Python BARF.emulate_full 예제들

예제 #1

파일: emulate_reil.py 프로젝트: weizhengwei/barf-project

#! /usr/bin/env python

import os
import sys

from barf.barf import BARF

if __name__ == "__main__":
    #
    # Open file
    #
    try:
        filename = os.path.abspath("../../samples/toy/x86/loop2")
        barf = BARF(filename)
    except Exception, err:
        print "[-] Error opening file : %s" % filename

        sys.exit(1)

    #
    # REIL emulation
    #
    context_in = {}
    context_out = barf.emulate_full(context_in, 0x080483ec, 0x08048414)

    print "%s : %s" % ("eax", hex(context_out['registers']["eax"]))

    assert (context_out['registers']["eax"] == 0xa)

예제 #2

파일: emulate_reil.py 프로젝트: chubbymaggie/barf-project

#! /usr/bin/env python

import os
import sys

from barf.barf import BARF

if __name__ == "__main__":
    #
    # Open file
    #
    try:
        filename = os.path.abspath("../../bin/x86/loop2")
        barf = BARF(filename)
    except Exception, err:
        print "[-] Error opening file : %s" % filename

        sys.exit(1)

    #
    # REIL emulation
    #
    context_in = {}
    context_out = barf.emulate_full(context_in, 0x080483ec, 0x08048414)

    print "%s : %s" % ("eax", hex(context_out['registers']["eax"]))

    assert(context_out['registers']["eax"] == 0xa)

예제 #3

파일: emulate_reil.py 프로젝트: Cyber-Forensic/barf-project

    #     8398:    e24dd00c     sub    sp, sp, #12
    #     839c:    e3a03000     mov    r3, #0
    #     83a0:    e50b3008     str    r3, [fp, #-8]
    #     83a4:    e3a0300a     mov    r3, #10
    #     83a8:    e50b300c     str    r3, [fp, #-12]
    #     83ac:    ea000005     b    83c8 <main+0x38>
    #     83b0:    e51b3008     ldr    r3, [fp, #-8]
    #     83b4:    e2833001     add    r3, r3, #1
    #     83b8:    e50b3008     str    r3, [fp, #-8]
    #     83bc:    e51b300c     ldr    r3, [fp, #-12]
    #     83c0:    e2433001     sub    r3, r3, #1
    #     83c4:    e50b300c     str    r3, [fp, #-12]
    #     83c8:    e51b300c     ldr    r3, [fp, #-12]
    #     83cc:    e3530000     cmp    r3, #0
    #     83d0:    1afffff6     bne    83b0 <main+0x20>
    #     83d4:    e51b3008     ldr    r3, [fp, #-8]
    #     83d8:    e1a00003     mov    r0, r3
    #     83dc:    e28bd000     add    sp, fp, #0
    #     83e0:    e8bd0800     ldmfd    sp!, {fp}
    #     83e4:    e12fff1e     bx    lr

    #
    # REIL emulation
    #
    context_in = {}
    context_out = barf.emulate_full(context_in, 0x8390, 0x83e0)

    print "%s : %s" % ("r3", hex(context_out['registers']["r3"]))

    assert(context_out['registers']["r3"] == 0xa)

예제 #4

파일: emulate_reil.py 프로젝트: LiuFang816/SALSTM_py_data

    #     8398:    e24dd00c     sub    sp, sp, #12
    #     839c:    e3a03000     mov    r3, #0
    #     83a0:    e50b3008     str    r3, [fp, #-8]
    #     83a4:    e3a0300a     mov    r3, #10
    #     83a8:    e50b300c     str    r3, [fp, #-12]
    #     83ac:    ea000005     b    83c8 <main+0x38>
    #     83b0:    e51b3008     ldr    r3, [fp, #-8]
    #     83b4:    e2833001     add    r3, r3, #1
    #     83b8:    e50b3008     str    r3, [fp, #-8]
    #     83bc:    e51b300c     ldr    r3, [fp, #-12]
    #     83c0:    e2433001     sub    r3, r3, #1
    #     83c4:    e50b300c     str    r3, [fp, #-12]
    #     83c8:    e51b300c     ldr    r3, [fp, #-12]
    #     83cc:    e3530000     cmp    r3, #0
    #     83d0:    1afffff6     bne    83b0 <main+0x20>
    #     83d4:    e51b3008     ldr    r3, [fp, #-8]
    #     83d8:    e1a00003     mov    r0, r3
    #     83dc:    e28bd000     add    sp, fp, #0
    #     83e0:    e8bd0800     ldmfd    sp!, {fp}
    #     83e4:    e12fff1e     bx    lr

    #
    # REIL emulation
    #
    context_in = {}
    context_out = barf.emulate_full(context_in, 0x8390, 0x83e0, arch_mode=ARCH_ARM_MODE_ARM)

    print "%s : %s" % ("r3", hex(context_out['registers']["r3"]))

    assert(context_out['registers']["r3"] == 0xa)

예제 #5

파일: emulate_reil.py 프로젝트: weizhengwei/barf-project

    #     8398:    e24dd00c     sub    sp, sp, #12
    #     839c:    e3a03000     mov    r3, #0
    #     83a0:    e50b3008     str    r3, [fp, #-8]
    #     83a4:    e3a0300a     mov    r3, #10
    #     83a8:    e50b300c     str    r3, [fp, #-12]
    #     83ac:    ea000005     b    83c8 <main+0x38>
    #     83b0:    e51b3008     ldr    r3, [fp, #-8]
    #     83b4:    e2833001     add    r3, r3, #1
    #     83b8:    e50b3008     str    r3, [fp, #-8]
    #     83bc:    e51b300c     ldr    r3, [fp, #-12]
    #     83c0:    e2433001     sub    r3, r3, #1
    #     83c4:    e50b300c     str    r3, [fp, #-12]
    #     83c8:    e51b300c     ldr    r3, [fp, #-12]
    #     83cc:    e3530000     cmp    r3, #0
    #     83d0:    1afffff6     bne    83b0 <main+0x20>
    #     83d4:    e51b3008     ldr    r3, [fp, #-8]
    #     83d8:    e1a00003     mov    r0, r3
    #     83dc:    e28bd000     add    sp, fp, #0
    #     83e0:    e8bd0800     ldmfd    sp!, {fp}
    #     83e4:    e12fff1e     bx    lr

    #
    # REIL emulation
    #
    context_in = {}
    context_out = barf.emulate_full(context_in, 0x8390, 0x83e0)

    print "%s : %s" % ("r3", hex(context_out['registers']["r3"]))

    assert (context_out['registers']["r3"] == 0xa)

예제 #6

파일: find_and_run.py 프로젝트: LiuFang816/SALSTM_py_data

        argv_base_addr = 0x00001800
        reil_emulator.write_memory(argv_base_addr + 0x00, 4, argv_0_addr)
        reil_emulator.write_memory(argv_base_addr + 0x04, 4, argv_1_addr)
        reil_emulator.write_memory(argv_base_addr + 0x08, 4, 0x00000000)

        # Set main parameters.
        argc = 0x2
        argv = argv_base_addr

        # Push parameters into the stack.
        reil_emulator.write_memory(esp + 0x00, 4, 0x41414141)  # return address

        reil_emulator.write_memory(esp + 0x04, 4, argc)  # argc
        reil_emulator.write_memory(esp + 0x08, 4, argv)  # argv

        # Set registers.
        ctx_init = {
            'registers': {
                # Set eflags and stack pointer.
                'eflags': 0x202,
                'esp': esp,
            }
        }

        # Emulate code.
        print("[+] Executing from {:#x} to {:#x}".format(
            cfg_start.start_address, cfg_end.start_address))
        ctx_fini = barf.emulate_full(ctx_init,
                                     ea_start=cfg_start.start_address,
                                     ea_end=cfg_end.start_address)