def on_syscall(jitter): nextip = unpack("<Q", jitter.vm.get_mem(ADDR_SYSCALL_NEXTIP, 8))[0] if nextip != 0: # ログ出力 if jitter.cpu.RAX == 1: print "sys_write(%d, buf, %d)" % (jitter.cpu.RDI, jitter.cpu.RDX) buf = jitter.vm.get_mem(jitter.cpu.RSI, jitter.cpu.RDX) print "buf = " utils.hexdump(buf) else: print "Unknown system call" # 戻り値の設定 jitter.cpu.RAX = jitter.cpu.RDX # 例外コードのクリア jitter.cpu.set_exception(0) # フラグのクリア jitter.vm.set_mem(ADDR_SYSCALL_NEXTIP, "\x00" * 8) jitter.pc = nextip return True
def get_mem(self, addr, size=0xF): "hexdump @addr, size" hexdump(self.myjit.vm.get_mem(addr, size))
"""This example illustrate the Sandbox.call API, for direct call of a given function""" from miasm2.analysis.sandbox import Sandbox_Linux_arml from miasm2.analysis.binary import Container from miasm2.os_dep.linux_stdlib import linobjs from miasm2.core.utils import hexdump # Parse arguments parser = Sandbox_Linux_arml.parser(description="ELF sandboxer") parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() sb = Sandbox_Linux_arml(options.filename, options, globals()) with open(options.filename, "rb") as fdesc: cont = Container.from_stream(fdesc) loc_key = cont.loc_db.get_name_location("md5_starts") addr_to_call = cont.loc_db.get_location_offset(loc_key) # Calling md5_starts(malloc(0x64)) addr = linobjs.heap.alloc(sb.jitter, 0x64) sb.call(addr_to_call, addr) hexdump(sb.jitter.vm.get_mem(addr, 0x64))