def get_relocation(arch, r_type):
if r_type == 0:
return None
try:
return ALL_RELOCATIONS[arch][r_type]
except KeyError:
if (arch, r_type) not in complaint_log:
complaint_log.add((arch, r_type))
warning("Unknown reloc %d on %s" % (r_type, arch))
return None
def load(self, filename):
gc.disable()
dirname = os.path.dirname(filename)
self.path = dirname + "/" if dirname != "" else ""
self.path += "." + os.path.basename(filename) + ".db"
if os.path.exists(self.path):
info("open database %s" % self.path)
fd = open(self.path, "rb")
data = fd.read()
if data.startswith(b"ZLIB"):
data = zlib.decompress(data[4:])
data = msgpack.unpackb(data, encoding="utf-8")
fd.close()
self.__load_meta(data)
self.__load_memory(data)
self.__load_symbols(data)
self.__load_jmptables(data)
self.__load_comments(data)
self.__load_functions(data)
self.__load_history(data)
self.__load_xrefs(data)
self.__load_imports(data)
self.__load_immediates(data)
if self.version <= 1.5:
self.__load_labels(data)
if self.version < VERSION:
die("your version of plasma is too old")
elif self.version != VERSION:
warning(
"the database version is old, some information may be missing"
)
self.loaded = True
gc.enable()
def load(self, filename):
gc.disable()
dirname = os.path.dirname(filename)
self.path = dirname + "/" if dirname != "" else ""
self.path += "." + os.path.basename(filename) + ".db"
if os.path.exists(self.path):
info("open database %s" % self.path)
fd = open(self.path, "rb")
data = fd.read()
if data.startswith(b"ZLIB"):
data = zlib.decompress(data[4:])
data = msgpack.unpackb(data, encoding="utf-8")
fd.close()
self.__load_meta(data)
self.__load_memory(data)
self.__load_symbols(data)
self.__load_jmptables(data)
self.__load_comments(data)
self.__load_functions(data)
self.__load_history(data)
self.__load_xrefs(data)
self.__load_imports(data)
self.__load_immediates(data)
if self.version <= 1.5:
self.__load_labels(data)
if self.version < VERSION:
die("your version of plasma is too old")
elif self.version != VERSION:
warning("the database version is old, some information may be missing")
self.loaded = True
gc.enable()
def load(self, filename):
gc.disable()
self.path = filename
if os.path.exists(self.path):
info("open database %s" % self.path)
fd = open(self.path, "rb")
data = fd.read()
if data.startswith(b"ZLIB"):
data = zlib.decompress(data[4:])
data = msgpack.unpackb(data, encoding="utf-8")
fd.close()
self.__load_meta(data)
if self.version == LAST_COMPATIBLE:
warning("the database version is old, some information may be missing")
elif self.version < LAST_COMPATIBLE:
die("the database is too old")
self.__load_memory(data)
self.__load_symbols(data)
self.__load_jmptables(data)
self.__load_comments(data)
self.__load_functions(data)
self.__load_history(data)
self.__load_xrefs(data)
self.__load_imports(data)
self.__load_immediates(data)
self.__load_inverted_cond(data)
self.loaded = True
gc.enable()
def __init__(self, filename, raw_type, raw_base, raw_big_endian, database):
import capstone as CAPSTONE
arch_lookup = {
"x86": CAPSTONE.CS_ARCH_X86,
"x64": CAPSTONE.CS_ARCH_X86,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_ARCH_MIPS,
"MIPS64": CAPSTONE.CS_ARCH_MIPS,
}
mode_lookup = {
"x86": CAPSTONE.CS_MODE_32,
"x64": CAPSTONE.CS_MODE_64,
"ARM": CAPSTONE.CS_ARCH_ARM,
"MIPS32": CAPSTONE.CS_MODE_MIPS32,
"MIPS64": CAPSTONE.CS_MODE_MIPS64,
}
word_size_lookup = {
"x86": 4,
"x64": 8,
"ARM": 4,
"MIPS32": 4,
"MIPS64": 8,
}
self.capstone_inst = {} # capstone instruction cache
self.db = database
if database.loaded:
self.mem = database.mem
else:
self.mem = Memory()
database.mem = self.mem
self.instanciate_binary(filename, raw_type, raw_base, raw_big_endian)
if self.binary.arch not in ("x86", "x64", "MIPS32", "MIPS64", "ARM"):
raise ExcArch(arch)
self.wordsize = word_size_lookup.get(self.binary.arch, None)
self.binary.wordsize = self.wordsize
self.is_mips = self.binary.arch in ("MIPS32", "MIPS64")
self.is_x86 = self.binary.arch in ("x86", "x64")
self.is_arm = self.binary.arch in ("ARM")
self.is_big_endian = self.binary.is_big_endian()
self.binary.load_section_names()
self.jmptables = database.jmptables
self.user_inline_comments = database.user_inline_comments
self.internal_inline_comments = database.internal_inline_comments
self.user_previous_comments = database.user_previous_comments
self.internal_previous_comments = database.internal_previous_comments
self.functions = database.functions
self.func_id = database.func_id
self.end_functions = database.end_functions
self.xrefs = database.xrefs
self.mem.xrefs = database.xrefs
self.mem.data_sub_xrefs = database.data_sub_xrefs
self.mips_gp = database.mips_gp
if not database.loaded:
self.load_symbols()
database.symbols = self.binary.symbols
database.reverse_symbols = self.binary.reverse_symbols
database.demangled = self.binary.demangled
database.reverse_demangled = self.binary.reverse_demangled
database.imports = self.binary.imports
else:
self.binary.symbols = database.symbols
self.binary.reverse_symbols = database.reverse_symbols
self.binary.demangled = database.demangled
self.binary.reverse_demangled = database.reverse_demangled
self.binary.imports = database.imports
cs_arch = arch_lookup.get(self.binary.arch, None)
cs_mode = mode_lookup.get(self.binary.arch, None)
if self.is_big_endian:
cs_mode |= CAPSTONE.CS_MODE_BIG_ENDIAN
else:
cs_mode |= CAPSTONE.CS_MODE_LITTLE_ENDIAN
self.capstone = CAPSTONE
self.md = CAPSTONE.Cs(cs_arch, cs_mode)
self.md.detail = True
for s in self.binary.iter_sections():
s.big_endian = cs_mode & CAPSTONE.CS_MODE_BIG_ENDIAN
if self.binary.arch == "x86":
warning("To compute correctly the value of esp, the frame size must")
warning("be correct. But the heuristic is very simple actually.")
warning("So every references to ebp should be correct but for esp it")
warning("may have some errors.")
warning("In the visual press I to show original instructions.")
# http://www.delorie.com/djgpp/doc/coff/symtab.html
# http://unixwiz.net/techtips/win32-callconv.html
import bisect
import pefile
from capstone.x86 import (X86_OP_INVALID, X86_OP_MEM, X86_REG_RIP, X86_REG_EIP)
from ctypes import sizeof
from plasma.lib.exceptions import ExcPEFail
from plasma.lib.fileformat.pefile2 import PE2, SymbolEntry, PE_DT_FCN, PE_DT_PTR
from plasma.lib.fileformat.binary import Binary
from plasma.lib.utils import warning
if not pefile.__version__.startswith("201"):
warning("you should use the most recent port of pefile")
warning("https://github.com/erocarrera/pefile")
class PE(Binary):
def __init__(self, db, filename):
Binary.__init__(self)
self.db = db
self.pe = PE2(filename, fast_load=True)
self.__data_sections = []
self.__data_sections_content = []
self.__exec_sections = []
self.set_arch_name()
def __init__(self):
self.__init_vars()
if msgpack.version < (0, 4, 6):
warning("your version of msgpack is less than 0.4.6")
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import bisect
import pefile
from capstone.x86 import (X86_OP_INVALID, X86_OP_MEM, X86_REG_RIP, X86_REG_EIP)
from ctypes import sizeof
from plasma.lib.exceptions import ExcPEFail
from plasma.lib.fileformat.pefile2 import PE2, SymbolEntry, PE_DT_FCN, PE_DT_PTR
from plasma.lib.fileformat.binary import SectionAbs, Binary
from plasma.lib.utils import warning
if not pefile.__version__.startswith("201"):
warning("you should use the most recent port of pefile")
warning("https://github.com/erocarrera/pefile")
class PE(Binary):
def __init__(self, db, filename):
Binary.__init__(self)
self.db = db
self.pe = PE2(filename, fast_load=True)
self.__data_sections = []
self.__data_sections_content = []
self.__exec_sections = []
self.set_arch_name()
def __init__(self):
self.__init_vars()
if msgpack.version < (0, 4, 6):
warning("your version of msgpack is less than 0.4.6")
