Esempio n. 1
0
 def __init__(self, raw, address):
     self.cont = Container.fallback_container(raw + b'\xC3',
                                              vm=None,
                                              addr=address)
     self.address = address
     self.machine = Machine('x86_64')
     self.mdis = self.machine.dis_engine(self.cont.bin_stream,
                                         loc_db=self.cont.loc_db)
     self.asmcfg = self.mdis.dis_multiblock(self.address)
     self.head = self.asmcfg.getby_offset(self.address).loc_key
     self.orignal_ira = self.machine.ira(self.mdis.loc_db)
     self.orginal_ircfg = self.orignal_ira.new_ircfg_from_asmcfg(
         self.asmcfg)
     self.common_simplifier = IRCFGSimplifierCommon(self.orignal_ira)
     self.common_simplifier.simplify(self.orginal_ircfg, self.head)
     self.custom_ira1 = IRADelModCallStack(self.mdis.loc_db)
     self.custom_ira2 = IRAOutRegs(self.mdis.loc_db)
     self.ircfg = self.custom_ira1.new_ircfg_from_asmcfg(self.asmcfg)
     self.simplify()
Esempio n. 2
0
parser.add_argument('-j',
                    "--calldontmodstack",
                    action="store_true",
                    help="Consider stack high is not modified in subcalls")

args = parser.parse_args()

if args.verbose:
    log_asmblock.setLevel(logging.DEBUG)

loc_db = LocationDB()
log.info('Load binary')
if args.rawbinary:
    cont = Container.fallback_container(
        open(args.filename, "rb").read(),
        vm=None,
        addr=args.base_address,
        loc_db=loc_db,
    )
else:
    with open(args.filename, "rb") as fdesc:
        cont = Container.from_stream(
            fdesc,
            addr=args.base_address,
            loc_db=loc_db,
        )

default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
Esempio n. 3
0
};

struct ll_human {
        struct ll_human* next;
        struct human human;
};
"""

base_types = CTypeAMD64_unk()
types_ast = CAstTypes()
types_ast.add_c_decl(text)

types_mngr = CTypesManagerNotPacked(types_ast, base_types)

# Analyze binary
cont = Container.fallback_container(data, None, addr=0)

machine = Machine("x86_64")
dis_engine, ira = machine.dis_engine, machine.ira

mdis = dis_engine(cont.bin_stream, loc_db=cont.loc_db)
addr_head = 0
asmcfg = mdis.dis_multiblock(addr_head)
lbl_head = mdis.loc_db.get_offset_location(addr_head)

ir_arch_a = ira(mdis.loc_db)
ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg)

open('graph_irflow.dot', 'w').write(ircfg.dot())

# Main function's first argument's type is "struct ll_human*"
Esempio n. 4
0
};

struct ll_human {
        struct ll_human* next;
        struct human human;
};
"""

base_types = CTypeAMD64_unk()
types_ast = CAstTypes()
types_ast.add_c_decl(text)

types_mngr = CTypesManagerNotPacked(types_ast, base_types)

# Analyze binary
cont = Container.fallback_container(data, None, addr=0)

machine = Machine("x86_64")
dis_engine, ira = machine.dis_engine, machine.ira

mdis = dis_engine(cont.bin_stream, loc_db=loc_db)
addr_head = 0
asmcfg = mdis.dis_multiblock(addr_head)
lbl_head = loc_db.get_offset_location(addr_head)

ir_arch_a = ira(loc_db)
ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg)

open('graph_irflow.dot', 'w').write(ircfg.dot())

# Main function's first argument's type is "struct ll_human*"
Esempio n. 5
0
                    "Use only with --propagexpr option. "
                    "WARNING: not reliable, may fail.")
parser.add_argument('-e', "--loadint", action="store_true",
                    help="Load integers from binary in fixed memory lookup.")
parser.add_argument('-j', "--calldontmodstack", action="store_true",
                    help="Consider stack high is not modified in subcalls")


args = parser.parse_args()

if args.verbose:
    log_asmblock.setLevel(logging.DEBUG)

log.info('Load binary')
if args.rawbinary:
    cont = Container.fallback_container(open(args.filename, "rb").read(),
                                        vm=None, addr=args.base_address)
else:
    with open(args.filename, "rb") as fdesc:
        cont = Container.from_stream(fdesc, addr=args.base_address)

default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')

log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
    print("Architecture recognition fail. Please specify it in arguments")
    exit(-1)