def init(binary):
BinaryAnalysis.clear()
BinaryAnalysis.path = binary
BinaryAnalysis.rawData = list(open(binary, 'rb').read())
BinaryAnalysis.container = Container.from_stream(open(binary, 'rb'))
BinaryAnalysis.locDB = BinaryAnalysis.container.loc_db
BinaryAnalysis.machine = Machine(BinaryAnalysis.container.arch)
BinaryAnalysis.iraType = BinaryAnalysis.machine.ira
if isinstance(BinaryAnalysis.container, ContainerPE):
BinaryAnalysis.binaryInfo = PEInfo(binary)
elif isinstance(BinaryAnalysis.container, ContainerELF):
BinaryAnalysis.binaryInfo = ELFInfo(binary)
if BinaryAnalysis.binaryInfo.type == 'PE':
if BinaryAnalysis.container.arch == 'x86_32':
parser = Sandbox_Win_x86_32.parser(description="PE sandboxer")
options = parser.parse_args()
BinaryAnalysis.sb = Sandbox_Win_x86_32(BinaryAnalysis.path,
options, globals())
elif BinaryAnalysis.container.arch == 'x86_64':
parser = Sandbox_Win_x86_64.parser(description="PE sandboxer")
options = parser.parse_args()
BinaryAnalysis.sb = Sandbox_Win_x86_64(BinaryAnalysis.path,
options, globals())
elif BinaryAnalysis.binaryInfo.type == 'ELF':
if BinaryAnalysis.container.arch == 'x86_32':
parser = Sandbox_Linux_x86_32.parser(
description="PE sandboxer")
options = parser.parse_args()
BinaryAnalysis.sb = Sandbox_Linux_x86_32(
BinaryAnalysis.path, options, globals())
elif BinaryAnalysis.container.arch == 'x86_64':
parser = Sandbox_Linux_x86_64.parser(
description="PE sandboxer")
options = parser.parse_args()
BinaryAnalysis.sb = Sandbox_Linux_x86_64(
BinaryAnalysis.path, options, globals())
BinaryAnalysis.disasmEngine = BinaryAnalysis.machine.dis_engine(
BinaryAnalysis.container.bin_stream,
loc_db=BinaryAnalysis.container.loc_db)
BinaryAnalysis.disasmEngine.dis_block_callback = detect_func_name
BinaryAnalysis.maxSizeData = BinaryAnalysis.disasmEngine.attrib // 8
BinaryAnalysis.strings = BinaryAnalysis.binaryInfo.findStrings()
BinaryAnalysis.radare = r2pipe.open(binary)
BinaryAnalysis.radare.cmd('aaa;')
BinaryAnalysis.detectFunctions()
BinaryAnalysis.disassembly()
for start, end in (BinaryAnalysis.binaryInfo.codeRange -
BinaryAnalysis.doneInterval):
BinaryAnalysis.data.append((start - 1, end))
for start, end in BinaryAnalysis.binaryInfo.dataRange:
BinaryAnalysis.data.append((start, end - 1))
def deal_exception_single_step(jitter):
jitter.pc = win_api_x86_32_seh.fake_seh_handler(
jitter, win_api_x86_32_seh.EXCEPTION_SINGLE_STEP)
return True
def return_from_seh(jitter):
win_api_x86_32_seh.return_from_seh(jitter)
return True
# Insert here user defined methods
# Parse arguments
parser = Sandbox_Win_x86_32.parser(description="PE sandboxer")
parser.add_argument("filename", help="PE Filename")
options = parser.parse_args()
options.usesegm = True
options.use_windows_structs = True
# Create sandbox
sb = Sandbox_Win_x86_32(options.filename, options, globals())
# Install Windows SEH callbacks
sb.jitter.add_exception_handler(EXCEPT_ACCESS_VIOL,
deal_exception_access_violation)
sb.jitter.add_exception_handler(EXCEPT_SOFT_BP, deal_exception_breakpoint)
sb.jitter.add_exception_handler(EXCEPT_DIV_BY_ZERO, deal_exception_div)
sb.jitter.add_exception_handler(1 << 17, deal_exception_privileged_instruction)
sb.jitter.add_exception_handler(EXCEPT_UNK_MNEMO,
from pdb import pm
from miasm.analysis.sandbox import Sandbox_Win_x86_32
# Insert here user defined methods
# Parse arguments
parser = Sandbox_Win_x86_32.parser(description="PE sandboxer")
parser.add_argument("filename", help="PE Filename")
options = parser.parse_args()
# Create sandbox
sb = Sandbox_Win_x86_32(options.filename, options, globals())
# Run
sb.run()
assert(sb.jitter.run is False)
# Handle ordinal imports
fname = (args.fname
if args.fname < 0x10000 else jitter.get_str_ansi(args.fname))
logging.error(fname)
# Get the generated address of the library, and store it in memory to
# dst_ad
ad = sb.libs.lib_get_add_func(args.libbase, fname, dst_ad)
# Add a breakpoint in case of a call on the resolved function
# NOTE: never happens in UPX, just for skeleton
jitter.handle_function(ad)
jitter.func_ret_stdcall(ret_ad, ad)
parser = Sandbox_Win_x86_32.parser(description="Generic UPX unpacker")
parser.add_argument("filename", help="PE Filename")
parser.add_argument('-v',
"--verbose",
help="verbose mode",
action="store_true")
parser.add_argument("--graph",
help="Export the CFG graph in graph.dot",
action="store_true")
options = parser.parse_args()
options.load_hdr = True
sb = Sandbox_Win_x86_32(options.filename,
options,
globals(),
parse_reloc=False)
# Handle ordinal imports
fname = (args.fname if args.fname < 0x10000
else jitter.get_str_ansi(args.fname))
logging.error(fname)
# Get the generated address of the library, and store it in memory to
# dst_ad
ad = sb.libs.lib_get_add_func(args.libbase, fname, dst_ad)
# Add a breakpoint in case of a call on the resolved function
# NOTE: never happens in UPX, just for skeleton
jitter.handle_function(ad)
jitter.func_ret_stdcall(ret_ad, ad)
parser = Sandbox_Win_x86_32.parser(description="Generic UPX unpacker")
parser.add_argument("filename", help="PE Filename")
parser.add_argument('-v', "--verbose",
help="verbose mode", action="store_true")
parser.add_argument("--graph",
help="Export the CFG graph in graph.dot",
action="store_true")
options = parser.parse_args()
options.load_hdr = True
sb = Sandbox_Win_x86_32(options.filename, options, globals(),
parse_reloc=False)
if options.verbose is True:
logging.basicConfig(level=logging.INFO)
from __future__ import print_function
import logging
from miasm.analysis.sandbox import Sandbox_Win_x86_32
from miasm.core.locationdb import LocationDB
from miasm.jitter.csts import PAGE_WRITE, PAGE_READ, EXCEPT_BREAKPOINT_MEMORY
parser = Sandbox_Win_x86_32.parser(
description="Displays accesses to a specified memory space")
parser.add_argument("filename", help="PE Filename")
parser.add_argument("memory_address",
help="Starting address of the memory space")
parser.add_argument("size", help="Size of the address space")
parser.add_argument("--access",
help="Access type",
choices=["r", "w", "rw"],
default="rw")
options = parser.parse_args()
# Create sandbox
loc_db = LocationDB()
sb = Sandbox_Win_x86_32(loc_db, options.filename, options, globals())
# Add a memory breakpoint
address = int(options.memory_address, 0)
size = int(options.size, 0)
access_type = 0
if 'r' in options.access:
access_type |= PAGE_WRITE
if 'w' in options.access:
access_type |= PAGE_READ
sb.jitter.vm.add_memory_breakpoint(address, size, access_type)