#! /usr/bin/env python2
#-*- coding:utf-8 -*-
import logging
from pdb import pm
from miasm2.analysis.sandbox import Sandbox_Linux_arml
# Get arguments
parser = Sandbox_Linux_arml.parser(description="""Sandbox an elf binary with arm
engine (ex: jit_arm.py samples/md5_arm -a A684)""")
parser.add_argument("filename", help="ELF Filename")
parser.add_argument('-v', "--verbose", help="verbose mode", action="store_true")
options = parser.parse_args()
# Prepare the sandbox
sb = Sandbox_Linux_arml(options.filename, options, globals())
# Handle 'verbose' option
if options.verbose is True:
logging.basicConfig(level=logging.INFO)
else:
logging.basicConfig(level=logging.WARNING)
if options.verbose is True:
print sb.jitter.vm
# Run the code
sb.run()
#!/usr/bin/env python
#-*- coding:utf-8 -*-
import logging
from pdb import pm
from miasm2.analysis.sandbox import Sandbox_Linux_arml
# Get arguments
parser = Sandbox_Linux_arml.parser(
description="""Sandbox an elf binary with arm
engine (ex: jit_arm.py samples/md5_arm -a A684)""")
parser.add_argument("filename", help="ELF Filename")
parser.add_argument('-v',
"--verbose",
help="verbose mode",
action="store_true")
options = parser.parse_args()
# Prepare the sandbox
sb = Sandbox_Linux_arml(options.filename, options, globals())
# Handle 'verbose' option
if options.verbose is True:
logging.basicConfig(level=logging.INFO)
else:
logging.basicConfig(level=logging.WARNING)
if options.verbose is True:
sb.jitter.vm.dump_memory_page_pool()
if options.address is None:
# Extension of the Python jitter to track memory accesses
class ESETrackMemory(EmulatedSymbExec):
"""Emulated symb exec with memory access tracking"""
def mem_read(self, expr_mem):
value = super(ESETrackMemory, self).mem_read(expr_mem)
print "Read %s: %s" % (expr_mem, value)
return value
def mem_write(self, dest, data):
print "Write %s: %s" % (dest, data)
return super(ESETrackMemory, self).mem_write(dest, data)
# Parse arguments
parser = Sandbox_Linux_arml.parser(description="Tracer")
parser.add_argument("filename", help="ELF Filename")
options = parser.parse_args()
# Use our memory tracker
JitCore_Python.SymbExecClass = ESETrackMemory
# Create sandbox, forcing Python jitter
options.jitter = "python"
sb = Sandbox_Linux_arml(options.filename, options, globals())
# Force jit one instr per call, and register our callback
sb.jitter.jit.set_options(jit_maxline=1, max_exec_per_call=1)
sb.jitter.exec_cb = instr_hook
# Run
"""This example illustrate the Sandbox.call API, for direct call of a given
function"""
from miasm2.analysis.sandbox import Sandbox_Linux_arml
from miasm2.analysis.binary import Container
from miasm2.os_dep.linux_stdlib import linobjs
from miasm2.core.utils import hexdump
# Parse arguments
parser = Sandbox_Linux_arml.parser(description="ELF sandboxer")
parser.add_argument("filename", help="ELF Filename")
options = parser.parse_args()
sb = Sandbox_Linux_arml(options.filename, options, globals())
with open(options.filename, "rb") as fdesc:
cont = Container.from_stream(fdesc)
loc_key = cont.loc_db.get_name_location("md5_starts")
addr_to_call = cont.loc_db.get_location_offset(loc_key)
# Calling md5_starts(malloc(0x64))
addr = linobjs.heap.alloc(sb.jitter, 0x64)
sb.call(addr_to_call, addr)
hexdump(sb.jitter.vm.get_mem(addr, 0x64))
# Extension of the Python jitter to track memory accesses
class ESETrackMemory(EmulatedSymbExec):
"""Emulated symb exec with memory access tracking"""
def _func_read(self, expr_mem):
value = super(ESETrackMemory, self)._func_read(expr_mem)
print "Read %s: %s" % (expr_mem, value)
return value
def _func_write(self, symb_exec, dest, data):
print "Write %s: %s" % (dest, data)
return super(ESETrackMemory, self)._func_write(symb_exec, dest, data)
# Parse arguments
parser = Sandbox_Linux_arml.parser(description="Tracer")
parser.add_argument("filename", help="ELF Filename")
options = parser.parse_args()
# Use our memory tracker
JitCore_Python.SymbExecClass = ESETrackMemory
# Create sandbox, forcing Python jitter
options.jitter = "python"
sb = Sandbox_Linux_arml(options.filename, options, globals())
# Force jit one instr per call, and register our callback
sb.jitter.jit.set_options(jit_maxline=1, max_exec_per_call=1)
sb.jitter.exec_cb = instr_hook
# Run