def get_relocation(arch, r_type): if r_type == 0: return None try: return ALL_RELOCATIONS[arch][r_type] except KeyError: if (arch, r_type) not in complaint_log: complaint_log.add((arch, r_type)) warning("Unknown reloc %d on %s" % (r_type, arch)) return None
def load(self, filename): gc.disable() dirname = os.path.dirname(filename) self.path = dirname + "/" if dirname != "" else "" self.path += "." + os.path.basename(filename) + ".db" if os.path.exists(self.path): info("open database %s" % self.path) fd = open(self.path, "rb") data = fd.read() if data.startswith(b"ZLIB"): data = zlib.decompress(data[4:]) data = msgpack.unpackb(data, encoding="utf-8") fd.close() self.__load_meta(data) self.__load_memory(data) self.__load_symbols(data) self.__load_jmptables(data) self.__load_comments(data) self.__load_functions(data) self.__load_history(data) self.__load_xrefs(data) self.__load_imports(data) self.__load_immediates(data) if self.version <= 1.5: self.__load_labels(data) if self.version < VERSION: die("your version of plasma is too old") elif self.version != VERSION: warning( "the database version is old, some information may be missing" ) self.loaded = True gc.enable()
def load(self, filename): gc.disable() dirname = os.path.dirname(filename) self.path = dirname + "/" if dirname != "" else "" self.path += "." + os.path.basename(filename) + ".db" if os.path.exists(self.path): info("open database %s" % self.path) fd = open(self.path, "rb") data = fd.read() if data.startswith(b"ZLIB"): data = zlib.decompress(data[4:]) data = msgpack.unpackb(data, encoding="utf-8") fd.close() self.__load_meta(data) self.__load_memory(data) self.__load_symbols(data) self.__load_jmptables(data) self.__load_comments(data) self.__load_functions(data) self.__load_history(data) self.__load_xrefs(data) self.__load_imports(data) self.__load_immediates(data) if self.version <= 1.5: self.__load_labels(data) if self.version < VERSION: die("your version of plasma is too old") elif self.version != VERSION: warning("the database version is old, some information may be missing") self.loaded = True gc.enable()
def load(self, filename): gc.disable() self.path = filename if os.path.exists(self.path): info("open database %s" % self.path) fd = open(self.path, "rb") data = fd.read() if data.startswith(b"ZLIB"): data = zlib.decompress(data[4:]) data = msgpack.unpackb(data, encoding="utf-8") fd.close() self.__load_meta(data) if self.version == LAST_COMPATIBLE: warning("the database version is old, some information may be missing") elif self.version < LAST_COMPATIBLE: die("the database is too old") self.__load_memory(data) self.__load_symbols(data) self.__load_jmptables(data) self.__load_comments(data) self.__load_functions(data) self.__load_history(data) self.__load_xrefs(data) self.__load_imports(data) self.__load_immediates(data) self.__load_inverted_cond(data) self.loaded = True gc.enable()
def __init__(self, filename, raw_type, raw_base, raw_big_endian, database): import capstone as CAPSTONE arch_lookup = { "x86": CAPSTONE.CS_ARCH_X86, "x64": CAPSTONE.CS_ARCH_X86, "ARM": CAPSTONE.CS_ARCH_ARM, "MIPS32": CAPSTONE.CS_ARCH_MIPS, "MIPS64": CAPSTONE.CS_ARCH_MIPS, } mode_lookup = { "x86": CAPSTONE.CS_MODE_32, "x64": CAPSTONE.CS_MODE_64, "ARM": CAPSTONE.CS_ARCH_ARM, "MIPS32": CAPSTONE.CS_MODE_MIPS32, "MIPS64": CAPSTONE.CS_MODE_MIPS64, } word_size_lookup = { "x86": 4, "x64": 8, "ARM": 4, "MIPS32": 4, "MIPS64": 8, } self.capstone_inst = {} # capstone instruction cache self.db = database if database.loaded: self.mem = database.mem else: self.mem = Memory() database.mem = self.mem self.instanciate_binary(filename, raw_type, raw_base, raw_big_endian) if self.binary.arch not in ("x86", "x64", "MIPS32", "MIPS64", "ARM"): raise ExcArch(arch) self.wordsize = word_size_lookup.get(self.binary.arch, None) self.binary.wordsize = self.wordsize self.is_mips = self.binary.arch in ("MIPS32", "MIPS64") self.is_x86 = self.binary.arch in ("x86", "x64") self.is_arm = self.binary.arch in ("ARM") self.is_big_endian = self.binary.is_big_endian() self.binary.load_section_names() self.jmptables = database.jmptables self.user_inline_comments = database.user_inline_comments self.internal_inline_comments = database.internal_inline_comments self.user_previous_comments = database.user_previous_comments self.internal_previous_comments = database.internal_previous_comments self.functions = database.functions self.func_id = database.func_id self.end_functions = database.end_functions self.xrefs = database.xrefs self.mem.xrefs = database.xrefs self.mem.data_sub_xrefs = database.data_sub_xrefs self.mips_gp = database.mips_gp if not database.loaded: self.load_symbols() database.symbols = self.binary.symbols database.reverse_symbols = self.binary.reverse_symbols database.demangled = self.binary.demangled database.reverse_demangled = self.binary.reverse_demangled database.imports = self.binary.imports else: self.binary.symbols = database.symbols self.binary.reverse_symbols = database.reverse_symbols self.binary.demangled = database.demangled self.binary.reverse_demangled = database.reverse_demangled self.binary.imports = database.imports cs_arch = arch_lookup.get(self.binary.arch, None) cs_mode = mode_lookup.get(self.binary.arch, None) if self.is_big_endian: cs_mode |= CAPSTONE.CS_MODE_BIG_ENDIAN else: cs_mode |= CAPSTONE.CS_MODE_LITTLE_ENDIAN self.capstone = CAPSTONE self.md = CAPSTONE.Cs(cs_arch, cs_mode) self.md.detail = True for s in self.binary.iter_sections(): s.big_endian = cs_mode & CAPSTONE.CS_MODE_BIG_ENDIAN if self.binary.arch == "x86": warning("To compute correctly the value of esp, the frame size must") warning("be correct. But the heuristic is very simple actually.") warning("So every references to ebp should be correct but for esp it") warning("may have some errors.") warning("In the visual press I to show original instructions.")
# http://www.delorie.com/djgpp/doc/coff/symtab.html # http://unixwiz.net/techtips/win32-callconv.html import bisect import pefile from capstone.x86 import (X86_OP_INVALID, X86_OP_MEM, X86_REG_RIP, X86_REG_EIP) from ctypes import sizeof from plasma.lib.exceptions import ExcPEFail from plasma.lib.fileformat.pefile2 import PE2, SymbolEntry, PE_DT_FCN, PE_DT_PTR from plasma.lib.fileformat.binary import Binary from plasma.lib.utils import warning if not pefile.__version__.startswith("201"): warning("you should use the most recent port of pefile") warning("https://github.com/erocarrera/pefile") class PE(Binary): def __init__(self, db, filename): Binary.__init__(self) self.db = db self.pe = PE2(filename, fast_load=True) self.__data_sections = [] self.__data_sections_content = [] self.__exec_sections = [] self.set_arch_name()
def __init__(self): self.__init_vars() if msgpack.version < (0, 4, 6): warning("your version of msgpack is less than 0.4.6")
# along with this program. If not, see <http://www.gnu.org/licenses/>. # import bisect import pefile from capstone.x86 import (X86_OP_INVALID, X86_OP_MEM, X86_REG_RIP, X86_REG_EIP) from ctypes import sizeof from plasma.lib.exceptions import ExcPEFail from plasma.lib.fileformat.pefile2 import PE2, SymbolEntry, PE_DT_FCN, PE_DT_PTR from plasma.lib.fileformat.binary import SectionAbs, Binary from plasma.lib.utils import warning if not pefile.__version__.startswith("201"): warning("you should use the most recent port of pefile") warning("https://github.com/erocarrera/pefile") class PE(Binary): def __init__(self, db, filename): Binary.__init__(self) self.db = db self.pe = PE2(filename, fast_load=True) self.__data_sections = [] self.__data_sections_content = [] self.__exec_sections = [] self.set_arch_name()