def on_syscall(jitter):
nextip = unpack("<Q", jitter.vm.get_mem(ADDR_SYSCALL_NEXTIP, 8))[0]
if nextip != 0:
# ログ出力
if jitter.cpu.RAX == 1:
print "sys_write(%d, buf, %d)" % (jitter.cpu.RDI, jitter.cpu.RDX)
buf = jitter.vm.get_mem(jitter.cpu.RSI, jitter.cpu.RDX)
print "buf = "
utils.hexdump(buf)
else:
print "Unknown system call"
# 戻り値の設定
jitter.cpu.RAX = jitter.cpu.RDX
# 例外コードのクリア
jitter.cpu.set_exception(0)
# フラグのクリア
jitter.vm.set_mem(ADDR_SYSCALL_NEXTIP, "\x00" * 8)
jitter.pc = nextip
return True
def on_syscall(jitter):
nextip = unpack("<Q", jitter.vm.get_mem(ADDR_SYSCALL_NEXTIP, 8))[0]
if nextip != 0:
# ログ出力
if jitter.cpu.RAX == 1:
print "sys_write(%d, buf, %d)" % (jitter.cpu.RDI, jitter.cpu.RDX)
buf = jitter.vm.get_mem(jitter.cpu.RSI, jitter.cpu.RDX)
print "buf = "
utils.hexdump(buf)
else:
print "Unknown system call"
# 戻り値の設定
jitter.cpu.RAX = jitter.cpu.RDX
# 例外コードのクリア
jitter.cpu.set_exception(0)
# フラグのクリア
jitter.vm.set_mem(ADDR_SYSCALL_NEXTIP, "\x00" * 8)
jitter.pc = nextip
return True
def get_mem(self, addr, size=0xF):
"hexdump @addr, size"
hexdump(self.myjit.vm.get_mem(addr, size))
def get_mem(self, addr, size=0xF):
"hexdump @addr, size"
hexdump(self.myjit.vm.get_mem(addr, size))
"""This example illustrate the Sandbox.call API, for direct call of a given
function"""
from miasm2.analysis.sandbox import Sandbox_Linux_arml
from miasm2.analysis.binary import Container
from miasm2.os_dep.linux_stdlib import linobjs
from miasm2.core.utils import hexdump
# Parse arguments
parser = Sandbox_Linux_arml.parser(description="ELF sandboxer")
parser.add_argument("filename", help="ELF Filename")
options = parser.parse_args()
sb = Sandbox_Linux_arml(options.filename, options, globals())
with open(options.filename, "rb") as fdesc:
cont = Container.from_stream(fdesc)
loc_key = cont.loc_db.get_name_location("md5_starts")
addr_to_call = cont.loc_db.get_location_offset(loc_key)
# Calling md5_starts(malloc(0x64))
addr = linobjs.heap.alloc(sb.jitter, 0x64)
sb.call(addr_to_call, addr)
hexdump(sb.jitter.vm.get_mem(addr, 0x64))
