def main():
parser = Sandbox_Linux_x86_32.parser(description="Sandbox")
parser.add_argument('filename',help="filename")
args = parser.parse_args()
sb = Sandbox_Linux_x86_32(args.filename,args,globals())
sb.jitter.jit.log_mn=True
sb.jitter.vm.add_memory_page(0x140004,PAGE_READ|PAGE_WRITE,struct.pack("<L",0x41414141))
sb.jitter.vm.add_memory_page(0x41414145,PAGE_READ|PAGE_WRITE,struct.pack("<L",1234))
sb.jitter.add_breakpoint(0x8048334,ptrace_bp)
sb.jitter.add_breakpoint(0x8048354,atoi_bp)
sb.jitter.add_breakpoint(0x80484fe,stop_bp)
sb.run(0x8048438)
pass
def main():
global dse
"""Example of a heavy patchwork rework to force the key out of the program
python s.py qcrk5
"""
parser = Sandbox_Linux_x86_32.parser(description="Sandbox")
parser.add_argument('filename',help="filename")
args = parser.parse_args()
sb = Sandbox_Linux_x86_32(args.filename,args,globals())
sb.jitter.jit.log_mn=True
sb.jitter.add_breakpoint(0x804ea50,ptrace_bp)
sb.jitter.add_breakpoint(0x8048be0,toint_bp)
sb.jitter.add_breakpoint(0x8049530,printf_bp)
sb.jitter.add_breakpoint(0x80482d1,jumpover_bp)
sb.jitter.add_breakpoint(0x8048314,finish_bp)
sb.jitter.vm.add_memory_page(0x140000,PAGE_READ|PAGE_WRITE,struct.pack("<L",2))
sb.jitter.vm.add_memory_page(0x140004,PAGE_READ|PAGE_WRITE,struct.pack("<L",0x41414141))
sb.jitter.vm.add_memory_page(0x41414145,PAGE_READ,struct.pack("<L",1234))
sb.run(addr=0x8048208)
pass
writes the string s and a trailing newline to stdout.
'''
ret_addr, args = jitter.func_args_systemv(['target'])
output = jitter.get_str_ansi(args.target)
# Check with expected result
line = expected.next()
if output != line.rstrip():
print "Expected:", line
print "Obtained:", output
raise RuntimeError("Bad semantic")
return jitter.func_ret_systemv(ret_addr, 1)
# Parse arguments
parser = Sandbox_Linux_x86_32.parser(description="ELF sandboxer")
parser.add_argument("filename", help="ELF Filename")
parser.add_argument("funcname", help="Targeted function's name")
parser.add_argument("expected", help="Expected output")
options = parser.parse_args()
# Expected output
expected = open(options.expected)
# Create sandbox
sb = Sandbox_Linux_x86_32(options.filename, options, globals())
try:
addr = sb.elf.getsectionbyname(".symtab").symbols[options.funcname].value
except AttributeError:
raise RuntimeError("The target binary must have a symtab section")
from miasm2.analysis.sandbox import Sandbox_Linux_x86_32
from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE
parser = Sandbox_Linux_x86_32.parser(description="ELF sandboxer")
emu_addr = 0x10000000
def call_test_strcmp(sb):
fva = sb.elf.getsectionbyname('.symtab')['test1'].value
sb.jitter.set_str_ansi(emu_addr, 'asd')
sb.jitter.push_uint32_t(emu_addr)
sb.jitter.push_uint32_t(0x1337beef)
sb.run(fva)
assert sb.jitter.cpu.EAX == 0
sb.jitter.set_str_ansi(emu_addr, 'foo')
sb.jitter.push_uint32_t(emu_addr)
sb.jitter.push_uint32_t(0x1337beef)
sb.run(fva)
assert sb.jitter.cpu.EAX != 0
def call_test_sha256(sb):
fva = sb.elf.getsectionbyname('.symtab')['test2'].value
result_va = sb.elf.getsectionbyname('.symtab')['result'].value
sb.jitter.set_str_ansi(emu_addr, 'abc')
sb.jitter.push_uint32_t(emu_addr)
sb.jitter.push_uint32_t(0x1337beef)
sb.run(fva)