def test3(ctx):
g_data.set_m32(True)
def handle(s):
s.kern.stop()
yield
s = create_kern(arch='thumb', solver_kwargs=dict(handle=handle))
res = s.kern.machine.get_disassembly('''
adr %r2, START
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
.align
START:
mov %r1, #0xff;
''')
ip = s.kern.scratch[0]
s.hook_addr(ip + len(res))
s.mem.write(ip, res)
s.enable_full_hook()
s.run(ip + 1)
print(s.regs.r1)
print(s.kern.mc.args[1])
def test_payload(ctx, payload):
g_data.set_m32(True)
kern, elf = load_kern(ctx)
kern.tracer.diff_mode = False
event_log = open('/tmp/evens_{}.out'.format(ctx.runid), 'w')
vmop_log = open('/tmp/vmop_{}.out'.format(ctx.runid), 'w')
kern.tracer.cb = lambda x: event_handle(x, event_log, vmop_log)
solver = UCSolver(kern)
kern.ignore_mem_access = False
sc = elf.get_symbol('shellcode')
kern.mem.write(sc, payload)
kern.regs.lr = 0x0001B304
try:
#kern.set_real_mode()
kern.start(ip=sc + 1)
#print('RESTARTING')
#kern.set_real_mode()
#kern.start(count=3)
except uc.UcError as e:
print('%s' % e)
tb.print_exc()
#print(kern.mem.read(output_addr, 20))
return
def test(ctx):
g_data.set_m32(True)
g_code = StructBuilder()
#g_code.add_extractor(SimpleStructExtractor('./test.h', ''))
g_code.add_extractor(CodeStructExtractor('int test(int a);', ''))
g_code.build(extra_args=StructBuilder.opa_common_args())
s = create_kern(arch='thumb')
code = s.kern.machine.get_disassembly('''
nop
FUNC:
add %r0, #1
mov %pc, %lr
adr %r2, START
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
mov %r1, #12;
.align
START:
mov %r1, #0xff;
''')
scratch_start = s.kern.scratch[0]
s.mem.write(scratch_start, code)
s.enable_full_hook()
def handle(s):
print('HANDLE LA')
yield s.kern.fcaller.test(123)
print('RESULT IS ', s.kern.fcaller.result())
yield
s.kern.stop()
yield
s.kern.fcaller.fcgen.code_db = g_code
s.kern.fcaller.fcgen.name_to_addr = {'test': scratch_start + 2}
s.kern.forward_ret_hook = handle(s)
s.hook_addr(scratch_start + len(code))
s.run(scratch_start + 1)
def main():
g_data.set_m32(False)
ctx = Attributize()
ActionHandler.Run(ctx)