def load_pe_binary(self, pe): "load the program into virtual memory (populate the mmap dict)" p = Task(pe, cpu) p.OS = self # create text and data segments according to elf header: for s in pe.sections: ms = pe.loadsegment(s, pe.Opt.SectionAlignment) if ms != None: vaddr, data = ms.popitem() p.state.mmap.write(vaddr, data) # init task state: p.state[cpu.eip] = cpu.cst(p.bin.entrypoints[0], 32) p.state[cpu.ebp] = cpu.cst(0, 32) p.state[cpu.eax] = cpu.cst(0, 32) p.state[cpu.ebx] = cpu.cst(0, 32) p.state[cpu.ecx] = cpu.cst(0, 32) p.state[cpu.edx] = cpu.cst(0, 32) p.state[cpu.esi] = cpu.cst(0, 32) p.state[cpu.edi] = cpu.cst(0, 32) # create the stack space: if self.ASLR: p.state.mmap.newzone(p.cpu.esp) else: ssz = pe.Opt.SizeOfStackReserve stack_base = 0x7FFFFFFF & ~(self.PAGESIZE - 1) p.state.mmap.write(stack_base - ssz, b"\0" * ssz) p.state[cpu.esp] = cpu.cst(stack_base, 32) # create the dynamic segments: if len(pe.functions) > 0: self.load_pe_iat(p) # start task: self.tasks.append(p) return p
def initenv(self): from amoco.cas.mapper import mapper m = mapper() for k, v in ((cpu.eip, cpu.cst(self.bin.entrypoints[0], 32)), (cpu.ebp, cpu.cst(0, 32)), (cpu.eax, cpu.cst(0, 32)), (cpu.ebx, cpu.cst(0, 32)), (cpu.ecx, cpu.cst(0, 32)), (cpu.edx, cpu.cst(0, 32)), (cpu.esi, cpu.cst(0, 32)), (cpu.edi, cpu.cst(0, 32))): m[k] = v return m
def initenv(self): from amoco.cas.mapper import mapper m = mapper() for k,v in ((cpu.eip, cpu.cst(self.bin.entrypoints[0],32)), (cpu.ebp, cpu.cst(0,32)), (cpu.eax, cpu.cst(0,32)), (cpu.ebx, cpu.cst(0,32)), (cpu.ecx, cpu.cst(0,32)), (cpu.edx, cpu.cst(0,32)), (cpu.esi, cpu.cst(0,32)), (cpu.edi, cpu.cst(0,32))): m[k] = v return m
def load_elf_binary(self, bprm): "load the program into virtual memory (populate the mmap dict)" p = Task(bprm, cpu) p.OS = self # create text and data segments according to elf header: for s in bprm.Phdr: if s.p_type == PT_INTERP: interp = bprm.readsegment(s).strip(b"\0") elif s.p_type == PT_LOAD: ms = bprm.loadsegment(s, self.PAGESIZE) if ms != None: vaddr, data = ms.popitem() p.state.mmap.write(vaddr, data) elif s.p_type == PT_GNU_STACK: # executable_stack = s.p_flags & PF_X pass # init task state registers: p.state[cpu.eip] = cpu.cst(p.bin.entrypoints[0], 32) p.state[cpu.ebp] = cpu.cst(0, 32) p.state[cpu.eax] = cpu.cst(0, 32) p.state[cpu.ebx] = cpu.cst(0, 32) p.state[cpu.ecx] = cpu.cst(0, 32) p.state[cpu.edx] = cpu.cst(0, 32) p.state[cpu.esi] = cpu.cst(0, 32) p.state[cpu.edi] = cpu.cst(0, 32) # create the stack space: if self.ASLR: p.state.mmap.newzone(p.cpu.esp) else: stack_base = 0x7FFFFFFF & ~(self.PAGESIZE - 1) stack_size = 2 * self.PAGESIZE p.state.mmap.write(stack_base - stack_size, b"\0" * stack_size) p.state[cpu.esp] = cpu.cst(stack_base, 32) # create the dynamic segments: if bprm.dynamic and interp: self.load_elf_interp(p, interp) # start task: self.tasks.append(p) return p
def use_x86(self): from amoco.arch.x86 import cpu_x86 self.cpu = cpu_x86 self.state[cpu_x86.eip] = cpu_x86.cst(0,32)