def load_elf_interp(self, p, interp):
for k, f in p.bin._Elf__dynamic(None).items():
xf = cpu.ext(f, size=32)
xf.stub = self.stub(xf.ref)
p.state.mmap.write(k, xf)
# we want to add .plt addresses as symbols as well
# to improve asm block views:
plt = got = None
for s in p.bin.Shdr:
if s.name=='.plt':
plt = s
elif s.name=='.got':
got = s
if plt and got:
address = plt.sh_addr
pltco = p.bin.readsection(plt)
while(pltco):
i = p.cpu.disassemble(pltco)
if i.mnemonic=='JMP' and i.operands[0]._is_mem:
target = i.operands[0].a
if target.base is p.cpu.pc:
target = address+target.disp
elif target.base._is_reg:
target = got.sh_addr+target.disp
elif target.base._is_cst:
target = target.base.value+target.disp
if target in p.bin.functions:
p.bin.functions[address] = p.bin.functions[target]
pltco = pltco[i.length:]
address += i.length
def load_elf_interp(self, p, interp):
for k, f in p.bin._Elf__dynamic(None).items():
xf = cpu.ext(f, size=32, task=p)
xf.stub = self.stub(xf.ref)
p.state.mmap.write(k, xf)
# we want to add .plt addresses as symbols as well
# to improve asm block views:
plt = got = None
for s in p.bin.Shdr:
if s.name == '.plt':
plt = s
elif s.name == '.got':
got = s
if plt and got:
address = p.cpu.cst(plt.sh_addr, 32)
thunk = address.value
pltco = p.bin.readsection(plt)
# we assume that plt code is not in Thumb...
mode = p.cpu.internals['isetstate']
p.cpu.internals['isetstate'] = 0
m = None
while (pltco):
i = p.cpu.disassemble(pltco)
if i is None:
pltco = pltco[4:]
address += 4
continue
if i.mnemonic == 'ADR':
thunk = address.value
m = p.state.__class__()
m[p.cpu.pc_] = address
m[p.cpu.pc] = address + 4
if m is not None:
i(m)
target = p.state(m(p.cpu.pc))
if target._is_ext:
p.bin.functions[thunk] = target.ref
pltco = pltco[i.length:]
address += i.length
#restore mode:
p.cpu.internals['isetstate'] = mode
def load_elf_interp(self,p,interp):
for k,f in p.bin._Elf__dynamic(None).items():
xfunc = cpu.ext(f,size=32)
xfunc.stub = p.OS.stub(f)
p.state.mmap.write(k,xfunc)
def load_shlib(self):
for k, f in self.bin._Elf32__dynamic(None).iteritems():
self.mmap.write(k, cpu.ext(f, size=32))
def load_shlib(self):
for k,f in self.bin._Elf32__dynamic(None).iteritems():
self.mmap.write(k,cpu.ext(f,size=32))
def libc_start_main(m, **kargs):
"tags: func_call"
m[cpu.pc] = m(cpu.mem(cpu.sp + 4, 32))
cpu.push(m, cpu.ext("exit", size=32))