mdis.dont_dis_nulstart_bloc = True ab = mdis.dis_multibloc(ep) bb = asmbloc.basicblocs(ab) leaves = bb.get_bad_dst() assert(len(leaves) == 1) l = leaves.pop() logging.info(l) end_label = l.label.offset logging.info('final label') logging.info(end_label) # Export CFG graph (dot format) if options.graph is True: g = asmbloc.bloc2graph(ab) open("graph.txt", "w").write(g) if options.verbose is True: sb.jitter.vm.dump_memory_page_pool() def update_binary(jitter): sb.pe.Opthdr.AddressOfEntryPoint = sb.pe.virt2rva(jitter.pc) logging.info('updating binary') for s in sb.pe.SHList: sdata = sb.jitter.vm.get_mem(sb.pe.rva2virt(s.addr), s.rawsize) sb.pe.virt[sb.pe.rva2virt(s.addr)] = sdata
with open(args.source) as fstream: source = fstream.read() blocs, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source) # Fix shellcode addrs symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main) if args.PE: symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"), pe.DirImport.get_funcvirt('MessageBoxA')) # Print and graph firsts blocs before patching it for bloc in blocs: print bloc graph = asmbloc.bloc2graph(blocs) open("graph.dot", "w").write(graph) # Apply patches patches = asmbloc.asm_resolve_final(machine.mn, blocs, symbol_pool, dst_interval) if args.encrypt: # Encrypt code ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset new_patches = dict(patches) for ad, val in patches.items(): if ad_start <= ad < ad_stop:
import sys from elfesteem import pe_init from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph from miasm2.core.bin_stream import bin_stream_pe if len(sys.argv) != 3: print "Example:" print "%s box_upx.exe 0x410f90" % sys.argv[0] sys.exit(0) fname = sys.argv[1] ad = int(sys.argv[2], 16) e = pe_init.PE(open(fname).read()) bs = bin_stream_pe(e.virt) mdis = dis_x86_32(bs) # inform the engine not to disasm nul instructions mdis.dont_dis_nulstart_bloc = True blocs = mdis.dis_multibloc(ad) g = bloc2graph(blocs) open("graph.txt", "w").write(g)
import sys from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.core.asmbloc import bloc2graph from miasm2.analysis.binary import Container from pdb import pm if len(sys.argv) != 3: print 'Example:' print "%s samples/box_upx.exe 0x407570" % sys.argv[0] sys.exit(0) addr = int(sys.argv[2], 16) cont = Container.from_stream(open(sys.argv[1])) mdis = dis_x86_32(cont.bin_stream) # Inform the engine to avoid disassembling null instructions mdis.dont_dis_nulstart_bloc = True blocs = mdis.dis_multibloc(addr) graph = bloc2graph(blocs) open('graph.txt', 'w').write(graph)
.byte 0x11 mystr: .string "test string" mystrend: .long 0 ''' blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt) # fix shellcode addr symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0x0) symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0x0) # graph sc#### g = asmbloc.bloc2graph(blocs_l[0]) open("graph.txt", "w").write(g) s_b = StrPatchwork() s_l = StrPatchwork() print "symbols" print symbol_pool_l # dont erase from start to shell code padading resolved_b, patches_b = asmbloc.asm_resolve_final(my_mn, blocs_b[0], symbol_pool_b) resolved_l, patches_l = asmbloc.asm_resolve_final(my_mn, blocs_l[0], symbol_pool_l) print patches_b for offset, raw in patches_b.items():
with open(args.source) as fstream: source = fstream.read() blocs, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source) # Fix shellcode addrs symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main) if args.PE: symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"), pe.DirImport.get_funcvirt('MessageBoxA')) # Print and graph firsts blocs before patching it for bloc in blocs[0]: print bloc graph = asmbloc.bloc2graph(blocs[0]) open("graph.txt", "w").write(graph) # Apply patches patches = asmbloc.asm_resolve_final(machine.mn, blocs[0], symbol_pool, dst_interval) if args.encrypt: # Encrypt code ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset new_patches = dict(patches) for ad, val in patches.items(): if ad_start <= ad < ad_stop: new_patches[ad] = "".join([chr(ord(x) ^ 0x42) for x in val]) patches = new_patches
if args.try_disasm_all: for a, b in done_interval.intervals: if b in done: continue log.debug('add func %s' % hex(b)) todo.append((mdis, None, b)) # Generate dotty graph all_blocs = [] for blocs in all_funcs_blocs.values(): all_blocs += blocs # for b in blocs: # print b log.info('generate graph file') g = bloc2graph(all_blocs, True) open('graph_execflow.txt', 'w').write(g) log.info('generate intervals') all_lines = [] total_l = 0 print done_interval if args.image: log.info('build img') done_interval.show() for i, j in done_interval.intervals: log.debug((hex(i), "->", hex(j)))
for a, b in done_interval.intervals: if b in done: continue log.debug('add func %s' % hex(b)) todo.append((mdis, None, b)) # Generate dotty graph all_blocs = [] for blocs in all_funcs_blocs.values(): all_blocs += blocs # for b in blocs: # print b log.info('generate graph file') g = bloc2graph(all_blocs, True) open('graph_execflow.txt', 'w').write(g) log.info('generate intervals') all_lines = [] total_l = 0 print done_interval if args.image: log.info('build img') done_interval.show() for i, j in done_interval.intervals: log.debug((hex(i), "->", hex(j)))
ADD SP, 0x100 POP {PC} mystr: .string "toto" ''' blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt) # fix shellcode addr symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0) symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0) # graph sc#### g = asmbloc.bloc2graph(blocs_b[0]) open("graph.txt", "w").write(g) s_b = StrPatchwork() s_l = StrPatchwork() print "symbols" print symbol_pool_b # dont erase from start to shell code padading resolved_b, patches_b = asmbloc.asm_resolve_final( my_mn, blocs_b[0], symbol_pool_b) resolved__l, patches_l = asmbloc.asm_resolve_final( my_mn, blocs_l[0], symbol_pool_l) print patches_b print patches_l
mystr: .string "test string" mystrend: .long 0 ''' blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt) blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt) # fix shellcode addr symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0x0) symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0x0) # graph sc#### g = asmbloc.bloc2graph(blocs_l[0]) open("graph.txt", "w").write(g) s_b = StrPatchwork() s_l = StrPatchwork() print "symbols" print symbol_pool_l # dont erase from start to shell code padading resolved_b, patches_b = asmbloc.asm_resolve_final( my_mn, blocs_b[0], symbol_pool_b) resolved_l, patches_l = asmbloc.asm_resolve_final( my_mn, blocs_l[0], symbol_pool_l) print patches_b for offset, raw in patches_b.items():