def __init__(self, gctx):
self.gctx = gctx
gctx.vim = False
self.COMMANDS_ALPHA = [
"analyzer",
"da",
"db",
"dd",
"dw",
"dq",
"dump",
"exit",
"functions",
"help",
"history",
"info",
"jmptable",
"load",
"lrawarm",
"lrawmips",
"lrawmips64",
"lrawx86",
"lrawx64",
"mips_set_gp",
"py",
"save",
"sections",
"sym",
"x",
"v",
"display.print_section",
"xrefs",
]
self.COMMANDS = {
"analyzer":
Command(0, self.__exec_analyzer, None, [
"",
"Analyzer information",
]),
"help":
Command(0, self.__exec_help, None, ["", "Display this help"]),
"history":
Command(0, self.__exec_history, None, [
"",
"Display the command history",
]),
"save":
Command(0, self.__exec_save, None, [
"",
"Save the database (only symbols and history currently).",
]),
"load":
Command(1, self.__exec_load, self.__complete_load, [
"filename",
"Load a new binary file.",
]),
"lrawx86":
Command(1, self.__exec_lrawx86, self.__complete_load, [
"filename",
"Load a x86 raw file.",
]),
"lrawx64":
Command(1, self.__exec_lrawx64, self.__complete_load, [
"filename",
"Load a x64 raw file.",
]),
"lrawarm":
Command(1, self.__exec_lrawarm, self.__complete_load, [
"filename",
"Load a ARM raw file.",
]),
"lrawmips":
Command(1, self.__exec_lrawmips, self.__complete_load, [
"filename",
"Load a MIPS raw file.",
]),
"lrawmips64":
Command(1, self.__exec_lrawmips64, self.__complete_load, [
"filename",
"Load a MIPS64 raw file.",
]),
"x":
Command(1, self.__exec_x, self.__complete_x, [
"[SYMBOL|0xXXXX|EP]",
"Decompile and print on stdout. By default it will be main.",
"The decompilation is forced, it dosn't check if addresses",
"are defined as code."
]),
"v":
Command(1, self.__exec_v, self.__complete_x, [
"[SYMBOL|0xXXXX|EP]",
"Visual mode",
"Shortcuts:",
"c create code",
"p create function",
"x show xrefs",
"r rename",
"I switch to traditional instruction string output",
"g top",
"G bottom",
"z set current line on the middle",
"q quit",
"; edit inline comment (enter/escape to validate/cancel)",
"% goto next bracket",
"* highlight current word (ctrl-k to clear)",
"{ } previous/next paragraph",
"tab switch between dump/decompilation",
"enter follow address",
"escape go back",
"u re-enter (for undo)",
]),
"da":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in ascii, it stops when the end of the section is found",
]),
"db":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in bytes, it stops when the end of the section is found",
]),
"dd":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in dwords, it stops when the end of the section is found",
]),
"dw":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in words, it stops when the end of the section is found",
]),
"dq":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in qwords, it stops when the end of the section is found",
]),
# by default it will be gctx.nb_lines
"dump":
Command(2, self.__exec_dump, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Disassemble only.",
]),
"set":
Command(3, None, None, ["", "Set options"]),
"sym":
Command(3, self.__exec_sym, self.__complete_x, [
"[SYMBOL 0xXXXX] [| FILTER]",
"Print all symbols or set a new symbol.",
"You can filter symbols by searching the word FILTER.",
"If FILTER starts with -, the match is inversed."
]),
"exit":
Command(0, self.__exec_exit, None, ["", "Exit"]),
"sections":
Command(0, self.__exec_sections, None, [
"",
"Print all sections",
]),
"info":
Command(0, self.__exec_info, None,
["", "Information about the current binary"]),
"display.print_section":
Command(0, self.__exec_display_print_section, None,
["", "Print or not section when an address is found"]),
"jmptable":
Command(4, self.__exec_jmptable, None, [
"INST_ADDR TABLE_ADDR NB_ENTRIES SIZE_ENTRY",
"Create a jump table referenced at TABLE_ADDR and called",
"from INST_ADDR."
]),
"py":
Command(0, self.__exec_py, None,
["", "Run an interactive python shell."]),
"mips_set_gp":
Command(1, self.__exec_mips_set_gp, None,
["ADDR", "Set the register $gp to a fixed value."]),
"functions":
Command(1, self.__exec_functions, None,
["", "Print the function list."]),
"xrefs":
Command(1, self.__exec_xrefs, self.__complete_x,
["SYMBOL|0xXXXX|EP", "Print all xrefs."]),
}
self.analyzer = Analyzer()
self.analyzer.start()
rl = ReadLine(self.exec_command, self.complete, self.send_control_c)
self.rl = rl
if gctx.filename is not None:
self.__exec_load(["", gctx.filename])
rl.reload_cursor_line()
while 1:
rl.loop()
if not self.check_db_modified():
break
self.analyzer.msg.put("exit")
def __init__(self, gctx):
self.gctx = gctx
gctx.vim = False
self.COMMANDS = {
"analyzer":
Command(0, self.__exec_analyzer, None, [
"",
"Analyzer information",
]),
"push_analyze_symbols":
Command(0, self.push_analyze_symbols, None, [
"",
"Force to analyze the entry point, symbols and a memory scan will be done.",
]),
"help":
Command(0, self.__exec_help, None, ["", "Display this help"]),
"history":
Command(0, self.__exec_history, None, [
"",
"Display the command history",
]),
"save":
Command(0, self.__exec_save, None, [
"",
"Save the database (only symbols and history currently).",
]),
"x":
Command(1, self.__exec_x, self.__complete_x, [
"[SYMBOL|0xXXXX|EP]",
"Decompile and print on stdout. By default it will be main.",
"The decompilation is forced, it dosn't check if addresses",
"are defined as code."
]),
"v":
Command(1, self.__exec_v, self.__complete_x, [
"[SYMBOL|0xXXXX|EP]",
"Visual mode",
"Shortcuts:",
"c create code",
"b/w/d/Q create byte/word/dword/qword",
"a create ascii string",
"p create function",
"o set [d|q]word as an offset",
"x show xrefs",
"r rename",
"/ binary search: if the first char is ! you can put an",
" hexa string example: /!ab 13 42",
"n/N next/previous search occurence",
"I switch to traditional instruction string output",
"M show/hide mangling",
"B show/hide bytes",
"g top",
"G bottom",
"z set current line on the middle",
"Q quit",
"; edit inline comment (enter/escape to validate/cancel)",
"% goto next bracket",
"* highlight current word (ctrl-k to clear)",
"{ } previous/next paragraph",
"tab switch between dump/decompilation",
"enter follow address",
"escape go back",
"u re-enter (for undo)",
]),
"da":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in ascii, it stops when the end of the section is found",
]),
"db":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in bytes, it stops when the end of the section is found",
]),
"dd":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in dwords, it stops when the end of the section is found",
]),
"dw":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in words, it stops when the end of the section is found",
]),
"dq":
Command(2, self.__exec_data, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Print data in qwords, it stops when the end of the section is found",
]),
# by default it will be gctx.nb_lines
"dump":
Command(2, self.__exec_dump, self.__complete_x, [
"SYMBOL|0xXXXX|EP [NB_LINES]",
"Disassemble only.",
]),
"set":
Command(3, None, None, ["", "Set options"]),
"sym":
Command(3, self.__exec_sym, self.__complete_x, [
"[SYMBOL 0xXXXX] [| FILTER]",
"Print all symbols or set a new symbol.",
"You can filter symbols by searching the word FILTER.",
"If FILTER starts with -, the match is inversed."
]),
"exit":
Command(0, self.__exec_exit, None, ["", "Exit"]),
"sections":
Command(0, self.__exec_sections, None, [
"",
"Print all sections",
]),
"info":
Command(0, self.__exec_info, None,
["", "Information about the current binary"]),
"display.print_section":
Command(0, self.__exec_display_print_section, None,
["", "Print or not section when an address is found"]),
"jmptable":
Command(4, self.__exec_jmptable, None, [
"INST_ADDR TABLE_ADDR NB_ENTRIES SIZE_ENTRY",
"Create a jump table referenced at TABLE_ADDR and called",
"from INST_ADDR."
]),
"py":
Command(0, self.__exec_py, None,
["", "Run an interactive python shell."]),
"mips_set_gp":
Command(1, self.__exec_mips_set_gp, None,
["ADDR", "Set the register $gp to a fixed value."]),
"functions":
Command(1, self.__exec_functions, None,
["", "Print the function list."]),
"xrefs":
Command(1, self.__exec_xrefs, self.__complete_x,
["SYMBOL|0xXXXX|EP", "Print all xrefs."]),
}
rl = ReadLine(self.exec_command, self.complete, self.send_control_c)
self.rl = rl
self.rl.history = gctx.db.history
self.analyzer = Analyzer()
self.analyzer.init()
self.analyzer.start()
self.analyzer.set(gctx)
if gctx.dis.binary.get_arch_string() == "MIPS" and \
gctx.dis.mips_gp == -1:
print("please run first these commands :")
print("mips_set_gp 0xADDRESS")
print("push_analyze_symbols")
else:
# It means that the first analysis was already done
if gctx.autoanalyzer and len(gctx.db.functions) == 0:
self.push_analyze_symbols(None)
rl.reload_cursor_line()
while 1:
rl.loop()
if not self.check_db_modified():
break
self.analyzer.msg.put("exit")
