def __init__(self, vfs_root="vfs", vfp_inst_set=False):
# Unicorn.
self.mu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
self.__vfs_root = vfs_root
if vfp_inst_set:
self._enable_vfp()
#
#注意,原有缺陷,libc_preinit init array中访问R1参数是从内核传过来的
#而这里直接将0映射空间,,强行运行过去,因为R1刚好为0,否则会报memory unmap异常
#FIXME:MRC指令总是返回0,TLS模擬
#TODO 初始化libc时候R1参数模拟内核传过去的KernelArgumentBlock
self.mu.mem_map(0x0, 0x00001000, UC_PROT_READ | UC_PROT_WRITE)
# Android
self.system_properties = {
"libc.debug.malloc.options": "",
"ro.build.version.sdk": "19",
"persist.sys.dalvik.vm.lib": "libdvm.so",
"ro.product.cpu.abi": "armeabi-v7a"
}
self.memory = MemoryMap(self.mu, config.MAP_ALLOC_BASE,
config.MAP_ALLOC_BASE + config.MAP_ALLOC_SIZE)
# Stack.
addr = self.memory.map(config.STACK_ADDR, config.STACK_SIZE,
UC_PROT_READ | UC_PROT_WRITE)
self.mu.reg_write(UC_ARM_REG_SP, config.STACK_ADDR + config.STACK_SIZE)
sp = self.mu.reg_read(UC_ARM_REG_SP)
print("stack addr %x" % sp)
# CPU
self.interrupt_handler = InterruptHandler(self.mu)
self.syscall_handler = SyscallHandlers(self.interrupt_handler)
self.syscall_hooks = SyscallHooks(self.mu, self.syscall_handler)
# File System
self.vfs = VirtualFileSystem(vfs_root, self.syscall_handler,
self.memory)
# Hooker
self.memory.map(config.HOOK_MEMORY_BASE, config.HOOK_MEMORY_SIZE,
UC_PROT_READ | UC_PROT_WRITE | UC_PROT_EXEC)
self.hooker = Hooker(self, config.HOOK_MEMORY_BASE,
config.HOOK_MEMORY_SIZE)
# JavaVM
self.java_classloader = JavaClassLoader()
self.java_vm = JavaVM(self, self.java_classloader, self.hooker)
# Executable data.
self.modules = Modules(self, self.__vfs_root)
# Native
self.native_memory = NativeMemory(self.mu, self.memory,
self.syscall_handler, self.vfs)
self.native_hooks = NativeHooks(self, self.native_memory, self.modules,
self.hooker, self.__vfs_root)
self.__add_classes()
def __init__(self, vfs_root=None, vfp_inst_set=False):
# Unicorn.
self.mu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
# Intergrated Debugger.
self.dbg = udbg.UnicornDebugger(self.mu)
self.mu.emu = self
if vfp_inst_set:
self._enable_vfp()
# Android
self.system_properties = {
"libc.debug.malloc.options": "",
"ro.build.version.sdk": "24",
"ro.product.cpu.abi": "armeabi-v7a",
"init.svc.vbox86-setup": "",
"init.svc.droid4x": ""
}
# Stack.
self.mu.mem_map(config.STACK_ADDR, config.STACK_SIZE)
self.mu.reg_write(UC_ARM_REG_SP, config.STACK_ADDR + config.STACK_SIZE)
# Executable data.
self.modules = Modules(self)
self.memory = Memory(self)
# CPU
self.interrupt_handler = InterruptHandler(self.mu)
self.syscall_handler = SyscallHandlers(self.interrupt_handler)
self.syscall_hooks = SyscallHooks(self.mu, self.syscall_handler)
# Hooker
self.mu.mem_map(config.HOOK_MEMORY_BASE, config.HOOK_MEMORY_SIZE)
self.hooker = Hooker(self, config.HOOK_MEMORY_BASE,
config.HOOK_MEMORY_SIZE)
# File System
if vfs_root is not None:
self.vfs = VirtualFileSystem(vfs_root, self, self.syscall_handler)
else:
self.vfs = None
# JavaVM
self.java_classloader = JavaClassLoader()
self.java_vm = JavaVM(self, self.java_classloader, self.hooker)
# add system classes
self.java_classloader.add_class(String.java_lang_String)
# Native
self.native_memory = NativeMemory(self.mu, config.HEAP_BASE,
config.HEAP_SIZE,
self.syscall_handler, self.vfs)
self.native_hooks = NativeHooks(self, self.native_memory, self.modules,
self.hooker)
def __init__(self, vfs_root: str = None, vfp_inst_set: bool = False):
# Unicorn.
self.mu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
if vfp_inst_set:
self._enable_vfp()
# Android
self.system_properties = {"libc.debug.malloc.options": ""}
# Stack.
self.mu.mem_map(STACK_ADDR, STACK_SIZE)
self.mu.reg_write(UC_ARM_REG_SP, STACK_ADDR + STACK_SIZE)
# Executable data.
self.modules = Modules(self)
self.memory_manager = MemoryManager(self.mu)
# CPU
self.interrupt_handler = InterruptHandler(self.mu)
self.syscall_handler = SyscallHandlers(self.interrupt_handler)
self.syscall_hooks = SyscallHooks(self.mu, self.syscall_handler,
self.modules)
self.syscall_hooks_memory = SyscallHooksMemory(self.mu,
self.memory_manager,
self.syscall_handler)
# File System
if vfs_root is not None:
self.vfs = VirtualFileSystem(vfs_root, self.syscall_handler)
else:
self.vfs = None
# Hooker
self.mu.mem_map(HOOK_MEMORY_BASE, HOOK_MEMORY_SIZE)
self.hooker = Hooker(self, HOOK_MEMORY_BASE, HOOK_MEMORY_SIZE)
# JavaVM
self.java_classloader = JavaClassLoader()
self.java_vm = JavaVM(self, self.java_classloader, self.hooker)
# Native
self.native_hooks = NativeHooks(self, self.memory_manager,
self.modules, self.hooker)
# Tracer
self.tracer = Tracer(self.mu, self.modules)
# Thread.
self._setup_thread_register()
def __init__(self, vfs_root=None, vfp_inst_set=False):
# Unicorn.
self.mu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
if vfp_inst_set:
self._enable_vfp()
# Android
self.system_properties = {}
# Stack.
self.mu.mem_map(config.STACK_ADDR, config.STACK_SIZE)
self.mu.reg_write(UC_ARM_REG_SP, config.STACK_ADDR + config.STACK_SIZE)
# Executable data.
self.modules = Modules(self)
self.memory = Memory(self)
# CPU
self.interrupt_handler = InterruptHandler(self.mu)
self.syscall_handler = SyscallHandlers(self.interrupt_handler)
self.syscall_hooks = SyscallHooks(self.mu, self.syscall_handler)
# File System
if vfs_root is not None:
self.vfs = VirtualFileSystem(vfs_root, self.syscall_handler)
else:
self.vfs = None
# Hooker
self.mu.mem_map(config.HOOK_MEMORY_BASE, config.HOOK_MEMORY_SIZE)
self.hooker = Hooker(self, config.HOOK_MEMORY_BASE,
config.HOOK_MEMORY_SIZE)
# JavaVM
self.java_classloader = JavaClassLoader()
self.java_vm = JavaVM(self, self.java_classloader, self.hooker)
# Native
self.native_memory = NativeMemory(self.mu, config.HEAP_BASE,
config.HEAP_SIZE,
self.syscall_handler)
self.native_hooks = NativeHooks(self, self.native_memory, self.modules,
self.hooker)
# Tracer
self.tracer = Tracer(self.mu, self.modules)