def search_gadgets(self, gadgets): binary = Binary(self.__options.binary) section = binary.get_exec_sections() vaddr = binary.get_entry_point() arch = binary.get_arch() mode = binary.get_arch_mode() ret = [] md = Cs(arch, mode) for gad in gadgets: all_ref_ret = [ m.start() for m in re.finditer(gad[INSTRUCTION_OP], section) ] for ref in all_ref_ret: for depth in range(self.__options.depth): decodes = md.disasm( section[ref - depth:ref + gad[INSTRUCTION_SIZE]], vaddr + ref - depth) gadget = "" for decode in decodes: gadget += (decode.mnemonic + " " + decode.op_str + " ; ").replace(" ", " ") if len(gadget) > 0: gadget = gadget[:-3] ret += [{ "vaddr": vaddr + ref - depth, "gadget": gadget, "bytes": section[ref - depth:ref + gad[INSTRUCTION_SIZE]] }] return ret
def get_operation(self, op): binary = Binary(self.__options.binary) parser = Parser(op) arch = binary.get_arch() mode = binary.get_arch_mode() md = Cs(arch, mode) md.detail = True operation = parser.get_operation() return md, operation, parser
def test_binary(self, file, silent=False): start = datetime.datetime.now() print("============================================") print("FILE: %s" % file) binary = Binary(file) if binary.get_arch_mode() == CS_MODE_32: self.__mode = REG_32 self.__gadgets = self.get_gadgets(file) regs_found = self.load_constant(file) turing_completeness = True result = self.load_memory(file, regs_found) turing_completeness = turing_completeness and result result = self.store_memory(file, regs_found) turing_completeness = turing_completeness and result result = self.add(file, regs_found) turing_completeness = turing_completeness and result result = self.sub(file, regs_found) turing_completeness = turing_completeness and result result = self.xor(file, regs_found) turing_completeness = turing_completeness and result result = self.and_(file, regs_found) turing_completeness = turing_completeness and result result = self.or_(file, regs_found) turing_completeness = turing_completeness and result result = self.not_(file, regs_found) turing_completeness = turing_completeness and result result = self.cond1(file, regs_found) turing_completeness = turing_completeness and result result = self.cond2(file, regs_found) turing_completeness = turing_completeness and result result = self.move(file, regs_found) turing_completeness = turing_completeness and result if turing_completeness: print("All operations found!") end = datetime.datetime.now() - start if not silent: print('\nTime elapsed: %s' % str(end))