def setup(ql):
ql.heap = Heap(ql, ql.commos.HEAP_BASE_ADDR,
ql.commos.HEAP_BASE_ADDR + ql.commos.HEAP_SIZE)
ql.hook_mem_unmapped(ql_x86_windows_hook_mem_error)
# setup gdt
if ql.arch == QL_X86:
ql_x86_setup_gdt_segment_fs(ql, FS_SEGMENT_ADDR, FS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_gs(ql, GS_SEGMENT_ADDR, GS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_ds(ql)
ql_x86_setup_gdt_segment_cs(ql)
ql_x86_setup_gdt_segment_ss(ql)
elif ql.arch == QL_X8664:
ql_x8664_set_gs(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# clipboard
ql.clipboard = Clipboard(ql)
# fibers
ql.fiber_manager = FiberManager(ql)
# Place to set errors for retrieval by GetLastError()
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)
# user configuration
ql.config = ql_init_configuration(ql)
# variables used inside hooks
ql.hooks_variables = {}
def runner(ql):
ql_setup(ql)
# registry manger
ql.registry_manager = RegistryManager(ql)
if (ql.until_addr == 0):
ql.until_addr = QL_X86_WINDOWS_EMU_END
try:
if ql.shellcoder:
ql.uc.emu_start(ql.code_address,
ql.code_address + len(ql.shellcoder))
else:
ql.uc.emu_start(ql.entry_point, ql.until_addr, ql.timeout)
except UcError as e:
if ql.output in (QL_OUT_DEBUG, QL_OUT_DUMP):
ql.nprint("[+] PC= " + hex(ql.pc))
ql.show_map_info()
buf = ql.uc.mem_read(ql.pc, 8)
ql.nprint("[+] ", [hex(_) for _ in buf])
ql_hook_code_disasm(ql, ql.pc, 64)
ql.errmsg = 1
ql.nprint("%s" % e)
raise QlErrorExecutionStop('[!] Emulation Stopped')
ql.registry_manager.save()
def windows_setup64(ql):
ql.GS_SEGMENT_ADDR = 0x6000
ql.GS_SEGMENT_SIZE = 0x8000
ql.STRUCTERS_LAST_ADDR = ql.GS_SEGMENT_ADDR
ql.DLL_BASE_ADDR = 0x7ffff0000000
ql.DLL_SIZE = 0
ql.DLL_LAST_ADDR = ql.DLL_BASE_ADDR
ql.HEAP_BASE_ADDR = 0x500000000
ql.HEAP_SIZE = 0x5000000
ql.PE_IMAGE_BASE = 0
ql.PE_IMAGE_SIZE = 0
ql.DEFAULT_IMAGE_BASE = 0x140000000
ql.entry_point = 0
ql.RUN = True
ql.heap = Heap(ql, ql.HEAP_BASE_ADDR, ql.HEAP_BASE_ADDR + ql.HEAP_SIZE)
# setup gdt
set_pe64_gdt(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)
def setup_windows32(ql):
ql.FS_SEGMENT_ADDR = 0x6000
ql.FS_SEGMENT_SIZE = 0x6000
ql.STRUCTERS_LAST_ADDR = ql.FS_SEGMENT_ADDR
ql.GS_SEGMENT_ADDR = 0x5000
ql.GS_SEGMENT_SIZE = 0x1000
ql.PE_IMAGE_BASE = 0
ql.PE_IMAGE_SIZE = 0
ql.DEFAULT_IMAGE_BASE = 0x400000
ql.entry_point = 0
ql.HEAP_BASE_ADDR = 0x5000000
ql.HEAP_SIZE = 0x5000000
ql.DLL_BASE_ADDR = 0x10000000
ql.DLL_SIZE = 0
ql.DLL_LAST_ADDR = ql.DLL_BASE_ADDR
ql.heap = Heap(ql, ql.HEAP_BASE_ADDR, ql.HEAP_BASE_ADDR + ql.HEAP_SIZE)
ql.hook_mem_unmapped(ql_x86_windows_hook_mem_error)
ql.RUN = True
# New set GDT Share with Linux
ql_x86_setup_gdt_segment_fs(ql, ql.FS_SEGMENT_ADDR, ql.FS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_gs(ql, ql.GS_SEGMENT_ADDR, ql.GS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_ds(ql)
ql_x86_setup_gdt_segment_cs(ql)
ql_x86_setup_gdt_segment_ss(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# clipboard
ql.clipboard = Clipboard(ql)
# fibers
ql.fiber_manager = FiberManager(ql)
# Place to set errors for retrieval by GetLastError()
ql.last_error = 0
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)
# user configuration
ql.config = init_configuration(ql)
# variables used inside hooks
ql.hooks_variables = {}
def windows_setup64(ql):
ql.STRUCTERS_LAST_ADDR = GS_SEGMENT_ADDR
ql.PE_IMAGE_BASE = 0
ql.PE_IMAGE_SIZE = 0
ql.DEFAULT_IMAGE_BASE = 0x140000000
ql.entry_point = 0
ql.HEAP_BASE_ADDR = 0x500000000
ql.HEAP_SIZE = 0x5000000
ql.DLL_BASE_ADDR = 0x7ffff0000000
ql.DLL_SIZE = 0
ql.DLL_LAST_ADDR = ql.DLL_BASE_ADDR
ql.RUN = True
ql.heap = Heap(ql, ql.HEAP_BASE_ADDR, ql.HEAP_BASE_ADDR + ql.HEAP_SIZE)
ql.hook_mem_unmapped(ql_x86_windows_hook_mem_error)
# setup gdt
set_pe64_gdt(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# clipboard manager
ql.clipboard = Clipboard(ql)
# fibers
ql.fiber_manager = FiberManager(ql)
# Place to set errors for retrieval by GetLastError()
ql.last_error = 0
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)
# user configuration
ql.config = ql_init_configuration(ql)
# variables used inside hooks
ql.hooks_variables = {}
def setup_windows32(ql):
ql.FS_SEGMENT_ADDR = 0x6000
ql.FS_SEGMENT_SIZE = 0x6000
ql.STRUCTERS_LAST_ADDR = ql.FS_SEGMENT_ADDR
ql.GS_SEGMENT_ADDR = 0x5000
ql.GS_SEGMENT_SIZE = 0x1000
ql.PE_IMAGE_BASE = 0
ql.PE_IMAGE_SIZE = 0
ql.DEFAULT_IMAGE_BASE = 0x400000
ql.entry_point = 0
ql.HEAP_BASE_ADDR = 0x5000000
ql.HEAP_SIZE = 0x5000000
ql.DLL_BASE_ADDR = 0x10000000
ql.DLL_SIZE = 0
ql.DLL_LAST_ADDR = ql.DLL_BASE_ADDR
ql.heap = Heap(ql, ql.HEAP_BASE_ADDR, ql.HEAP_BASE_ADDR + ql.HEAP_SIZE)
ql.hook_mem_unmapped(ql_x86_windows_hook_mem_error)
ql.RUN = True
# New set GDT Share with Linux
ql_x86_setup_gdt_segment_fs(ql, ql.FS_SEGMENT_ADDR, ql.FS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_gs(ql, ql.GS_SEGMENT_ADDR, ql.GS_SEGMENT_SIZE)
ql_x86_setup_gdt_segment_ds(ql)
ql_x86_setup_gdt_segment_cs(ql)
ql_x86_setup_gdt_segment_ss(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)
def windows_setup64(ql):
ql.GS_SEGMENT_ADDR = 0x6000
ql.GS_SEGMENT_SIZE = 0x8000
ql.STRUCTERS_LAST_ADDR = ql.GS_SEGMENT_ADDR
ql.DLL_BASE_ADDR = 0x7ffff0000000
ql.DLL_SIZE = 0
ql.DLL_LAST_ADDR = ql.DLL_BASE_ADDR
ql.HEAP_BASE_ADDR = 0x500000000
ql.HEAP_SIZE = 0x5000000
ql.PE_IMAGE_BASE = 0
ql.PE_IMAGE_SIZE = 0
ql.DEFAULT_IMAGE_BASE = 0x140000000
ql.entry_point = 0
ql.RUN = True
ql.heap = Heap(ql, ql.HEAP_BASE_ADDR, ql.HEAP_BASE_ADDR + ql.HEAP_SIZE)
# setup gdt
set_pe64_gdt(ql)
# handle manager
ql.handle_manager = HandleManager()
# registry manger
ql.registry_manager = RegistryManager(ql)
# clipboard manager
ql.clipboard = Clipboard(ql)
# fibers
ql.fiber_manager = FiberManager(ql)
# Place to set errors for retrieval by GetLastError()
ql.last_error = 0
# thread manager
main_thread = Thread(ql)
ql.thread_manager = ThreadManager(ql, main_thread)
new_handle = Handle(thread=main_thread)
ql.handle_manager.append(new_handle)