def dbg_hook_code(self, uc, address, size, user_data): """ Unicorn instructions hook """ try: self.current_address = address hit_soft_bp = False should_print_instruction = self.trace_instructions > 0 if self.soft_bp: self.hook_mem_access = True self.soft_bp = False hit_soft_bp = True if address != self.last_bp and \ (address in self.core_module.get_breakpoints_list() or self.has_soft_bp): if self.skip_bp_count > 0: self.skip_bp_count -= 1 else: self.breakpoint_count += 1 should_print_instruction = False uc.emu_stop() self.last_bp = address print(utils.titlify('breakpoint')) print('[' + utils.white_bold(str(self.breakpoint_count)) + ']' + ' hit ' + utils.red_bold('breakpoint') + ' at: ' + utils.green_bold(hex(address))) self._print_context(uc, address) elif address == self.last_bp: self.last_bp = 0 self.has_soft_bp = hit_soft_bp if self.current_address + size == self.exit_point: should_print_instruction = False self._print_context(uc, address) print( utils.white_bold("emulation") + " finished with " + utils.green_bold("success")) if should_print_instruction: self.asm_module.internal_disassemble( uc.mem_read(address, size), address) except KeyboardInterrupt as ex: # If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets? print(utils.titlify('paused')) self._print_context(uc, address) uc.emu_stop()
def start(self): """ main start function, here we handle the command get loop and unicorn istance creation :return: """ if not self.emu_instance: self.initialize() utils.clear_terminal() print(utils.get_banner()) print('\n\n\t' + utils.white_bold('Contribute ') + 'https://github.com/iGio90/uDdbg\n') print('\t' + 'Type ' + utils.white_bold_underline('help') + ' to begin.\n') main_apix = colored(MENU_APPENDIX + " ", 'red', attrs=['bold', 'dark']) print() while True: print(main_apix, end='', flush=True) text = prompt('', history=self.history, auto_suggest=AutoSuggestFromHistory()) # only grant the use of empty command to replicate the last command while in cli. No executors if len(text) == 0 and self.last_command is not None: self.functions_instance.parse_command(self.last_command) continue self.last_command = text # send command to the parser self.functions_instance.parse_command(text)
def internal_disassemble(self, buf, off, current_off=0): cs = self.core_instance.get_cs_instance() for i in cs.disasm(bytes(buf), off): if i.address == current_off: a = utils.red_bold(hex(i.address)) else: a = utils.green_bold(hex(i.address)) print(a + "\t%s\t%s" % ((utils.white_bold(str(i.mnemonic).upper()), str(i.op_str).upper().replace('X', 'x'))))
def resume_emulation(self, address=None, skip_bp=0): # 从这个地方开始? if address is not None: self.current_address = address # 跳过bp self.skip_bp_count = skip_bp # 退出点 if self.exit_point is not None: print( utils.white_bold("emulation") + " started at " + utils.green_bold(hex(self.current_address))) if len(self.entry_context) == 0: # store the initial memory context for the restart # 重新启动, 入口上下文 self.entry_context = {'memory': {}, 'regs': {}} # 映射表 map_list = self.get_module('mappings_module').get_mappings() for map in map_list: map_address = int(map[1], 16) map_len = map[2] # 读取内存 self.entry_context['memory'][map_address] = bytes( self.emu_instance.mem_read(map_address, map_len)) # registers # 寄存器 const = utils.get_arch_consts(self.arch) regs = [ k for k, v in const.__dict__.items() if not k.startswith("__") and "_REG_" in k and not "INVALID" in k ] for r in regs: try: # 读取寄存器 self.entry_context['regs'][ r] = self.emu_instance.reg_read(getattr(const, r)) except Exception as ex: pass # print("Ignoring reg: {} ({})".format(r, ex)) -> Ignored UC_X86_REG_MSR # 开始地址 start_addr = self.current_address if self.is_thumb: start_addr = start_addr | 1 # 开始执行 self.emu_instance.emu_start(start_addr, self.exit_point) else: print( 'please use \'set exit_point *offset\' to define an exit point' )
def _print_context(self, uc, pc): self.register_module.registers('mem_invalid') print(utils.titlify('disasm')) self.asm_module.internal_disassemble(uc.mem_read(pc - 0x16, 0x32), pc - 0x16, pc) if self.mem_access_result is not None: val = utils.red_bold("\t0x%x" % self.mem_access_result[1]) ad = utils.green_bold("\t> 0x%x" % self.mem_access_result[0]) print(utils.titlify("memory access")) print(utils.white_bold("WRITE") + val + ad) self.hook_mem_access = None self.mem_access_result = None
def start(self): # 开始函数: 命令获取和unicorn实例创建 """ main start function, here we handle the command get loop and unicorn istance creation :return: """ # 创建实例 if not self.emu_instance: self.initialize() # 清空屏幕 utils.clear_terminal() print(utils.get_banner()) print('\n\n\t' + utils.white_bold('Contribute ') + 'https://github.com/iGio90/uDdbg\n') print('\t' + 'Type ' + utils.white_bold_underline('help') + ' to begin.\n') print() while True: # prompt方法 text = prompt(FormattedText([('ansired bold', MENU_APPENDIX + ' ') ]), history=self.history, auto_suggest=AutoSuggestFromHistory()) # only grant the use of empty command to replicate the last command while in cli. No executors if len(text) == 0 and self.last_command is not None: # 解析命令 self.functions_instance.parse_command(self.last_command) continue self.last_command = text # send command to the parser # 解析命令 self.functions_instance.parse_command(text)
def dbg_hook_code(self, uc, address, size, user_data): """ Unicorn instructions hook """ try: # 设置当前地址 self.current_address = address # 命中软断点 hit_soft_bp = False # 打印指令? should_print_instruction = self.trace_instructions > 0 # 如果软断点 if self.soft_bp: # 内存访问hook self.hook_mem_access = True # 软断点 self.soft_bp = False # 命中软断点置位 hit_soft_bp = True # 地址不是上一个断点 and (地址在断点列表中 or 有软断点) if address != self.last_bp and \ (address in self.core_module.get_breakpoints_list() or self.has_soft_bp): # 略过断点 if self.skip_bp_count > 0: self.skip_bp_count -= 1 else: # 断点数加一 self.breakpoint_count += 1 # 应该打印指令 should_print_instruction = False # 模拟停止 uc.emu_stop() # 上一个断点 self.last_bp = address # 打印一些东西 print(utils.titlify('breakpoint')) print('[' + utils.white_bold(str(self.breakpoint_count)) + ']' + ' hit ' + utils.red_bold('breakpoint') + ' at: ' + utils.green_bold(hex(address))) self._print_context(uc, address) # 地址是上一个断点 elif address == self.last_bp: self.last_bp = 0 # 有软断点 self.has_soft_bp = hit_soft_bp if self.current_address + size == self.exit_point: # 到达退出点 should_print_instruction = False self._print_context(uc, address) print( utils.white_bold("emulation") + " finished with " + utils.green_bold("success")) if should_print_instruction: # 反汇编 self.asm_module.internal_disassemble( uc.mem_read(address, size), address) except KeyboardInterrupt as ex: # If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets? print(utils.titlify('paused')) self._print_context(uc, address) uc.emu_stop()