def dump(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
lent = utils.u_eval(self.core_instance, args[1])
file_name = args[3]
b = self.core_instance.get_emu_instance().mem_read(off, lent)
with open(file_name, 'wb') as f:
f.write(b)
print(str(lent) + ' written to ' + file_name + '.')
def rm_breakpoint(self, *args):
off = utils.u_eval(self.core_instance, args[1])
if off in self.bp_list:
self.bp_list.remove(off)
print('breakpoint at ' + hex(off) + ' removed.')
else:
print('no breakpoint at ' + hex(off))
def breakpoint(self, *args):
off = utils.u_eval(self.core_instance, args[1])
if off not in self.bp_list:
self.bp_list.append(off)
print('breakpoint added at: ' + hex(off))
else:
print('breakpoint already set at ' + hex(off))
def read(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
lent = utils.u_eval(self.core_instance, args[1])
format = 'h'
if len(args) > 2:
format = args[2]
b = self.core_instance.get_emu_instance().mem_read(off, lent)
if format == 'h':
hexdump(b)
elif format == 'i':
cs = self.core_instance.get_cs_instance()
for i in cs.disasm(bytes(b), off):
print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str))
else:
print('format invalid. Please use a valid format:')
print("\t" + 'h: hex')
print("\t" + 'i: asm')
def remove(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
for i in range(0, len(self.patches)):
p = self.patches[i]
if p[0] == off:
self.patches.pop(i)
print('patch at ' + hex(off) + ' removed.')
return
print('no patch found at ' + hex(off))
def fwrite(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
path = args[1]
if not os.path.isfile(path):
print('file not found or not accessible.')
return
with open(path, "rb") as bb:
self.internal_write(off, bb.read())
print(path + ' bytes written to ' + hex(off))
def map(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
lent = utils.u_eval(self.core_instance, args[1])
p = None
if len(args) > 2:
p = str(args[2])
if off < 1024:
off += 1024 - (off % 1024)
if lent % 1024 is not 0:
lent += 1024 - (lent % 1024)
self.core_instance.get_emu_instance().mem_map(off, lent)
mappings = self.core_instance.get_module('mappings_module')
mappings.internal_add(off, lent, p)
print('mapped ' + str(lent) + ' at ' + hex(off))
def unmap(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
lent = utils.u_eval(self.core_instance, args[1])
if off < 1024:
off += 1024 - (off % 1024)
if lent % 1024 is not 0:
lent += 1024 - (lent % 1024)
self.core_instance.get_emu_instance().mem_unmap(off, lent)
mappings = self.core_instance.get_module('mappings_module').get_mappings()
for i in range(0, len(mappings)):
if mappings[i][1] == off:
map_lent = mappings[i][2]
if map_lent == lent:
mappings.pop(i)
print('unmapped ' + str(lent) + ' at ' + hex(off))
def write(self, func_name, *args):
arch = self.core_instance.unicorndbg_instance.get_arch()
try:
register = getattr(utils.get_arch_consts(arch),
utils.get_reg_tag(arch) + str(args[0]).upper())
except Exception as e:
raise Exception('register not found')
value = utils.u_eval(self.core_instance, args[1])
self.core_instance.get_emu_instance().reg_write(register, value)
print(hex(value) + ' written into ' + str(args[0]).upper())
def add(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
pp = bytes.fromhex(args[1])
pp_len = len(pp)
for i in range(0, len(self.patches)):
p = self.patches[i]
if p[0] == off:
print(hex(off) + ' already patched')
return
memory_module = self.core_instance.get_module('memory_module')
orig_pp = memory_module.internal_read(off, pp_len)
memory_module.internal_write(off, pp)
self.patches.append([off, pp_len, orig_pp, pp, 1])
print('patch created and written to ' + hex(off))
def load(self, func_name, *args):
path = args[0]
if os.path.isfile(path):
p = open(path, 'rb').read()
off = utils.u_eval(self.core_instance, args[1])
binary_len = len(p)
if off < 1024:
off += 1024 - (off % 1024)
if binary_len % 1024 is not 0:
binary_len += 1024 - (binary_len % 1024)
self.core_instance.get_emu_instance().mem_map(off, binary_len)
self.core_instance.get_emu_instance().mem_write(off, p)
self.core_instance.get_module('mappings_module').internal_add(off, binary_len, path)
print('Mapped ' + str(binary_len) + ' at ' + hex(off))
else:
print("File not found")
def find(self, func_name, *args):
where = utils.u_eval(self.core_instance, args[0])
what = bytes.fromhex(args[1])
match = re.compile(what)
result = []
map_start = 0
start = 0
size = 0
mappings = self.core_instance.get_module(
'mappings_module').get_mappings()
if isinstance(where, str):
for map in mappings:
if map[0] == where:
start = int(map[1], 16)
map_start = start
size = map[2]
else:
for map in mappings:
if int(map[1], 16) <= where < (int(map[1], 16) + map[2]):
map_start = int(map[1], 16)
start = where
size = map[2]
b = self.core_instance.get_emu_instance().mem_read(
start, size - (map_start - start))
for match_obj in match.finditer(b):
offset = match_obj.start() + map_start
result.append([hex(offset)])
print(utils.titlify('find'))
if len(result) == 0:
print('Nothing found.')
else:
h = [utils.white_bold_underline('offset')]
print('')
print(tabulate(result, h, tablefmt="simple"))
print('')
def continue_exec(self, func_name, *args):
current_address = self.core_instance.unicorndbg_instance.get_current_address(
)
skip_bp = 0
try:
skip_bp = utils.u_eval(self.core_instance, args[0])
except Exception as e:
pass
if current_address is None:
entry_point = self.core_instance.unicorndbg_instance.get_entry_point(
)
if entry_point is not None:
self.core_instance.unicorndbg_instance.resume_emulation(
address=entry_point, skip_bp=skip_bp)
else:
print(
'please use \'set entry_point *offset\' to define an entry point'
)
else:
self.core_instance.unicorndbg_instance.resume_emulation(
skip_bp=skip_bp)
def toggle(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
for i in range(0, len(self.patches)):
p = self.patches[i]
if p[0] == off:
tog = args[1]
status = p[4]
memory_module = self.core_instance.get_module('memory_module')
if status == 0 and tog == 1:
p[4] = tog
memory_module.internal_write[off, p[3]]
print('patch at ' + hex(off) + ' enabled')
return
elif status == 1 and tog == 0:
p[4] = tog
memory_module.internal_write[off, p[2]]
print('patch at ' + hex(off) + ' disabled')
return
print('Nothing to do at ' + hex(off))
return
print('no patch found at ' + hex(off))
def print(self, func_name, *args):
arr = ""
for a in args:
arr += a
print(utils.u_eval(self.core_instance, arr))
def write(self, func_name, *args):
off = utils.u_eval(self.core_instance, args[0])
pp = bytes.fromhex(args[1])
self.internal_write(off, pp)
print(str(len(pp)) + ' bytes written to ' + hex(off))
