# Update instruction instance last_instr.name = 'PUSH' # Update next blocks to process in the disassembly engine cur_bloc.bto.clear() cur_bloc.add_cst(dst.name.offset, asm_constraint.c_next, symbol_pool) # Prepare a tiny shellcode shellcode = ''.join([ "\xe8\x00\x00\x00\x00", # CALL $ "X", # POP EAX "\xc3", # RET ]) bin_stream = bin_stream_str(shellcode) mdis = dis_x86_32(bin_stream) print "Without callback:\n" blocks = mdis.dis_multibloc(0) print "\n".join(str(block) for block in blocks) # Enable callback cb_x86_funcs.append(cb_x86_callpop) ## Other method: ## mdis.dis_bloc_callback = cb_x86_callpop # Clean disassembly cache mdis.job_done.clear() print "=" * 40 print "With callback:\n"
print 'IN', [str(x) for x in irbloc.in_nodes] print 'OUT', [str(x) for x in irbloc.out_nodes] print '*' * 20, 'interbloc', '*' * 20 inter_bloc_flow(ir_arch, flow_graph, irbloc_0.label) # from graph_qt import graph_qt # graph_qt(flow_graph) open('data.dot', 'w').write(flow_graph.dot()) data = open(args.filename).read() ad = int(args.addr, 16) print 'disasm...' mdis = dis_x86_32(data) mdis.follow_call = True ab = mdis.dis_multibloc(ad) print 'ok' print 'generating dataflow graph for:' ir_arch = ir_a_x86_32(mdis.symbol_pool) blocs = ab for bloc in blocs: print bloc ir_arch.add_bloc(bloc) for irbloc in ir_arch.blocs.values(): print irbloc if irbloc.label.offset != 0:
from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.analysis.binary import Container from miasm2.core.asmblock import AsmCFG, AsmConstraint, AsmBlock, \ AsmLabel, AsmBlockBad, AsmConstraintTo, AsmConstraintNext, \ bbl_simplifier from miasm2.core.graph import DiGraphSimplifier, MatchGraphJoker from miasm2.expression.expression import ExprId # Initial data: from 'samples/simple_test.bin' data = "5589e583ec10837d08007509c745fc01100000eb73837d08017709c745fc02100000eb64837d08057709c745fc03100000eb55837d080774138b450801c083f80e7509c745fc04100000eb3c8b450801c083f80e7509c745fc05100000eb298b450883e03085c07409c745fc06100000eb16837d08427509c745fc07100000eb07c745fc081000008b45fcc9c3".decode( "hex") cont = Container.from_string(data) # Test Disasm engine mdis = dis_x86_32(cont.bin_stream) ## Disassembly of one block first_block = mdis.dis_block(0) assert len(first_block.lines) == 5 print first_block ## Test redisassemble blocks first_block_bis = mdis.dis_block(0) assert len(first_block.lines) == len(first_block_bis.lines) print first_block_bis ## Disassembly of several block, with cache blocks = mdis.dis_multiblock(0) assert len(blocks) == 17 ## Test redisassemble blocks
import sys from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph from miasm2.analysis.binary import Container from pdb import pm if len(sys.argv) != 3: print 'Example:' print "%s samples/box_upx.exe 0x407570" % sys.argv[0] sys.exit(0) addr = int(sys.argv[2], 16) cont = Container.from_stream(open(sys.argv[1])) mdis = dis_x86_32(cont.bin_stream) # Inform the engine to avoid disassembling null instructions mdis.dont_dis_nulstart_bloc = True blocs = mdis.dis_multibloc(addr) graph = bloc2graph(blocs) open('graph.txt', 'w').write(graph)
import sys from elfesteem import pe_init from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph from miasm2.core.bin_stream import bin_stream_pe if len(sys.argv) != 3: print "Example:" print "%s box_upx.exe 0x410f90" % sys.argv[0] sys.exit(0) fname = sys.argv[1] ad = int(sys.argv[2], 16) e = pe_init.PE(open(fname).read()) bs = bin_stream_pe(e.virt) mdis = dis_x86_32(bs) # inform the engine not to disasm nul instructions mdis.dont_dis_nulstart_bloc = True blocs = mdis.dis_multibloc(ad) g = bloc2graph(blocs) open("graph.txt", "w").write(g)
from miasm2.arch.x86.disasm import dis_x86_32 # MOV EAX, 0x1337BEEF # MOV ECX, 0x4 # loop: # ROL EAX, 0x8 # LOOP loop # RET shellcode = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3' mdis = dis_x86_32(shellcode) blocks = mdis.dis_multibloc(0) for block in blocks: print block open('graph.dot', 'w').write(blocks.dot())
print 'OUT', [str(x) for x in irb_out_nodes[label]] print '*' * 20, 'interblock', '*' * 20 inter_block_flow(ir_arch, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt # graph_qt(flow_graph) open('data.dot', 'w').write(flow_graph.dot()) data = open(args.filename).read() ad = int(args.addr, 16) print 'disasm...' mdis = dis_x86_32(data) mdis.follow_call = True asmcfg = mdis.dis_multiblock(ad) print 'ok' print 'generating dataflow graph for:' ir_arch = ir_a_x86_32(mdis.loc_db) for block in asmcfg.blocks: print block ir_arch.add_block(block) for irblock in ir_arch.blocks.values(): print irblock if args.symb: block_flow_cb = intra_block_flow_symb
import sys from elfesteem import pe_init from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph from miasm2.core.bin_stream import bin_stream_pe if len(sys.argv) != 3: print 'Example:' print "%s box_upx.exe 0x410f90" % sys.argv[0] sys.exit(0) fname = sys.argv[1] ad = int(sys.argv[2], 16) e = pe_init.PE(open(fname).read()) bs = bin_stream_pe(e.virt) mdis = dis_x86_32(bs) # inform the engine not to disasm nul instructions mdis.dont_dis_nulstart_bloc = True blocs = mdis.dis_multibloc(ad) g = bloc2graph(blocs) open('graph.txt', 'w').write(g)
def ins_str_without_jmp(self): from miasm2.arch.x86.disasm import dis_x86_32 buf = self.bytes_without_jmp d = dis_x86_32(buf) d.dont_dis = [len(buf)] return str(d.dis_block(0))
from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph s = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3' mdis = dis_x86_32(s) blocs = mdis.dis_multibloc(0) for b in blocs: print b g = bloc2graph(blocs) open('graph.txt', 'w').write(g)
# Update instruction instance last_instr.name = 'PUSH' # Update next blocks to process in the disassembly engine cur_bloc.bto.clear() cur_bloc.add_cst(loc_key, AsmConstraint.c_next) # Prepare a tiny shellcode shellcode = ''.join(["\xe8\x00\x00\x00\x00", # CALL $ "X", # POP EAX "\xc3", # RET ]) bin_stream = bin_stream_str(shellcode) mdis = dis_x86_32(bin_stream) print "Without callback:\n" asmcfg = mdis.dis_multiblock(0) print "\n".join(str(block) for block in asmcfg.blocks) # Enable callback cb_x86_funcs.append(cb_x86_callpop) ## Other method: ## mdis.dis_block_callback = cb_x86_callpop print "=" * 40 print "With callback:\n" asmcfg_after = mdis.dis_multiblock(0) print "\n".join(str(block) for block in asmcfg_after.blocks)
offset = 0x59b block_state = stack = [] dump_id = dump_mem = [] filename = "/home/hack/Android/OLLVM/OLLVM_TEST/flat_test/target_flat" #filename = "/home/hack/Android/OLLVM/OLLVM_TEST/flat_test/target_flat" # Get Miasm's binary stream [获取文件二进制流] bin_file = open(filename, "rb").read() # fix: (此处原文代码BUG,未指定“rb”模式可能导致文件读取错误) bin_stream = bin_stream_str(bin_file) # Disassemble blocks of the function at 'offset' 【反汇编目标函数基本块】 mdis = dis_x86_32( bin_stream ) #mdis= machine 反编译引擎, 形如:<miasm2.arch.x86.disasm.dis_x86_32 object at 0xb668258c> disasm = mdis.dis_multibloc( offset) #(disasm即所有的基本块的汇编代码)从offset起,反汇编每个可达基本块,并返回AsmCFG实例(已反汇编的基本块的) # Create target IR object and add all basic blocks to it 【创建IR对象并添加所有的基本块】 ir = ir_a_x86_32(mdis.symbol_pool) for bbl in disasm: #print "------------bbl=",bbl ir.add_bloc(bbl) #将native block 添加到当前IR中 #print "+++++++++++++++++ir=",ir # Init our symbols with all architecture known registers 【符号初始化】