def load_macho_interp(self, p, interp): for k, f in p.bin.la_symbol_ptr.items(): xfunc = cpu.ext(f, size=64) xfunc.stub = p.OS.stub(f) p.state.mmap.write(k, xfunc) # we want to add stubs addresses as symbols as well # to improve asm block views: p.bin.functions.update(p.bin.la_symbol_ptr) got = None plt = p.bin.getsection('__stubs') if plt: address = plt.addr pltco = p.bin.readsection(plt) while (pltco): i = p.cpu.disassemble(pltco) if i.mnemonic == 'JMP' and i.operands[0]._is_mem: target = i.operands[0].a if target.base is p.cpu.rip: target = address + i.length + target.disp elif target.base._is_reg: target = got.sh_addr + target.disp elif target.base._is_cst: target = target.base.value + target.disp if target in p.bin.functions: p.bin.functions[address] = p.bin.functions[target] pltco = pltco[i.length:] address += i.length
def load_elf_interp(self, p, interp): for k, f in p.bin._Elf__dynamic(None).items(): xfunc = cpu.ext(f, size=64) xfunc.stub = p.OS.stub(f) p.state.mmap.write(k, xfunc) # we want to add .plt addresses as symbols as well # to improve asm block views: plt = got = None for s in p.bin.Shdr: if s.name=='.plt': plt = s elif s.name=='.got': got = s if plt and got: address = plt.sh_addr pltco = p.bin.readsection(plt) while(pltco): i = p.cpu.disassemble(pltco) if i.mnemonic=='JMP' and i.operands[0]._is_mem: target = i.operands[0].a if target.base is p.cpu.rip: target = address+target.disp elif target.base._is_reg: target = got.sh_addr+target.disp elif target.base._is_cst: target = target.base.value+target.disp if target in p.bin.functions: p.bin.functions[address] = p.bin.functions[target] pltco = pltco[i.length:] address += i.length
def check_sym(self,v): if v._is_cst: x = self.bin.functions.get(v.value,None) or self.bin.variables.get(v.value,None) if x is not None: if isinstance(x,str): x=cpu.ext(x,size=64) else: x=cpu.sym(x[0],v.value,v.size) return x return None
def check_sym(self, v): if v._is_cst: x = self.bin.functions.get( v.value, None) or self.bin.variables.get(v.value, None) if x is not None: if isinstance(x, str): x = cpu.ext(x, size=64) else: x = cpu.sym(x[0], v.value, v.size) return x return None
def check_sym(self,v): if v._is_cst: x = self.symbols.get(v.value,None) if x is not None: if isinstance(x,str): x=cpu.ext(x,size=64) else: x=cpu.sym(x[0],v.value,v.size) return x return None
def libc_start_main(m, **kargs): "tags: func_call" m[cpu.rip] = m(cpu.rdi) cpu.push(m, cpu.ext("exit", size=64))
def load_shlib(self): for k, f in self.bin._Elf64__dynamic(None).iteritems(): self.mmap.write(k, cpu.ext(f, size=64))
def load_macho_interp(self, p, interp): for k, f in p.bin.la_symbol_ptr.items(): xfunc = cpu.ext(f, size=64) xfunc.stub = p.OS.stub(f) p.state.mmap.write(k, xfunc)
def load_shlib(self): for k, f in self.bin.functions.iteritems(): self.mmap.write(k, cpu.ext(f, size=64))
def load_shlib(self): for k,f in self.bin.functions.iteritems(): self.mmap.write(k,cpu.ext(f,size=64))
def load_elf_interp(self, p, interp): for k, f in p.bin._Elf__dynamic(None).items(): xfunc = cpu.ext(f, size=64) xfunc.stub = p.OS.stub(f) p.state.mmap.write(k, xfunc)
def load_pe_iat(self, p): for k, f in iter(p.bin.functions.items()): xf = cpu.ext(f, size=64) xf.stub = p.OS.stub(f) p.state.mmap.write(k, xf)
def load_shlib(self): for k,f in self.bin._Elf64__dynamic(None).iteritems(): self.mmap.write(k,cpu.ext(f,size=64))
def __libc_start_main(m,**kargs): "tags: func_call" m[cpu.rip] = m(cpu.rdi) cpu.push(m,cpu.ext('exit',size=64))