Пример #1
0
 def internal_disassemble(self, buf, off, current_off=0):
     cs = self.core_instance.get_cs_instance()
     for i in cs.disasm(bytes(buf), off):
         if i.address == current_off:
             a = utils.red_bold(hex(i.address))
         else:
             a = utils.green_bold(hex(i.address))
         print(a + "\t%s\t%s" % ((utils.white_bold(str(i.mnemonic).upper()),
                                  str(i.op_str).upper().replace('X', 'x'))))
Пример #2
0
 def _print_context(self, uc, pc):
     self.register_module.registers('mem_invalid')
     print(utils.titlify('disasm'))
     self.asm_module.internal_disassemble(uc.mem_read(pc - 0x16, 0x32), pc - 0x16, pc)
     if self.mem_access_result is not None:
         val = utils.red_bold("\t0x%x" % self.mem_access_result[1])
         ad = utils.green_bold("\t> 0x%x" % self.mem_access_result[0])
         print(utils.titlify("memory access"))
         print(utils.white_bold("WRITE") + val + ad)
         self.hook_mem_access = None
         self.mem_access_result = None
Пример #3
0
    def dbg_hook_code(self, uc, address, size, user_data):
        """
        Unicorn instructions hook
        """
        try:
            self.current_address = address

            hit_soft_bp = False
            should_print_instruction = self.trace_instructions > 0

            if self.soft_bp:
                self.hook_mem_access = True
                self.soft_bp = False
                hit_soft_bp = True

            if address != self.last_bp and \
                    (address in self.core_module.get_breakpoints_list() or
                     self.has_soft_bp):
                if self.skip_bp_count > 0:
                    self.skip_bp_count -= 1
                else:
                    self.breakpoint_count += 1
                    should_print_instruction = False
                    uc.emu_stop()

                    self.last_bp = address

                    print(utils.titlify('breakpoint'))
                    print('[' + utils.white_bold(str(self.breakpoint_count)) +
                          ']' + ' hit ' + utils.red_bold('breakpoint') +
                          ' at: ' + utils.green_bold(hex(address)))
                    self._print_context(uc, address)
            elif address == self.last_bp:
                self.last_bp = 0
            self.has_soft_bp = hit_soft_bp
            if self.current_address + size == self.exit_point:
                should_print_instruction = False
                self._print_context(uc, address)
                print(
                    utils.white_bold("emulation") + " finished with " +
                    utils.green_bold("success"))
            if should_print_instruction:
                self.asm_module.internal_disassemble(
                    uc.mem_read(address, size), address)
        except KeyboardInterrupt as ex:
            # If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
            print(utils.titlify('paused'))
            self._print_context(uc, address)
            uc.emu_stop()
Пример #4
0
    def dbg_hook_code(self, uc, address, size, user_data):
        """
        Unicorn instructions hook
        """
        try:
            # 设置当前地址
            self.current_address = address
            # 命中软断点
            hit_soft_bp = False
            # 打印指令?
            should_print_instruction = self.trace_instructions > 0

            # 如果软断点
            if self.soft_bp:
                # 内存访问hook
                self.hook_mem_access = True
                # 软断点
                self.soft_bp = False
                # 命中软断点置位
                hit_soft_bp = True

            # 地址不是上一个断点 and (地址在断点列表中 or 有软断点)
            if address != self.last_bp and \
                    (address in self.core_module.get_breakpoints_list() or
                     self.has_soft_bp):
                # 略过断点
                if self.skip_bp_count > 0:
                    self.skip_bp_count -= 1

                else:
                    # 断点数加一
                    self.breakpoint_count += 1
                    # 应该打印指令
                    should_print_instruction = False
                    # 模拟停止
                    uc.emu_stop()

                    # 上一个断点
                    self.last_bp = address

                    # 打印一些东西
                    print(utils.titlify('breakpoint'))
                    print('[' + utils.white_bold(str(self.breakpoint_count)) +
                          ']' + ' hit ' + utils.red_bold('breakpoint') +
                          ' at: ' + utils.green_bold(hex(address)))
                    self._print_context(uc, address)

            # 地址是上一个断点
            elif address == self.last_bp:
                self.last_bp = 0

            # 有软断点
            self.has_soft_bp = hit_soft_bp
            if self.current_address + size == self.exit_point:
                # 到达退出点
                should_print_instruction = False
                self._print_context(uc, address)
                print(
                    utils.white_bold("emulation") + " finished with " +
                    utils.green_bold("success"))
            if should_print_instruction:
                # 反汇编
                self.asm_module.internal_disassemble(
                    uc.mem_read(address, size), address)
        except KeyboardInterrupt as ex:
            # If stuck in an endless loop, we can exit here :). TODO: does that mean ctrl+c never works for targets?
            print(utils.titlify('paused'))
            self._print_context(uc, address)
            uc.emu_stop()