def parse(self, data, vm=None, **kwargs):
from miasm.jitter.loader.pe import vm_load_pe, guess_arch
from miasm.loader import pe_init
# Parse signature
if not data.startswith(b'MZ'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_pe(vm, data)
else:
self._executable = pe_init.PE(data)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
# Check instance validity
if not self._executable.isPE() or \
self._executable.NTsig.signature_value != 0x4550:
raise ContainerSignatureException()
# Guess the architecture
self._arch = guess_arch(self._executable)
# Build the bin_stream instance and set the entry point
try:
self._bin_stream = bin_stream_pe(self._executable)
ep_detected = self._executable.Opthdr.AddressOfEntryPoint
self._entry_point = self._executable.rva2virt(ep_detected)
except Exception as error:
raise ContainerParsingException('Cannot read PE: %s' % error)
def __init__(self, file_name, conn=None, cont=None, exectbl=None, *args, **kwargs):
super(ExtendedAsmCFG, self).__init__(loc_db=LocationDB(), *args, **kwargs)
self.file_name = file_name
if not cont:
if conn:
stream = conn.builtins.open(file_name, 'rb')
else:
stream = open(file_name, 'rb')
cont = Container.from_stream(stream)
self.cont = cont
self.mode = int(cont.arch[-2:])
self.address_size = self.mode // 8
self.pck = pck32
self.upck = upck32
self.machine = Machine(cont.arch)
self.disassembler = self.machine.dis_engine
if self.mode == 64:
self.pck = pck64
self.upck = upck64
self._exectbl = exectbl
if not exectbl:
self._exectbl = pe_init.PE(cont.executable)
self._dis_engine = None
self.func_addr = None
self.jmp_table_loc_keys = set()
machine = Machine(args.architecture)
try:
attrib = machine.dis_engine.attrib
size = int(attrib)
except AttributeError:
attrib = None
size = 32
except ValueError:
size = 32
reg_and_id = dict(machine.mn.regs.all_regs_ids_byname)
base_expr = machine.base_expr
dst_interval = None
# Output format
if args.PE:
pe = pe_init.PE(wsize=size)
s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000)
s_iat = pe.SHList.add_section(name="iat", rawsize=0x100)
new_dll = [({
"name": "USER32.dll",
"firstthunk": s_iat.addr
}, ["MessageBoxA"])]
pe.DirImport.add_dlldesc(new_dll)
s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport))
pe.DirImport.set_rva(s_myimp.addr)
pe.Opthdr.AddressOfEntryPoint = s_text.addr
addr_main = pe.rva2virt(s_text.addr)
virt = pe.virt
output = pe
dst_interval = interval([(pe.rva2virt(s_text.addr),
import sys
from argparse import ArgumentParser
from miasm.loader import pe_init
parser = ArgumentParser(description="Create a PE from a shellcode")
parser.add_argument("filename", help="x86 shellcode filename")
parser.add_argument("-p",
"--pename",
help="new PE filename (default is 'sc_pe.exe')",
default="sc_pe.exe")
parser.add_argument("-w",
"--word-size",
help="word size (default is 32 bits)",
choices=[32, 64],
type=int,
default=32)
args = parser.parse_args()
data = open(args.filename, 'rb').read()
pe = pe_init.PE(wsize=args.word_size)
s_text = pe.SHList.add_section(name="text", addr=0x1000, data=data)
pe.Opthdr.AddressOfEntryPoint = s_text.addr
open(args.pename, 'wb').write(bytes(pe))
