def __init__(self, custom_methods, *args, **kwargs): super(OS_Win, self).__init__(custom_methods, *args, **kwargs) # Import manager libs = libimp() self.libs = libs win_api_x86_32.winobjs.runtime_dll = libs # Load library if self.options.loadbasedll: all_pe = [] # Load libs in memory for dll_fname in self.ALL_IMP_DLL: fname = os.path.join('win_dll', dll_fname) e_lib = vm_load_pe(self.jitter.vm, fname) libs.add_export_lib(e_lib, dll_fname) all_pe.append(e_lib) # Patch libs imports for pe in all_pe: preload_pe(self.jitter.vm, pe, libs) # Load main pe self.pe = vm_load_pe(self.jitter.vm, self.fname) # Fix pe imports preload_pe(self.jitter.vm, self.pe, libs) # Library calls handler self.jitter.add_lib_handler(libs, custom_methods) # Manage SEH if self.options.use_seh: win_api_x86_32_seh.main_pe_name = self.fname win_api_x86_32_seh.main_pe = self.pe win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL win_api_x86_32_seh.init_seh(self.jitter) win_api_x86_32_seh.set_win_fs_0(self.jitter) self.entry_point = self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)
def parse(self, data, vm=None): # Parse signature if not data.startswith('MZ'): raise ContainerSignatureException() # Build executable instance try: if vm is not None: self._executable = vm_load_pe(vm, filename) else: self._executable = pe_init.PE(data) except Exception, error: raise ContainerParsingException('Cannot read PE: %s' % error)
def __init__(self, filename, vm = None, addr = None): data = open(filename).read() log.info('load binary') e, bs, ep = None, None, None if data.startswith('MZ'): try: if vm is not None: e = vm_load_pe(vm, filename) else: e = pe_init.PE(data) if e.isPE() and e.NTsig.signature_value == 0x4550: bs = bin_stream_pe(e.virt) ep = e.rva2virt(e.Opthdr.AddressOfEntryPoint) except: log.error('Cannot read PE!') elif data.startswith('\x7fELF'): try: if vm is not None: e = vm_load_elf(vm, filename) else: e = elf_init.ELF(data) bs = bin_stream_elf(e.virt) ep = e.Ehdr.entry except: log.error('Cannot read ELF!') else: bs = bin_stream_str(data) if vm is not None: if addr is None: raise ValueError('set load addr') vm.add_memory_page(addr, PAGE_READ, data) self.e, self.bs, self.ep = e, bs, ep