def run(self, iterations=1): return_dict = {} for itercount in range(iterations): sys.stdout.write( f"[+] Attempting iteration {itercount}/{iterations}\n") #TODO(artem): This is really slow. Should be implemented as some kind of CoW semantics # or at least provide a way to 'reset' to a clean state proc = self.make_new_process(copy.deepcopy(self._memory)) t = microx.EmptyThread(proc) t.write_register("EIP", self.i_pc) t.write_register("ESP", proc._initial_sp) sys.stdout.write(f"[+] Initial EIP is: {self.i_pc:08x}\n") sys.stdout.write(f"[+] Initial ESP is: {proc._initial_sp:08x}\n") instruction_count = 0 try: while self.run_length == Icount.INFINITE or instruction_count < self.max_insts: pc_bytes = t.read_register("EIP", t.REG_HINT_PROGRAM_COUNTER) pc = proc._ops.convert_to_integer(pc_bytes) if self.magic_return is not None and self.magic_return == pc: sys.stdout.write( "[+] Reached return address. Stopping\n") break else: sys.stdout.write( f"[+] Emulating instruction at: {pc:08x}\n") proc.execute(t, 1) instruction_count += 1 except InstructionFetchError as efe: sys.stdout.write( f"[!] Could not fetch instruction at: {pc:08x}. Error msg: {repr(efe)}.\n" ) except Exception as e: print(e) print(traceback.format_exc()) pass return_dict[itercount] = (instruction_count, proc) return return_dict
0x1000, 0x2000, can_write=False, can_execute=True) stack = microx.ArrayMemoryMap(o, 0x80000, 0x82000) code.store_bytes( 0x1000, b"\x8d\x7c\x24\xe0\xb8\x41\x00\x00\x00\xb9\x20\x00\x00\x00\xf3\xaa\x8d\x74\x24\xe0\x8d\x7c\x24\xc0\xb9\x20\x00\x00\x00\xf3\xa4\xc6\x44\x24\xe0\x00\x8d\x7c\x24\xc0\x31\xc0\xb9\xff\xff\xff\xff\xf2\xae\xf7\xd1\x49", ) m = microx.Memory(o, 32) m.add_map(code) m.add_map(stack) t = microx.EmptyThread(o) t.write_register("EIP", 0x1000) t.write_register("ESP", 0x81000) p = microx.Process(o, m) try: while True: pc = t.read_register("EIP", t.REG_HINT_PROGRAM_COUNTER) eax = t.read_register("EAX", t.REG_HINT_GENERAL) esi = t.read_register("ESI", t.REG_HINT_GENERAL) edi = t.read_register("EDI", t.REG_HINT_GENERAL) ecx = t.read_register("ECX", t.REG_HINT_GENERAL) print( "Emulating instruction at {:08x} (EAX={:08x}, ESI={:08x}, EDI={:08x}, ECX={:08x})" .format(pc, eax, esi, edi, ecx))