc(0)

for block in blocks:
    print block

open('graph.dot', 'w').write(blocks.dot())
Ejemplo n.º 7
0
        print 'OUT', [str(x) for x in irb_out_nodes[label]]

    print '*' * 20, 'interblock', '*' * 20
    inter_block_flow(ir_arch, flow_graph, irblock_0.loc_key, irb_in_nodes,
                     irb_out_nodes)

    # from graph_qt import graph_qt
    # graph_qt(flow_graph)
    open('data.dot', 'w').write(flow_graph.dot())


data = open(args.filename).read()
ad = int(args.addr, 16)

print 'disasm...'
mdis = dis_x86_32(data)
mdis.follow_call = True
asmcfg = mdis.dis_multiblock(ad)
print 'ok'

print 'generating dataflow graph for:'
ir_arch = ir_a_x86_32(mdis.loc_db)

for block in asmcfg.blocks:
    print block
    ir_arch.add_block(block)
for irblock in ir_arch.blocks.values():
    print irblock

if args.symb:
    block_flow_cb = intra_block_flow_symb
Ejemplo n.º 8
0
import sys
from elfesteem import pe_init
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph
from miasm2.core.bin_stream import bin_stream_pe

if len(sys.argv) != 3:
    print 'Example:'
    print "%s box_upx.exe 0x410f90" % sys.argv[0]
    sys.exit(0)

fname = sys.argv[1]
ad = int(sys.argv[2], 16)
e = pe_init.PE(open(fname).read())
bs = bin_stream_pe(e.virt)

mdis = dis_x86_32(bs)
# inform the engine not to disasm nul instructions
mdis.dont_dis_nulstart_bloc = True
blocs = mdis.dis_multibloc(ad)

g = bloc2graph(blocs)
open('graph.txt', 'w').write(g)
Ejemplo n.º 9
0
 def ins_str_without_jmp(self):
     from miasm2.arch.x86.disasm import dis_x86_32
     buf = self.bytes_without_jmp
     d = dis_x86_32(buf)
     d.dont_dis = [len(buf)]
     return str(d.dis_block(0))
Ejemplo n.º 10
0
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph


s = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3'
mdis = dis_x86_32(s)
blocs = mdis.dis_multibloc(0)

for b in blocs:
    print b

g = bloc2graph(blocs)
open('graph.txt', 'w').write(g)
Ejemplo n.º 11
0
    # Update instruction instance
    last_instr.name = 'PUSH'

    # Update next blocks to process in the disassembly engine
    cur_bloc.bto.clear()
    cur_bloc.add_cst(loc_key, AsmConstraint.c_next)


# Prepare a tiny shellcode
shellcode = ''.join(["\xe8\x00\x00\x00\x00", # CALL $
                     "X",                    # POP EAX
                     "\xc3",                 # RET
                     ])
bin_stream = bin_stream_str(shellcode)
mdis = dis_x86_32(bin_stream)

print "Without callback:\n"
asmcfg = mdis.dis_multiblock(0)
print "\n".join(str(block) for block in asmcfg.blocks)

# Enable callback
cb_x86_funcs.append(cb_x86_callpop)
## Other method:
## mdis.dis_block_callback = cb_x86_callpop

print "=" * 40
print "With callback:\n"
asmcfg_after = mdis.dis_multiblock(0)
print "\n".join(str(block) for block in asmcfg_after.blocks)
offset = 0x59b
block_state = stack = []
dump_id = dump_mem = []

filename = "/home/hack/Android/OLLVM/OLLVM_TEST/flat_test/target_flat"
#filename = "/home/hack/Android/OLLVM/OLLVM_TEST/flat_test/target_flat"
# Get Miasm's binary stream [获取文件二进制流]

bin_file = open(filename, "rb").read()  # fix: (此处原文代码BUG,未指定“rb”模式可能导致文件读取错误)

bin_stream = bin_stream_str(bin_file)
# Disassemble blocks of the function at 'offset' 【反汇编目标函数基本块】

mdis = dis_x86_32(
    bin_stream
)  #mdis= machine 反编译引擎, 形如:<miasm2.arch.x86.disasm.dis_x86_32 object at 0xb668258c>

disasm = mdis.dis_multibloc(
    offset)  #(disasm即所有的基本块的汇编代码)从offset起,反汇编每个可达基本块,并返回AsmCFG实例(已反汇编的基本块的)
# Create target IR object and add all basic blocks to it 【创建IR对象并添加所有的基本块】

ir = ir_a_x86_32(mdis.symbol_pool)

for bbl in disasm:
    #print "------------bbl=",bbl
    ir.add_bloc(bbl)  #将native block 添加到当前IR中

#print "+++++++++++++++++ir=",ir
# Init our symbols with all architecture known registers 【符号初始化】