def dbg_hook_code(self, uc, address, size, user_data):
"""
Unicorn instructions hook
"""
try:
self.current_address = address
hit_soft_bp = False
should_print_instruction = self.trace_instructions > 0
if self.soft_bp:
self.hook_mem_access = True
self.soft_bp = False
hit_soft_bp = True
if address != self.last_bp and \
(address in self.core_module.get_breakpoints_list() or
self.has_soft_bp):
if self.skip_bp_count > 0:
self.skip_bp_count -= 1
else:
self.breakpoint_count += 1
should_print_instruction = False
uc.emu_stop()
self.last_bp = address
print(utils.titlify('breakpoint'))
print('[' + utils.white_bold(str(self.breakpoint_count)) +
']' + ' hit ' + utils.red_bold('breakpoint') +
' at: ' + utils.green_bold(hex(address)))
self._print_context(uc, address)
elif address == self.last_bp:
self.last_bp = 0
self.has_soft_bp = hit_soft_bp
if self.current_address + size == self.exit_point:
should_print_instruction = False
self._print_context(uc, address)
print(
utils.white_bold("emulation") + " finished with " +
utils.green_bold("success"))
if should_print_instruction:
self.asm_module.internal_disassemble(
uc.mem_read(address, size), address)
except KeyboardInterrupt as ex:
# If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
print(utils.titlify('paused'))
self._print_context(uc, address)
uc.emu_stop()
def start(self):
"""
main start function, here we handle the command get loop and unicorn istance creation
:return:
"""
if not self.emu_instance:
self.initialize()
utils.clear_terminal()
print(utils.get_banner())
print('\n\n\t' + utils.white_bold('Contribute ') + 'https://github.com/iGio90/uDdbg\n')
print('\t' + 'Type ' + utils.white_bold_underline('help') + ' to begin.\n')
main_apix = colored(MENU_APPENDIX + " ", 'red', attrs=['bold', 'dark'])
print()
while True:
print(main_apix, end='', flush=True)
text = prompt('', history=self.history, auto_suggest=AutoSuggestFromHistory())
# only grant the use of empty command to replicate the last command while in cli. No executors
if len(text) == 0 and self.last_command is not None:
self.functions_instance.parse_command(self.last_command)
continue
self.last_command = text
# send command to the parser
self.functions_instance.parse_command(text)
def internal_disassemble(self, buf, off, current_off=0):
cs = self.core_instance.get_cs_instance()
for i in cs.disasm(bytes(buf), off):
if i.address == current_off:
a = utils.red_bold(hex(i.address))
else:
a = utils.green_bold(hex(i.address))
print(a + "\t%s\t%s" % ((utils.white_bold(str(i.mnemonic).upper()),
str(i.op_str).upper().replace('X', 'x'))))
def resume_emulation(self, address=None, skip_bp=0):
# 从这个地方开始?
if address is not None:
self.current_address = address
# 跳过bp
self.skip_bp_count = skip_bp
# 退出点
if self.exit_point is not None:
print(
utils.white_bold("emulation") + " started at " +
utils.green_bold(hex(self.current_address)))
if len(self.entry_context) == 0:
# store the initial memory context for the restart
# 重新启动, 入口上下文
self.entry_context = {'memory': {}, 'regs': {}}
# 映射表
map_list = self.get_module('mappings_module').get_mappings()
for map in map_list:
map_address = int(map[1], 16)
map_len = map[2]
# 读取内存
self.entry_context['memory'][map_address] = bytes(
self.emu_instance.mem_read(map_address, map_len))
# registers
# 寄存器
const = utils.get_arch_consts(self.arch)
regs = [
k for k, v in const.__dict__.items()
if not k.startswith("__") and "_REG_" in k
and not "INVALID" in k
]
for r in regs:
try:
# 读取寄存器
self.entry_context['regs'][
r] = self.emu_instance.reg_read(getattr(const, r))
except Exception as ex:
pass
# print("Ignoring reg: {} ({})".format(r, ex)) -> Ignored UC_X86_REG_MSR
# 开始地址
start_addr = self.current_address
if self.is_thumb:
start_addr = start_addr | 1
# 开始执行
self.emu_instance.emu_start(start_addr, self.exit_point)
else:
print(
'please use \'set exit_point *offset\' to define an exit point'
)
def _print_context(self, uc, pc):
self.register_module.registers('mem_invalid')
print(utils.titlify('disasm'))
self.asm_module.internal_disassemble(uc.mem_read(pc - 0x16, 0x32), pc - 0x16, pc)
if self.mem_access_result is not None:
val = utils.red_bold("\t0x%x" % self.mem_access_result[1])
ad = utils.green_bold("\t> 0x%x" % self.mem_access_result[0])
print(utils.titlify("memory access"))
print(utils.white_bold("WRITE") + val + ad)
self.hook_mem_access = None
self.mem_access_result = None
def start(self):
# 开始函数: 命令获取和unicorn实例创建
"""
main start function, here we handle the command get loop and unicorn istance creation
:return:
"""
# 创建实例
if not self.emu_instance:
self.initialize()
# 清空屏幕
utils.clear_terminal()
print(utils.get_banner())
print('\n\n\t' + utils.white_bold('Contribute ') +
'https://github.com/iGio90/uDdbg\n')
print('\t' + 'Type ' + utils.white_bold_underline('help') +
' to begin.\n')
print()
while True:
# prompt方法
text = prompt(FormattedText([('ansired bold', MENU_APPENDIX + ' ')
]),
history=self.history,
auto_suggest=AutoSuggestFromHistory())
# only grant the use of empty command to replicate the last command while in cli. No executors
if len(text) == 0 and self.last_command is not None:
# 解析命令
self.functions_instance.parse_command(self.last_command)
continue
self.last_command = text
# send command to the parser
# 解析命令
self.functions_instance.parse_command(text)
def dbg_hook_code(self, uc, address, size, user_data):
"""
Unicorn instructions hook
"""
try:
# 设置当前地址
self.current_address = address
# 命中软断点
hit_soft_bp = False
# 打印指令?
should_print_instruction = self.trace_instructions > 0
# 如果软断点
if self.soft_bp:
# 内存访问hook
self.hook_mem_access = True
# 软断点
self.soft_bp = False
# 命中软断点置位
hit_soft_bp = True
# 地址不是上一个断点 and (地址在断点列表中 or 有软断点)
if address != self.last_bp and \
(address in self.core_module.get_breakpoints_list() or
self.has_soft_bp):
# 略过断点
if self.skip_bp_count > 0:
self.skip_bp_count -= 1
else:
# 断点数加一
self.breakpoint_count += 1
# 应该打印指令
should_print_instruction = False
# 模拟停止
uc.emu_stop()
# 上一个断点
self.last_bp = address
# 打印一些东西
print(utils.titlify('breakpoint'))
print('[' + utils.white_bold(str(self.breakpoint_count)) +
']' + ' hit ' + utils.red_bold('breakpoint') +
' at: ' + utils.green_bold(hex(address)))
self._print_context(uc, address)
# 地址是上一个断点
elif address == self.last_bp:
self.last_bp = 0
# 有软断点
self.has_soft_bp = hit_soft_bp
if self.current_address + size == self.exit_point:
# 到达退出点
should_print_instruction = False
self._print_context(uc, address)
print(
utils.white_bold("emulation") + " finished with " +
utils.green_bold("success"))
if should_print_instruction:
# 反汇编
self.asm_module.internal_disassemble(
uc.mem_read(address, size), address)
except KeyboardInterrupt as ex:
# If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
print(utils.titlify('paused'))
self._print_context(uc, address)
uc.emu_stop()
