def get_str(jit, addr): data = jit.vm.get_mem(addr, 10) return data[:data.find(b'\x00')].decode('utf-8') def exception_int(jitter): print("SYSCALL {}".format(jitter.cpu.EAX)) jitter.cpu.set_exception(0) return True if __name__ == '__main__': parser = ArgumentParser(description="x86 64 basic Jitter") parser.add_argument("filename", help="x86 64 shellcode filename") parser.add_argument("-j", "--jitter", help="Jitter engine", default="python") args = parser.parse_args() myjit = Machine("x86_64").jitter(args.jitter) myjit.init_stack() data = open(args.filename, 'rb').read() run_addr = 0x40000000 myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data) #myjit.set_trace_log() myjit.add_exception_handler(EXCEPT_SYSCALL, exception_int) myjit.run(run_addr)
myjit = Machine("x86_64").jitter(loc_db, args.jitter) myjit.init_stack() ##end_miasm_init # Load the binary ##begin_qbdl_load x86_64_arch = pyqbdl.Arch(lief.ARCHITECTURES.X86, lief.ENDIANNESS.LITTLE, True) system = MiasmSystem(myjit, x86_64_arch) loader = pyqbdl.loaders.MachO.from_file(args.filename, x86_64_arch, system, pyqbdl.Loader.BIND.NOW) ##end_qbdl_load print(myjit.vm) # Run the binary ##begin_miasm_run def code_sentinelle(jitter): print("[+] End!") return False myjit.push_uint64_t(0x1337beef) myjit.add_breakpoint(0x1337beef, code_sentinelle) myjit.run(loader.entrypoint) ##end_miasm_run