Exemple #1
0
    def emul(self, ctx=None, step=False):
        """Symbolic execution of relevant nodes according to the history
        Return the values of inputs nodes' elements
        @ctx: (optional) Initial context as dictionnary
        @step: (optional) Verbose execution
        Warning: The emulation is not sound if the inputs nodes depend on loop
        variant.
        """
        # Init
        ctx_init = self._ira.arch.regs.regs_init
        if ctx is not None:
            ctx_init.update(ctx)
        assignblks = []

        # Build a single affectation block according to history
        last_index = len(self.relevant_loc_keys)
        for index, loc_key in enumerate(reversed(self.relevant_loc_keys), 1):
            if index == last_index and loc_key == self.initial_state.loc_key:
                line_nb = self.initial_state.line_nb
            else:
                line_nb = None
            assignblks += self.irblock_slice(self._ira.blocks[loc_key],
                                             line_nb).assignblks

        # Eval the block
        loc_db = LocationDB()
        temp_loc = loc_db.get_or_create_name_location("Temp")
        symb_exec = SymbolicExecutionEngine(self._ira, ctx_init)
        symb_exec.eval_updt_irblock(IRBlock(temp_loc, assignblks), step=step)

        # Return only inputs values (others could be wrongs)
        return {element: symb_exec.symbols[element] for element in self.inputs}
Exemple #2
0
    def emul(self, ir_arch, ctx=None, step=False):
        """Symbolic execution of relevant nodes according to the history
        Return the values of inputs nodes' elements
        @ir_arch: IntermediateRepresentation instance
        @ctx: (optional) Initial context as dictionnary
        @step: (optional) Verbose execution
        Warning: The emulation is not sound if the inputs nodes depend on loop
        variant.
        """
        # Init
        ctx_init = {}
        if ctx is not None:
            ctx_init.update(ctx)
        assignblks = []

        # Build a single affectation block according to history
        last_index = len(self.relevant_loc_keys)
        for index, loc_key in enumerate(reversed(self.relevant_loc_keys), 1):
            if index == last_index and loc_key == self.initial_state.loc_key:
                line_nb = self.initial_state.line_nb
            else:
                line_nb = None
            assignblks += self.irblock_slice(self._ircfg.blocks[loc_key],
                                             line_nb).assignblks

        # Eval the block
        loc_db = LocationDB()
        temp_loc = loc_db.get_or_create_name_location("Temp")
        symb_exec = SymbolicExecutionEngine(ir_arch, ctx_init)
        symb_exec.eval_updt_irblock(IRBlock(temp_loc, assignblks), step=step)

        # Return only inputs values (others could be wrongs)
        return {element: symb_exec.symbols[element]
                for element in self.inputs}
Exemple #3
0
    loc_db.remove_location_name(loc_key5, name1)
    has_raised = False
except KeyError:
    has_raised = True
try:
    loc_db.add_location_name(loc_key1, name2)
    has_raised = False
except KeyError:
    has_raised = True
try:
    loc_db.add_location(name=name2)
    has_raised = False
except ValueError:
    has_raised = True
assert loc_db.add_location(name=name2, strict=False) == loc_key5
assert loc_db.get_or_create_name_location(name2) == loc_key5
loc_key5_bis = loc_db.get_or_create_name_location(name3)
assert loc_db.get_name_location(name3) == loc_key5_bis
loc_db.consistency_check()

# Name and offset manipulation
assert loc_db.get_name_offset(name2) is None
assert loc_db.get_name_offset("unk_name") is None
assert loc_db.get_name_offset("first_name") == 0x5678

# Merge
loc_db2 = LocationDB()
loc_db2.add_location(offset=0x3344)
loc_db2.add_location(name=name2)
loc_db.merge(loc_db2)
assert 0x3344 in loc_db.offsets
Exemple #4
0
    loc_db.remove_location_name(loc_key5, name1)
    has_raised = False
except KeyError:
    has_raised = True
try:
    loc_db.add_location_name(loc_key1, name2)
    has_raised = False
except KeyError:
    has_raised = True
try:
    loc_db.add_location(name=name2)
    has_raised = False
except ValueError:
    has_raised = True
assert loc_db.add_location(name=name2, strict=False) == loc_key5
assert loc_db.get_or_create_name_location(name2) == loc_key5
loc_key5_bis = loc_db.get_or_create_name_location(name3)
assert loc_db.get_name_location(name3) == loc_key5_bis
loc_db.consistency_check()

# Merge
loc_db2 = LocationDB()
loc_db2.add_location(offset=0x3344)
loc_db2.add_location(name=name2)
loc_db.merge(loc_db2)
assert 0x3344 in loc_db.offsets
assert name2 in loc_db.names
loc_db.consistency_check()
assert loc_db.get_name_location(name2) == loc_key5

# Delete
Exemple #5
0

# Get and parse the source code
with open(args.source) as fstream:
    source = fstream.read()


loc_db = LocationDB()

asmcfg, loc_db = parse_asm.parse_txt(machine.mn, attrib, source, loc_db)

# Fix shellcode addrs
loc_db.set_location_offset(loc_db.get_name_location("main"), addr_main)

if args.PE:
    loc_db.set_location_offset(loc_db.get_or_create_name_location("MessageBoxA"),
                               pe.DirImport.get_funcvirt('USER32.dll',
                                                         'MessageBoxA'))

# Print and graph firsts blocks before patching it
for block in asmcfg.blocks:
    print block
open("graph.dot", "w").write(asmcfg.dot())

# Apply patches
patches = asmblock.asm_resolve_final(machine.mn,
                                    asmcfg,
                                    loc_db,
                                    dst_interval)
if args.encrypt:
    # Encrypt code