def dump(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) lent = utils.u_eval(self.core_instance, args[1]) file_name = args[3] b = self.core_instance.get_emu_instance().mem_read(off, lent) with open(file_name, 'wb') as f: f.write(b) print(str(lent) + ' bytes written to ' + file_name + '.')
def rm_breakpoint(self, *args): off = utils.u_eval(self.core_instance, args[1]) if off in self.bp_list: self.bp_list.remove(off) print('breakpoint at ' + hex(off) + ' removed.') else: print('no breakpoint at ' + hex(off))
def breakpoint(self, *args): off = utils.u_eval(self.core_instance, args[1]) if off not in self.bp_list: self.bp_list.append(off) print('breakpoint added at: ' + hex(off)) else: print('breakpoint already set at ' + hex(off))
def read(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) lent = utils.u_eval(self.core_instance, args[1]) format = 'h' if len(args) > 2: format = args[2] b = self.core_instance.get_emu_instance().mem_read(off, lent) if format == 'h': hexdump(b) elif format == 'i': cs = self.core_instance.get_cs_instance() for i in cs.disasm(bytes(b), off): print("0x%x:\t%s\t%s" % (i.address, i.mnemonic, i.op_str)) else: print('format invalid. Please use a valid format:') print("\t" + 'h: hex') print("\t" + 'i: asm')
def fwrite(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) path = args[1] if not os.path.isfile(path): print('file not found or not accessible.') return with open(path, "rb") as bb: self.internal_write(off, bb.read()) print(path + ' bytes written to ' + hex(off))
def map(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) lent = utils.u_eval(self.core_instance, args[1]) p = None if len(args) > 2: p = str(args[2]) if off < 1024: off += 1024 - (off % 1024) if lent % 1024 is not 0: lent += 1024 - (lent % 1024) self.core_instance.get_emu_instance().mem_map(off, lent) mappings = self.core_instance.get_module('mappings_module') mappings.internal_add(off, lent, p) print('mapped ' + str(lent) + ' at ' + hex(off))
def remove(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) for i in range(0, len(self.patches)): p = self.patches[i] if p[0] == off: self.patches.pop(i) print('patch at ' + hex(off) + ' removed.') return print('no patch found at ' + hex(off))
def unmap(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) lent = utils.u_eval(self.core_instance, args[1]) if off < 1024: off += 1024 - (off % 1024) if lent % 1024 is not 0: lent += 1024 - (lent % 1024) self.core_instance.get_emu_instance().mem_unmap(off, lent) mappings = self.core_instance.get_module( 'mappings_module').get_mappings() for i in range(0, len(mappings)): if int(mappings[i][1], 0) == off: map_lent = mappings[i][2] if map_lent == lent: mappings.pop(i) print('unmapped ' + str(lent) + ' at ' + hex(off))
def write(self, func_name, *args): arch = self.core_instance.unicorndbg_instance.get_arch() try: register = getattr(utils.get_arch_consts(arch), utils.get_reg_tag(arch) + str(args[0]).upper()) except Exception as e: raise Exception('register not found') value = utils.u_eval(self.core_instance, args[1]) self.core_instance.get_emu_instance().reg_write(register, value) print(hex(value) + ' written into ' + str(args[0]).upper())
def add(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) pp = bytes.fromhex(args[1]) pp_len = len(pp) for i in range(0, len(self.patches)): p = self.patches[i] if p[0] == off: print(hex(off) + ' already patched') return memory_module = self.core_instance.get_module('memory_module') orig_pp = memory_module.internal_read(off, pp_len) memory_module.internal_write(off, pp) self.patches.append([off, pp_len, orig_pp, pp, 1]) print('patch created and written to ' + hex(off))
def load(self, func_name, *args): path = args[0] if os.path.isfile(path): p = open(path, 'rb').read() off = utils.u_eval(self.core_instance, args[1]) binary_len = len(p) if off < 1024: off += 1024 - (off % 1024) if binary_len % 1024 is not 0: binary_len += 1024 - (binary_len % 1024) self.core_instance.get_emu_instance().mem_map(off, binary_len) self.core_instance.get_emu_instance().mem_write(off, p) self.core_instance.get_module('mappings_module').internal_add( off, binary_len, path) print('Mapped ' + str(binary_len) + ' at ' + hex(off)) else: print("File not found")
def find(self, func_name, *args): where = utils.u_eval(self.core_instance, args[0]) what = bytes.fromhex(args[1]) match = re.compile(what) result = [] map_start = 0 start = 0 size = 0 mappings = self.core_instance.get_module( 'mappings_module').get_mappings() if isinstance(where, str): for map in mappings: if map[0] == where: start = int(map[1], 16) map_start = start size = map[2] else: for map in mappings: if int(map[1], 16) <= where < (int(map[1], 16) + map[2]): map_start = int(map[1], 16) start = where size = map[2] b = self.core_instance.get_emu_instance().mem_read( start, size - (map_start - start)) for match_obj in match.finditer(b): offset = match_obj.start() + map_start result.append([hex(offset)]) print(utils.titlify('find')) if len(result) == 0: print('Nothing found.') else: h = [utils.white_bold_underline('offset')] print('') print(tabulate(result, h, tablefmt="simple")) print('')
def continue_exec(self, func_name, *args): current_address = self.core_instance.unicorndbg_instance.get_current_address( ) skip_bp = 0 try: skip_bp = utils.u_eval(self.core_instance, args[0]) except Exception as e: pass if current_address is None: entry_point = self.core_instance.unicorndbg_instance.get_entry_point( ) if entry_point is not None: self.core_instance.unicorndbg_instance.resume_emulation( address=entry_point, skip_bp=skip_bp) else: print( 'please use \'set entry_point *offset\' to define an entry point' ) else: self.core_instance.unicorndbg_instance.resume_emulation( skip_bp=skip_bp)
def toggle(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) for i in range(0, len(self.patches)): p = self.patches[i] if p[0] == off: tog = args[1] status = p[4] memory_module = self.core_instance.get_module('memory_module') if status == 0 and tog == 1: p[4] = tog memory_module.internal_write[off, p[3]] print('patch at ' + hex(off) + ' enabled') return elif status == 1 and tog == 0: p[4] = tog memory_module.internal_write[off, p[2]] print('patch at ' + hex(off) + ' disabled') return print('Nothing to do at ' + hex(off)) return print('no patch found at ' + hex(off))
def write(self, func_name, *args): off = utils.u_eval(self.core_instance, args[0]) pp = bytes.fromhex(args[1]) self.internal_write(off, pp) print(str(len(pp)) + ' bytes written to ' + hex(off))
def print(self, func_name, *args): arr = "" for a in args: arr += a print(utils.u_eval(self.core_instance, arr))