def writeBytes(self, address, bytes):
if HAS_PTRACE_IO:
size = len(bytes)
bytes = create_string_buffer(bytes)
io_desc = ptrace_io_desc(
piod_op=PIOD_WRITE_D,
piod_offs=address,
piod_addr=addressof(bytes),
piod_len=size)
ptrace_io(self.pid, io_desc)
else:
offset = address % CPU_WORD_SIZE
if offset:
# Write partial word (end)
address -= offset
size = CPU_WORD_SIZE - offset
word = self.readBytes(address, CPU_WORD_SIZE)
if len(bytes) < size:
size = len(bytes)
word = word[:offset] + bytes[:size] + \
word[offset + size:] # <-- FIXME: Big endian!
else:
# <-- FIXME: Big endian!
word = word[:offset] + bytes[:size]
self.writeWord(address, bytes2word(word))
bytes = bytes[size:]
address += CPU_WORD_SIZE
# Write full words
while CPU_WORD_SIZE <= len(bytes):
# Read one word
word = bytes[:CPU_WORD_SIZE]
word = bytes2word(word)
self.writeWord(address, word)
# Move to next word
bytes = bytes[CPU_WORD_SIZE:]
address += CPU_WORD_SIZE
if not bytes:
return
# Write partial word (begin)
size = len(bytes)
word = self.readBytes(address, CPU_WORD_SIZE)
# FIXME: Write big endian version of the next line
word = bytes + word[size:]
self.writeWord(address, bytes2word(word))
def writeBytes(self, address, bytes):
if HAS_PTRACE_IO:
size = len(bytes)
bytes = create_string_buffer(bytes)
io_desc = ptrace_io_desc(
piod_op=PIOD_WRITE_D,
piod_offs=address,
piod_addr=addressof(bytes),
piod_len=size)
ptrace_io(self.pid, io_desc)
else:
offset = address % CPU_WORD_SIZE
if offset:
# Write partial word (end)
address -= offset
size = CPU_WORD_SIZE - offset
word = self.readBytes(address, CPU_WORD_SIZE)
if len(bytes) < size:
size = len(bytes)
word = word[:offset] + bytes[:size] + \
word[offset + size:] # <-- FIXME: Big endian!
else:
# <-- FIXME: Big endian!
word = word[:offset] + bytes[:size]
self.writeWord(address, bytes2word(word))
bytes = bytes[size:]
address += CPU_WORD_SIZE
# Write full words
while CPU_WORD_SIZE <= len(bytes):
# Read one word
word = bytes[:CPU_WORD_SIZE]
word = bytes2word(word)
self.writeWord(address, word)
# Move to next word
bytes = bytes[CPU_WORD_SIZE:]
address += CPU_WORD_SIZE
if not bytes:
return
# Write partial word (begin)
size = len(bytes)
word = self.readBytes(address, CPU_WORD_SIZE)
# FIXME: Write big endian version of the next line
word = bytes + word[size:]
self.writeWord(address, bytes2word(word))
def _detect_parameter(self, ptype, offset):
addr = self.process.getStackPointer()+offset
bs = self.process.readBytes(addr, 4)
if CPU_X86_64:
bs = bs + (4*'\00')
#print "bs value", repr(bs), hex(bytes2word(bs))
return RefinePType(GetPtype(ptype),bytes2word(bs), self.process, self.mm)
def _detect_parameter_x86(self, ptype, offset):
addr = self.process.getStackPointer() + offset
bs = self.process.readBytes(addr, 4)
# if CPU_X86_64:
# bs = bs + (4*'\00')
# print("bs value", repr(bs), hex(bytes2word(bs)))
return RefinePType(GetPtype(ptype), bytes2word(bs), self.process,
self.mm)
def writeBytes(self, address, bytes):
debug("Write %s bytes at %s" %
(len(bytes), formatAddress(address)))
offset = address % CPU_WORD_SIZE
if offset:
# Write partial word (end)
address -= offset
size = CPU_WORD_SIZE - offset
word = self.readBytes(address, CPU_WORD_SIZE)
if len(bytes) < size:
size = len(bytes)
word = word[:offset] + bytes[:size] + word[
offset + size:] # <-- FIXME: Big endian!
else:
word = word[:offset] + bytes[:
size] # <-- FIXME: Big endian!
self.writeWord(address, bytes2word(word))
bytes = bytes[size:]
address += CPU_WORD_SIZE
# Write full words
while CPU_WORD_SIZE <= len(bytes):
# Read one word
word = bytes[:CPU_WORD_SIZE]
word = bytes2word(word)
self.writeWord(address, word)
# Move to next word
bytes = bytes[CPU_WORD_SIZE:]
address += CPU_WORD_SIZE
if not bytes:
return
# Write partial word (begin)
size = len(bytes)
word = self.readBytes(address, CPU_WORD_SIZE)
# FIXME: Write big endian version of next line
word = bytes + word[size:]
self.writeWord(address, bytes2word(word))
def writeBytes(self, address, bytes):
debug("Write %s bytes at %s" % (
len(bytes), formatAddress(address)))
offset = address % CPU_WORD_SIZE
if offset:
# Write partial word (end)
address -= offset
size = CPU_WORD_SIZE - offset
word = self.readBytes(address, CPU_WORD_SIZE)
if len(bytes) < size:
size = len(bytes)
word = word[:offset] + bytes[:size] + word[offset + size:] # <-- FIXME: Big endian!
else:
word = word[:offset] + bytes[:size] # <-- FIXME: Big endian!
self.writeWord(address, bytes2word(word))
bytes = bytes[size:]
address += CPU_WORD_SIZE
# Write full words
while CPU_WORD_SIZE <= len(bytes):
# Read one word
word = bytes[:CPU_WORD_SIZE]
word = bytes2word(word)
self.writeWord(address, word)
# Move to next word
bytes = bytes[CPU_WORD_SIZE:]
address += CPU_WORD_SIZE
if not bytes:
return
# Write partial word (begin)
size = len(bytes)
word = self.readBytes(address, CPU_WORD_SIZE)
# FIXME: Write big endian version of next line
word = bytes + word[size:]
self.writeWord(address, bytes2word(word))
def __DetectParam__(self, ptype, offset):
addr = self.process.getreg("esp")+offset
bytes = self.process.readBytes(addr, 4)
return RefinePType(GetPtype(ptype),bytes2word(bytes), self.process, self.mm)
def __DetectRetAddr__(self):
addr = self.process.getreg("esp")
bytes = self.process.readBytes(addr, 4)
return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)
def parseInteger(text, procWrap=None):
global ptraceProc_g
ptraceProc_g = procWrap.ptraceProcess if procWrap else None
# Remove spaces and convert to lower case
text = text.strip()
if " " in text:
raise ValueError("Space are forbidden: %r" % text)
text = text.lower()
orig_text = text
# replace symbols by their value
def readSymbols(symbol):
text = symbol.group(0)
if procWrap is None:
return text
else:
try:
return str(procWrap.programinfo.getAddrOf(text))
except ValueError as e:
debug(e)
return text
# Replace hexadecimal numbers by decimal numbers
def readHexadecimal(regs):
text = regs.group(0)
if text.startswith("0x"):
text = text[2:]
elif not re.search("[a-f]", text):
return text
value = int(text, 16)
return str(value)
# (first_char)(rest)* if your symbol contains other characters, include them here
symbol_regex = r"(?<!0x)[a-zA-Z_][a-zA-Z0-9_.]*"
symbol_regex_with_library = symbol_regex + r"(:" + symbol_regex + ")?"
text = re.sub(r"(?:0x)[0-9a-f]+", readHexadecimal, text)
text = re.sub(symbol_regex_with_library, readSymbols, text)
# Replace registers by their value
text = REGISTER_REGEX.sub(readRegister, text)
# Reject invalid characters
if not re.match(r"^[()<>+*/&0-9-]+$", text):
raise ValueError("Invalid expression: %r" % orig_text)
# Use integer division (a//b) instead of float division (a/b)
text = text.replace("/", "//")
# Finally, evaluate the expression
is_pointer = text.startswith("*")
if is_pointer:
text = text[1:]
try:
value = eval(text)
value = truncateWord(value)
except SyntaxError:
raise ValueError("Invalid expression: %r" % orig_text)
if is_pointer:
assert isinstance(ptraceProc_g, PtraceProcess)
# value = ptraceProc_g.readWord(value)
try:
value = ptraceProc_g.readBytes(value, 8)
value = bytes2word(value)
except PtraceError as e:
warning(str(e))
value = 0
return value