def __init__(self, custom_methods, *args, **kwargs):
super(OS_Win, self).__init__(custom_methods, *args, **kwargs)
# Import manager
libs = libimp()
self.libs = libs
win_api_x86_32.winobjs.runtime_dll = libs
# Load library
if self.options.loadbasedll:
all_pe = []
# Load libs in memory
for dll_fname in self.ALL_IMP_DLL:
fname = os.path.join('win_dll', dll_fname)
e_lib = vm_load_pe(self.jitter.vm, fname)
libs.add_export_lib(e_lib, dll_fname)
all_pe.append(e_lib)
# Patch libs imports
for pe in all_pe:
preload_pe(self.jitter.vm, pe, libs)
# Load main pe
self.pe = vm_load_pe(self.jitter.vm, self.fname)
# Fix pe imports
preload_pe(self.jitter.vm, self.pe, libs)
# Library calls handler
self.jitter.add_lib_handler(libs, custom_methods)
# Manage SEH
if self.options.use_seh:
win_api_x86_32_seh.main_pe_name = self.fname
win_api_x86_32_seh.main_pe = self.pe
win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
win_api_x86_32_seh.init_seh(self.jitter)
win_api_x86_32_seh.set_win_fs_0(self.jitter)
self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
def __init__(self, custom_methods, *args, **kwargs):
super(OS_Win, self).__init__(custom_methods, *args, **kwargs)
# Import manager
libs = libimp()
self.libs = libs
win_api_x86_32.winobjs.runtime_dll = libs
# Load library
if self.options.loadbasedll:
all_pe = []
# Load libs in memory
for dll_fname in self.ALL_IMP_DLL:
fname = os.path.join('win_dll', dll_fname)
e_lib = vm_load_pe(self.jitter.vm, fname)
libs.add_export_lib(e_lib, dll_fname)
all_pe.append(e_lib)
# Patch libs imports
for pe in all_pe:
preload_pe(self.jitter.vm, pe, libs)
# Load main pe
self.pe = vm_load_pe(self.jitter.vm, self.fname)
# Fix pe imports
preload_pe(self.jitter.vm, self.pe, libs)
# Library calls handler
self.jitter.add_lib_handler(libs, custom_methods)
# Manage SEH
if self.options.use_seh:
win_api_x86_32_seh.main_pe_name = self.fname
win_api_x86_32_seh.main_pe = self.pe
win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
win_api_x86_32_seh.init_seh(self.jitter)
win_api_x86_32_seh.set_win_fs_0(self.jitter)
self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
def parse(self, data, vm=None):
# Parse signature
if not data.startswith('MZ'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_pe(vm, filename)
else:
self._executable = pe_init.PE(data)
except Exception, error:
raise ContainerParsingException('Cannot read PE: %s' % error)
def __init__(self, filename, vm = None, addr = None):
data = open(filename).read()
log.info('load binary')
e, bs, ep = None, None, None
if data.startswith('MZ'):
try:
if vm is not None:
e = vm_load_pe(vm, filename)
else:
e = pe_init.PE(data)
if e.isPE() and e.NTsig.signature_value == 0x4550:
bs = bin_stream_pe(e.virt)
ep = e.rva2virt(e.Opthdr.AddressOfEntryPoint)
except:
log.error('Cannot read PE!')
elif data.startswith('\x7fELF'):
try:
if vm is not None:
e = vm_load_elf(vm, filename)
else:
e = elf_init.ELF(data)
bs = bin_stream_elf(e.virt)
ep = e.Ehdr.entry
except:
log.error('Cannot read ELF!')
else:
bs = bin_stream_str(data)
if vm is not None:
if addr is None:
raise ValueError('set load addr')
vm.add_memory_page(addr,
PAGE_READ,
data)
self.e, self.bs, self.ep = e, bs, ep
