def run(self):
'''Main function that is in charge of running the test and return the result:
true if the snapshot has recognized the function, false else.'''
# TODO inherit from Replay
jitter = self.machine.jitter(config.miasm_engine)
vm_load_elf(jitter.vm, open(self.filename, "rb").read())
# Init segment
jitter.ir_arch.do_stk_segm = True
jitter.ir_arch.do_ds_segm = True
jitter.ir_arch.do_str_segm = True
jitter.ir_arch.do_all_segm = True
FS_0_ADDR = 0x7ff70000
jitter.cpu.FS = 0x4
jitter.cpu.set_segm_base(jitter.cpu.FS, FS_0_ADDR)
jitter.vm.add_memory_page(FS_0_ADDR + 0x28, PAGE_READ,
"\x42\x42\x42\x42\x42\x42\x42\x42",
"Stack canary FS[0x28]")
# Init the jitter with the snapshot
self.use_snapshot(jitter)
# Get the return address for our breakpoint
return_addr = struct.unpack("P",
jitter.vm.get_mem(jitter.cpu.RSP, 0x8))[0]
jitter.add_breakpoint(return_addr, self.end_func)
# Prepare the execution
jitter.init_run(self.learned_addr)
self.prepare_symbexec(jitter, return_addr)
# Run the execution
try:
jitter.continue_run()
assert jitter.run == False
except AssertionError:
if jitter.vm.get_exception() & EXCEPT_ACCESS_VIOL:
self.replayexception += ["access violation"]
elif jitter.vm.get_exception() & EXCEPT_DIV_BY_ZERO:
self.replayexception += ["division by zero"]
elif jitter.vm.get_exception() & EXCEPT_PRIV_INSN:
self.replayexception += ["execution of private instruction"]
elif jitter.vm.get_exception():
self.replayexception += [
"exception no %i" % (jitter.vm.get_exception())
]
else:
raise
self.isFuncFound = False
# Rebuild references
self.build_references()
return self.isFuncFound
def run(self):
'''Main function that is in charge of running the test and return the result:
true if the snapshot has recognized the function, false else.'''
# TODO inherit from Replay
jitter = self.machine.jitter(config.miasm_engine)
vm_load_elf(jitter.vm, open(self.filename, "rb").read())
# Init segment
jitter.ir_arch.do_stk_segm = True
jitter.ir_arch.do_ds_segm = True
jitter.ir_arch.do_str_segm = True
jitter.ir_arch.do_all_segm = True
FS_0_ADDR = 0x7ff70000
jitter.cpu.FS = 0x4
jitter.cpu.set_segm_base(jitter.cpu.FS, FS_0_ADDR)
jitter.vm.add_memory_page(
FS_0_ADDR + 0x28, PAGE_READ, "\x42\x42\x42\x42\x42\x42\x42\x42", "Stack canary FS[0x28]")
# Init the jitter with the snapshot
self.use_snapshot(jitter)
# Get the return address for our breakpoint
return_addr = struct.unpack("P", jitter.vm.get_mem(jitter.cpu.RSP,
0x8))[0]
jitter.add_breakpoint(return_addr, self.end_func)
# Prepare the execution
jitter.init_run(self.learned_addr)
self.prepare_symbexec(jitter, return_addr)
# Run the execution
try:
jitter.continue_run()
assert jitter.run == False
except AssertionError:
if jitter.vm.get_exception() & EXCEPT_ACCESS_VIOL:
self.replayexception += ["access violation"]
elif jitter.vm.get_exception() & EXCEPT_DIV_BY_ZERO:
self.replayexception += ["division by zero"]
elif jitter.vm.get_exception() & EXCEPT_PRIV_INSN:
self.replayexception += ["execution of private instruction"]
elif jitter.vm.get_exception():
self.replayexception += ["exception no %i" % (jitter.vm.get_exception())]
else:
raise
self.isFuncFound = False
# Rebuild references
self.build_references()
return self.isFuncFound
def run(self):
'''Main function that is in charge of running the test and return the result:
true if the snapshot has recognized the function, false else.'''
# Retrieve miasm tools
jitter = self.machine.jitter("gcc")
vm_load_elf(jitter.vm, open(self.filename, "rb").read())
# Init segment
jitter.ir_arch.do_stk_segm = True
jitter.ir_arch.do_ds_segm = True
jitter.ir_arch.do_str_segm = True
jitter.ir_arch.do_all_segm = True
FS_0_ADDR = 0x7ff70000
jitter.cpu.FS = 0x4
jitter.cpu.set_segm_base(jitter.cpu.FS, FS_0_ADDR)
jitter.vm.add_memory_page(FS_0_ADDR + 0x28, PAGE_READ,
"\x42\x42\x42\x42\x42\x42\x42\x42",
"Stack canary FS[0x28]")
# Init the jitter with the snapshot
self.use_snapshot(jitter)
# Change the return address to our breakpoint
jitter.vm.set_mem(jitter.cpu.RSP, struct.pack("P", 0x1337BEEF))
# jitter.push_uint64_t(0x1337BEEF)
jitter.add_breakpoint(0x1337BEEF, self.end_func)
# Run the execution
jitter.init_run(self.learned_addr)
try:
jitter.continue_run()
assert jitter.run == False
except AssertionError:
if jitter.vm.get_exception() & EXCEPT_ACCESS_VIOL:
self.replayexception += ["access violation"]
elif jitter.vm.get_exception() & EXCEPT_DIV_BY_ZERO:
self.replayexception += ["division by zero"]
elif jitter.vm.get_exception() & EXCEPT_PRIV_INSN:
self.replayexception += ["execution of private instruction"]
else:
self.replayexception += [
"exception no %i" % (jitter.vm.get_exception())
]
self.isFuncFound = False
return self.isFuncFound
def __init__(self, custom_methods, *args, **kwargs):
from miasm2.jitter.loader.elf import vm_load_elf, preload_elf, libimp_elf
from miasm2.os_dep import linux_stdlib
methods = linux_stdlib.__dict__
methods.update(custom_methods)
super(OS_Linux, self).__init__(methods, *args, **kwargs)
# Import manager
self.libs = libimp_elf()
with open(self.fname, "rb") as fstream:
self.elf = vm_load_elf(self.jitter.vm,
fstream.read(),
name=self.fname,
**kwargs)
preload_elf(self.jitter.vm, self.elf, self.libs)
self.entry_point = self.elf.Ehdr.entry
# Library calls handler
self.jitter.add_lib_handler(self.libs, methods)
linux_stdlib.ABORT_ADDR = self.CALL_FINISH_ADDR
# Arguments
self.argv = [self.PROGRAM_PATH]
if self.options.command_line:
self.argv += self.options.command_line
self.envp = self.options.environment_vars
def __init__(self, custom_methods, *args, **kwargs):
from miasm2.jitter.loader.elf import vm_load_elf, preload_elf, libimp_elf
from miasm2.os_dep import linux_stdlib
methods = linux_stdlib.__dict__
methods.update(custom_methods)
super(OS_Linux, self).__init__(methods, *args, **kwargs)
# Import manager
self.libs = libimp_elf()
with open(self.fname) as fstream:
self.elf = vm_load_elf(self.jitter.vm, fstream.read(),
name=self.fname, **kwargs)
preload_elf(self.jitter.vm, self.elf, self.libs)
self.entry_point = self.elf.Ehdr.entry
# Library calls handler
self.jitter.add_lib_handler(self.libs, methods)
# Arguments
self.argv = [self.PROGRAM_PATH]
if self.options.command_line:
self.argv += self.options.command_line
self.envp = self.options.environment_vars
def do_trace(self):
'''Run miasm and construct the trace'''
self.trace = Trace()
# Retrieve miasm tools
machine = Machine(self.machine)
jitter = machine.jitter("python")
# Set the jitter to use our custom emulator
jitter.jit.symbexec = CustomEmulatedSymbExec(jitter.cpu, jitter.vm,
jitter.jit.ir_arch, {})
jitter.jit.symbexec.enable_emulated_simplifications()
jitter.jit.symbexec.reset_regs()
elf = vm_load_elf(jitter.vm, open(self.program, "rb").read())
# Init segment
jitter.ir_arch.do_stk_segm = True
jitter.ir_arch.do_ds_segm = True
jitter.ir_arch.do_str_segm = True
jitter.ir_arch.do_all_segm = True
FS_0_ADDR = 0x7ff70000
jitter.cpu.FS = 0x4
jitter.cpu.set_segm_base(jitter.cpu.FS, FS_0_ADDR)
jitter.vm.add_memory_page(FS_0_ADDR + 0x28, PAGE_READ,
"\x42\x42\x42\x42\x42\x42\x42\x42")
# Init stack and push main args
jitter.init_stack()
jitter.push_uint64_t(1)
jitter.vm.add_memory_page(0x800000, PAGE_READ, self.program)
jitter.push_uint64_t(0x800000)
jitter.push_uint64_t(0xDEADDEAD)
jitter.add_breakpoint(0xDEADDEAD, self.end_do_trace)
jitter.add_breakpoint(0x1337beef, self.end_func)
jitter.add_breakpoint(self.address, self.begin_func)
# Run the execution
if self.main_address is None:
jitter.init_run(elf.Ehdr.entry)
else:
jitter.init_run(self.main_address)
for addr, info in jitter.vm.get_all_memory().iteritems():
self.segments += [(addr, addr + info['size'])]
jitter.continue_run()
assert jitter.run == False
return self.trace
def do_trace(self):
'''Run miasm and construct the trace'''
self.trace = Trace()
# Retrieve miasm tools
machine = Machine(self.machine)
jitter = machine.jitter("python")
# Set the jitter to use our custom emulator
jitter.jit.symbexec = CustomEmulatedSymbExec(
jitter.cpu, jitter.vm, jitter.jit.ir_arch, {})
jitter.jit.symbexec.enable_emulated_simplifications()
jitter.jit.symbexec.reset_regs()
elf = vm_load_elf(jitter.vm, open(self.program, "rb").read())
# Init segment
jitter.ir_arch.do_stk_segm = True
jitter.ir_arch.do_ds_segm = True
jitter.ir_arch.do_str_segm = True
jitter.ir_arch.do_all_segm = True
FS_0_ADDR = 0x7ff70000
jitter.cpu.FS = 0x4
jitter.cpu.set_segm_base(jitter.cpu.FS, FS_0_ADDR)
jitter.vm.add_memory_page(
FS_0_ADDR + 0x28, PAGE_READ, "\x42\x42\x42\x42\x42\x42\x42\x42")
# Init stack and push main args
jitter.init_stack()
jitter.push_uint64_t(1)
jitter.vm.add_memory_page(0x800000, PAGE_READ, self.program)
jitter.push_uint64_t(0x800000)
jitter.push_uint64_t(0xDEADDEAD)
jitter.add_breakpoint(0xDEADDEAD, self.end_do_trace)
jitter.add_breakpoint(0x1337beef, self.end_func)
jitter.add_breakpoint(self.address, self.begin_func)
# Run the execution
if self.main_address is None:
jitter.init_run(elf.Ehdr.entry)
else:
jitter.init_run(self.main_address)
jitter.continue_run()
assert jitter.run == False
return self.trace
def __init__(self, custom_methods, *args, **kwargs):
from miasm2.jitter.loader.elf import vm_load_elf, preload_elf
super(OS_Linux, self).__init__(custom_methods, *args, **kwargs)
# Import manager
libs = libimp()
self.libs = libs
elf = vm_load_elf(self.jitter.vm, self.fname)
self.elf = elf
preload_elf(self.jitter.vm, elf, libs)
# Library calls handler
self.jitter.add_lib_handler(libs, custom_methods)
def parse(self, data, vm=None):
from miasm2.jitter.loader.elf import vm_load_elf, guess_arch
from elfesteem import elf_init
# Parse signature
if not data.startswith('\x7fELF'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_elf(vm, data)
else:
self._executable = elf_init.ELF(data)
except Exception, error:
raise ContainerParsingException('Cannot read ELF: %s' % error)
def parse(self, data, vm=None):
from miasm2.jitter.loader.elf import vm_load_elf, guess_arch
from elfesteem import elf_init
# Parse signature
if not data.startswith('\x7fELF'):
raise ContainerSignatureException()
# Build executable instance
try:
if vm is not None:
self._executable = vm_load_elf(vm, data)
else:
self._executable = elf_init.ELF(data)
except Exception, error:
raise ContainerParsingException('Cannot read ELF: %s' % error)
def __init__(self, custom_methods, *args, **kwargs):
from miasm2.jitter.loader.elf import vm_load_elf, preload_elf, libimp_elf
from miasm2.os_dep import linux_stdlib
methods = linux_stdlib.__dict__
methods.update(custom_methods)
super(OS_Linux, self).__init__(methods, *args, **kwargs)
# Import manager
self.libs = libimp_elf()
with open(self.fname) as fstream:
self.elf = vm_load_elf(self.jitter.vm, fstream.read(), **kwargs)
preload_elf(self.jitter.vm, self.elf, self.libs)
self.entry_point = self.elf.Ehdr.entry
# Library calls handler
self.jitter.add_lib_handler(self.libs, methods)
def __init__(self, custom_methods, *args, **kwargs):
from miasm2.jitter.loader.elf import vm_load_elf, preload_elf, libimp_elf
from miasm2.os_dep import linux_stdlib
methods = linux_stdlib.__dict__
methods.update(custom_methods)
super(OS_Linux, self).__init__(methods, *args, **kwargs)
# Import manager
self.libs = libimp_elf()
with open(self.fname) as fstream:
self.elf = vm_load_elf(self.jitter.vm, fstream.read(), **kwargs)
preload_elf(self.jitter.vm, self.elf, self.libs)
self.entry_point = self.elf.Ehdr.entry
# Library calls handler
self.jitter.add_lib_handler(self.libs, methods)