def __init__(self, gctx): self.gctx = gctx gctx.vim = False self.COMMANDS_ALPHA = [ "analyzer", "da", "db", "dd", "dw", "dq", "dump", "exit", "functions", "help", "history", "info", "jmptable", "load", "lrawarm", "lrawmips", "lrawmips64", "lrawx86", "lrawx64", "mips_set_gp", "py", "save", "sections", "sym", "x", "v", "display.print_section", "xrefs", ] self.COMMANDS = { "analyzer": Command(0, self.__exec_analyzer, None, [ "", "Analyzer information", ]), "help": Command(0, self.__exec_help, None, ["", "Display this help"]), "history": Command(0, self.__exec_history, None, [ "", "Display the command history", ]), "save": Command(0, self.__exec_save, None, [ "", "Save the database (only symbols and history currently).", ]), "load": Command(1, self.__exec_load, self.__complete_load, [ "filename", "Load a new binary file.", ]), "lrawx86": Command(1, self.__exec_lrawx86, self.__complete_load, [ "filename", "Load a x86 raw file.", ]), "lrawx64": Command(1, self.__exec_lrawx64, self.__complete_load, [ "filename", "Load a x64 raw file.", ]), "lrawarm": Command(1, self.__exec_lrawarm, self.__complete_load, [ "filename", "Load a ARM raw file.", ]), "lrawmips": Command(1, self.__exec_lrawmips, self.__complete_load, [ "filename", "Load a MIPS raw file.", ]), "lrawmips64": Command(1, self.__exec_lrawmips64, self.__complete_load, [ "filename", "Load a MIPS64 raw file.", ]), "x": Command(1, self.__exec_x, self.__complete_x, [ "[SYMBOL|0xXXXX|EP]", "Decompile and print on stdout. By default it will be main.", "The decompilation is forced, it dosn't check if addresses", "are defined as code." ]), "v": Command(1, self.__exec_v, self.__complete_x, [ "[SYMBOL|0xXXXX|EP]", "Visual mode", "Shortcuts:", "c create code", "p create function", "x show xrefs", "r rename", "I switch to traditional instruction string output", "g top", "G bottom", "z set current line on the middle", "q quit", "; edit inline comment (enter/escape to validate/cancel)", "% goto next bracket", "* highlight current word (ctrl-k to clear)", "{ } previous/next paragraph", "tab switch between dump/decompilation", "enter follow address", "escape go back", "u re-enter (for undo)", ]), "da": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in ascii, it stops when the end of the section is found", ]), "db": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in bytes, it stops when the end of the section is found", ]), "dd": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in dwords, it stops when the end of the section is found", ]), "dw": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in words, it stops when the end of the section is found", ]), "dq": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in qwords, it stops when the end of the section is found", ]), # by default it will be gctx.nb_lines "dump": Command(2, self.__exec_dump, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Disassemble only.", ]), "set": Command(3, None, None, ["", "Set options"]), "sym": Command(3, self.__exec_sym, self.__complete_x, [ "[SYMBOL 0xXXXX] [| FILTER]", "Print all symbols or set a new symbol.", "You can filter symbols by searching the word FILTER.", "If FILTER starts with -, the match is inversed." ]), "exit": Command(0, self.__exec_exit, None, ["", "Exit"]), "sections": Command(0, self.__exec_sections, None, [ "", "Print all sections", ]), "info": Command(0, self.__exec_info, None, ["", "Information about the current binary"]), "display.print_section": Command(0, self.__exec_display_print_section, None, ["", "Print or not section when an address is found"]), "jmptable": Command(4, self.__exec_jmptable, None, [ "INST_ADDR TABLE_ADDR NB_ENTRIES SIZE_ENTRY", "Create a jump table referenced at TABLE_ADDR and called", "from INST_ADDR." ]), "py": Command(0, self.__exec_py, None, ["", "Run an interactive python shell."]), "mips_set_gp": Command(1, self.__exec_mips_set_gp, None, ["ADDR", "Set the register $gp to a fixed value."]), "functions": Command(1, self.__exec_functions, None, ["", "Print the function list."]), "xrefs": Command(1, self.__exec_xrefs, self.__complete_x, ["SYMBOL|0xXXXX|EP", "Print all xrefs."]), } self.analyzer = Analyzer() self.analyzer.start() rl = ReadLine(self.exec_command, self.complete, self.send_control_c) self.rl = rl if gctx.filename is not None: self.__exec_load(["", gctx.filename]) rl.reload_cursor_line() while 1: rl.loop() if not self.check_db_modified(): break self.analyzer.msg.put("exit")
def __init__(self, gctx): self.gctx = gctx gctx.vim = False self.COMMANDS = { "analyzer": Command(0, self.__exec_analyzer, None, [ "", "Analyzer information", ]), "push_analyze_symbols": Command(0, self.push_analyze_symbols, None, [ "", "Force to analyze the entry point, symbols and a memory scan will be done.", ]), "help": Command(0, self.__exec_help, None, ["", "Display this help"]), "history": Command(0, self.__exec_history, None, [ "", "Display the command history", ]), "save": Command(0, self.__exec_save, None, [ "", "Save the database (only symbols and history currently).", ]), "x": Command(1, self.__exec_x, self.__complete_x, [ "[SYMBOL|0xXXXX|EP]", "Decompile and print on stdout. By default it will be main.", "The decompilation is forced, it dosn't check if addresses", "are defined as code." ]), "v": Command(1, self.__exec_v, self.__complete_x, [ "[SYMBOL|0xXXXX|EP]", "Visual mode", "Shortcuts:", "c create code", "b/w/d/Q create byte/word/dword/qword", "a create ascii string", "p create function", "o set [d|q]word as an offset", "x show xrefs", "r rename", "/ binary search: if the first char is ! you can put an", " hexa string example: /!ab 13 42", "n/N next/previous search occurence", "I switch to traditional instruction string output", "M show/hide mangling", "B show/hide bytes", "g top", "G bottom", "z set current line on the middle", "Q quit", "; edit inline comment (enter/escape to validate/cancel)", "% goto next bracket", "* highlight current word (ctrl-k to clear)", "{ } previous/next paragraph", "tab switch between dump/decompilation", "enter follow address", "escape go back", "u re-enter (for undo)", ]), "da": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in ascii, it stops when the end of the section is found", ]), "db": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in bytes, it stops when the end of the section is found", ]), "dd": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in dwords, it stops when the end of the section is found", ]), "dw": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in words, it stops when the end of the section is found", ]), "dq": Command(2, self.__exec_data, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Print data in qwords, it stops when the end of the section is found", ]), # by default it will be gctx.nb_lines "dump": Command(2, self.__exec_dump, self.__complete_x, [ "SYMBOL|0xXXXX|EP [NB_LINES]", "Disassemble only.", ]), "set": Command(3, None, None, ["", "Set options"]), "sym": Command(3, self.__exec_sym, self.__complete_x, [ "[SYMBOL 0xXXXX] [| FILTER]", "Print all symbols or set a new symbol.", "You can filter symbols by searching the word FILTER.", "If FILTER starts with -, the match is inversed." ]), "exit": Command(0, self.__exec_exit, None, ["", "Exit"]), "sections": Command(0, self.__exec_sections, None, [ "", "Print all sections", ]), "info": Command(0, self.__exec_info, None, ["", "Information about the current binary"]), "display.print_section": Command(0, self.__exec_display_print_section, None, ["", "Print or not section when an address is found"]), "jmptable": Command(4, self.__exec_jmptable, None, [ "INST_ADDR TABLE_ADDR NB_ENTRIES SIZE_ENTRY", "Create a jump table referenced at TABLE_ADDR and called", "from INST_ADDR." ]), "py": Command(0, self.__exec_py, None, ["", "Run an interactive python shell."]), "mips_set_gp": Command(1, self.__exec_mips_set_gp, None, ["ADDR", "Set the register $gp to a fixed value."]), "functions": Command(1, self.__exec_functions, None, ["", "Print the function list."]), "xrefs": Command(1, self.__exec_xrefs, self.__complete_x, ["SYMBOL|0xXXXX|EP", "Print all xrefs."]), } rl = ReadLine(self.exec_command, self.complete, self.send_control_c) self.rl = rl self.rl.history = gctx.db.history self.analyzer = Analyzer() self.analyzer.init() self.analyzer.start() self.analyzer.set(gctx) if gctx.dis.binary.get_arch_string() == "MIPS" and \ gctx.dis.mips_gp == -1: print("please run first these commands :") print("mips_set_gp 0xADDRESS") print("push_analyze_symbols") else: # It means that the first analysis was already done if gctx.autoanalyzer and len(gctx.db.functions) == 0: self.push_analyze_symbols(None) rl.reload_cursor_line() while 1: rl.loop() if not self.check_db_modified(): break self.analyzer.msg.put("exit")