def parse(self, data, vm=None, **kwargs):
from miasm.jitter.loader.pe import vm_load_pe, guess_arch
from miasm.loader import pe_init
# Parse signature
if not data.startswith(b'MZ'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_pe(vm, data)
else:
self._executable = pe_init.PE(data)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
# Check instance validity
if not self._executable.isPE() or \
self._executable.NTsig.signature_value != 0x4550:
raise ContainerSignatureException()
# Guess the architecture
self._arch = guess_arch(self._executable)
# Build the bin_stream instance and set the entry point
try:
self._bin_stream = bin_stream_pe(self._executable)
ep_detected = self._executable.Opthdr.AddressOfEntryPoint
self._entry_point = self._executable.rva2virt(ep_detected)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
def parse(self, data, vm=None, **kwargs):
from miasm.jitter.loader.pe import vm_load_pe, guess_arch
from miasm.loader import pe_init
# Parse signature
if not data.startswith(b'MZ'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_pe(vm, data)
else:
self._executable = pe_init.PE(data)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
# Check instance validity
if not self._executable.isPE() or \
self._executable.NTsig.signature_value != 0x4550:
raise ContainerSignatureException()
# Guess the architecture
self._arch = guess_arch(self._executable)
# Build the bin_stream instance and set the entry point
try:
self._bin_stream = bin_stream_pe(self._executable)
ep_detected = self._executable.Opthdr.AddressOfEntryPoint
self._entry_point = self._executable.rva2virt(ep_detected)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
def __init__(self, custom_methods, *args, **kwargs):
from miasm.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\
preload_pe, libimp_pe, vm_load_pe_and_dependencies
from miasm.os_dep import win_api_x86_32, win_api_x86_32_seh
methods = dict(
(name, func) for name, func in viewitems(win_api_x86_32.__dict__))
methods.update(custom_methods)
super(OS_Win, self).__init__(methods, *args, **kwargs)
# Import manager
libs = libimp_pe()
self.libs = libs
win_api_x86_32.winobjs.runtime_dll = libs
self.name2module = {}
fname_basename = os.path.basename(self.fname).lower()
# Load main pe
with open(self.fname, "rb") as fstream:
self.pe = vm_load_pe(self.jitter.vm,
fstream.read(),
load_hdr=self.options.load_hdr,
name=self.fname,
winobjs=win_api_x86_32.winobjs,
**kwargs)
self.name2module[fname_basename] = self.pe
# Load library
if self.options.loadbasedll:
# Load libs in memory
self.name2module.update(
vm_load_pe_libs(self.jitter.vm,
self.ALL_IMP_DLL,
libs,
self.modules_path,
winobjs=win_api_x86_32.winobjs,
**kwargs))
# Patch libs imports
for pe in viewvalues(self.name2module):
preload_pe(self.jitter.vm, pe, libs)
if self.options.dependencies:
vm_load_pe_and_dependencies(self.jitter.vm,
fname_basename,
self.name2module,
libs,
self.modules_path,
winobjs=win_api_x86_32.winobjs,
**kwargs)
win_api_x86_32.winobjs.current_pe = self.pe
# Fix pe imports
preload_pe(self.jitter.vm, self.pe, libs)
# Library calls handler
self.jitter.add_lib_handler(libs, methods)
# Manage SEH
if self.options.use_windows_structs:
win_api_x86_32_seh.main_pe_name = fname_basename
win_api_x86_32_seh.main_pe = self.pe
win_api_x86_32.winobjs.hcurmodule = self.pe.NThdr.ImageBase
win_api_x86_32_seh.name2module = self.name2module
win_api_x86_32_seh.set_win_fs_0(self.jitter)
win_api_x86_32_seh.init_seh(self.jitter)
self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
def __init__(self, custom_methods, *args, **kwargs):
from miasm.jitter.loader.pe import vm_load_pe, vm_load_pe_libs,\
preload_pe, libimp_pe, vm_load_pe_and_dependencies
from miasm.os_dep import win_api_x86_32, win_api_x86_32_seh
methods = dict((name.encode(),func) for name, func in viewitems(win_api_x86_32.__dict__))
methods.update(custom_methods)
super(OS_Win, self).__init__(methods, *args, **kwargs)
# Import manager
libs = libimp_pe()
self.libs = libs
win_api_x86_32.winobjs.runtime_dll = libs
self.name2module = {}
fname_basename = os.path.basename(self.fname).lower()
# Load main pe
with open(self.fname, "rb") as fstream:
self.pe = vm_load_pe(
self.jitter.vm,
fstream.read(),
load_hdr=self.options.load_hdr,
name=self.fname,
**kwargs
)
self.name2module[fname_basename] = self.pe
# Load library
if self.options.loadbasedll:
# Load libs in memory
self.name2module.update(
vm_load_pe_libs(
self.jitter.vm,
self.ALL_IMP_DLL,
libs,
self.modules_path,
**kwargs
)
)
# Patch libs imports
for pe in viewvalues(self.name2module):
preload_pe(self.jitter.vm, pe, libs)
if self.options.dependencies:
vm_load_pe_and_dependencies(
self.jitter.vm,
fname_basename,
self.name2module,
libs,
self.modules_path,
**kwargs
)
win_api_x86_32.winobjs.current_pe = self.pe
# Fix pe imports
preload_pe(self.jitter.vm, self.pe, libs)
# Library calls handler
self.jitter.add_lib_handler(libs, methods)
# Manage SEH
if self.options.use_windows_structs:
win_api_x86_32_seh.main_pe_name = fname_basename
win_api_x86_32_seh.main_pe = self.pe
win_api_x86_32.winobjs.hcurmodule = self.pe.NThdr.ImageBase
win_api_x86_32_seh.name2module = self.name2module
win_api_x86_32_seh.set_win_fs_0(self.jitter)
win_api_x86_32_seh.init_seh(self.jitter)
self.entry_point = self.pe.rva2virt(
self.pe.Opthdr.AddressOfEntryPoint)