def internal_disassemble(self, buf, off, current_off=0):
cs = self.core_instance.get_cs_instance()
for i in cs.disasm(bytes(buf), off):
if i.address == current_off:
a = utils.red_bold(hex(i.address))
else:
a = utils.green_bold(hex(i.address))
print(a + "\t%s\t%s" % ((utils.white_bold(str(i.mnemonic).upper()),
str(i.op_str).upper().replace('X', 'x'))))
def _print_context(self, uc, pc):
self.register_module.registers('mem_invalid')
print(utils.titlify('disasm'))
self.asm_module.internal_disassemble(uc.mem_read(pc - 0x16, 0x32), pc - 0x16, pc)
if self.mem_access_result is not None:
val = utils.red_bold("\t0x%x" % self.mem_access_result[1])
ad = utils.green_bold("\t> 0x%x" % self.mem_access_result[0])
print(utils.titlify("memory access"))
print(utils.white_bold("WRITE") + val + ad)
self.hook_mem_access = None
self.mem_access_result = None
def dbg_hook_code(self, uc, address, size, user_data):
"""
Unicorn instructions hook
"""
try:
self.current_address = address
hit_soft_bp = False
should_print_instruction = self.trace_instructions > 0
if self.soft_bp:
self.hook_mem_access = True
self.soft_bp = False
hit_soft_bp = True
if address != self.last_bp and \
(address in self.core_module.get_breakpoints_list() or
self.has_soft_bp):
if self.skip_bp_count > 0:
self.skip_bp_count -= 1
else:
self.breakpoint_count += 1
should_print_instruction = False
uc.emu_stop()
self.last_bp = address
print(utils.titlify('breakpoint'))
print('[' + utils.white_bold(str(self.breakpoint_count)) +
']' + ' hit ' + utils.red_bold('breakpoint') +
' at: ' + utils.green_bold(hex(address)))
self._print_context(uc, address)
elif address == self.last_bp:
self.last_bp = 0
self.has_soft_bp = hit_soft_bp
if self.current_address + size == self.exit_point:
should_print_instruction = False
self._print_context(uc, address)
print(
utils.white_bold("emulation") + " finished with " +
utils.green_bold("success"))
if should_print_instruction:
self.asm_module.internal_disassemble(
uc.mem_read(address, size), address)
except KeyboardInterrupt as ex:
# If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
print(utils.titlify('paused'))
self._print_context(uc, address)
uc.emu_stop()
def dbg_hook_code(self, uc, address, size, user_data):
"""
Unicorn instructions hook
"""
try:
# 设置当前地址
self.current_address = address
# 命中软断点
hit_soft_bp = False
# 打印指令?
should_print_instruction = self.trace_instructions > 0
# 如果软断点
if self.soft_bp:
# 内存访问hook
self.hook_mem_access = True
# 软断点
self.soft_bp = False
# 命中软断点置位
hit_soft_bp = True
# 地址不是上一个断点 and (地址在断点列表中 or 有软断点)
if address != self.last_bp and \
(address in self.core_module.get_breakpoints_list() or
self.has_soft_bp):
# 略过断点
if self.skip_bp_count > 0:
self.skip_bp_count -= 1
else:
# 断点数加一
self.breakpoint_count += 1
# 应该打印指令
should_print_instruction = False
# 模拟停止
uc.emu_stop()
# 上一个断点
self.last_bp = address
# 打印一些东西
print(utils.titlify('breakpoint'))
print('[' + utils.white_bold(str(self.breakpoint_count)) +
']' + ' hit ' + utils.red_bold('breakpoint') +
' at: ' + utils.green_bold(hex(address)))
self._print_context(uc, address)
# 地址是上一个断点
elif address == self.last_bp:
self.last_bp = 0
# 有软断点
self.has_soft_bp = hit_soft_bp
if self.current_address + size == self.exit_point:
# 到达退出点
should_print_instruction = False
self._print_context(uc, address)
print(
utils.white_bold("emulation") + " finished with " +
utils.green_bold("success"))
if should_print_instruction:
# 反汇编
self.asm_module.internal_disassemble(
uc.mem_read(address, size), address)
except KeyboardInterrupt as ex:
# If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
print(utils.titlify('paused'))
self._print_context(uc, address)
uc.emu_stop()