def __init__(self):
e_cli.EnviCli.__init__(self, self, symobj=self)
vivisect.VivWorkspace.__init__(self)
self.canvas.addRenderer("bytes", e_render.ByteRend())
self.canvas.addRenderer("u_int_16", e_render.ShortRend())
self.canvas.addRenderer("u_int_32", e_render.LongRend())
self.canvas.addRenderer("u_int_64", e_render.QuadRend())
import vivisect.renderers as viv_rend
self.canvas.addRenderer("viv", viv_rend.WorkspaceRenderer(self))
self.prompt = "viv> "
self.addScriptPathEnvVar('VIV_SCRIPT_PATH')
def loadDefaultRenderers(self, trace):
import envi.memcanvas.renderers as e_render
import vdb.renderers as v_rend
# FIXME check endianness
self.canvas.addRenderer("bytes", e_render.ByteRend())
self.canvas.addRenderer("u_int_16", e_render.ShortRend())
self.canvas.addRenderer("u_int_32", e_render.LongRend())
self.canvas.addRenderer("u_int_64", e_render.QuadRend())
self.opcoderend = v_rend.OpcodeRenderer(self.trace)
self.canvas.addRenderer("disasm", self.opcoderend)
drend = v_rend.DerefRenderer(self.trace)
self.canvas.addRenderer("Deref View", drend)
def loadDefaultRenderers(self):
import envi.memcanvas.renderers as e_render
# FIXME check endianness
self.mem_canvas.addRenderer("bytes", e_render.ByteRend())
self.mem_canvas.addRenderer("u_int_16", e_render.ShortRend())
self.mem_canvas.addRenderer("u_int_32", e_render.LongRend())
self.mem_canvas.addRenderer("u_int_64", e_render.QuadRend())
vivrend = viv_rend.WorkspaceRenderer(self.vw)
self.mem_canvas.addRenderer('Viv', vivrend)
self.mem_canvas.setRenderer('Viv')
addr = self.parseExpression(addrexpr)
size = self.parseExpression(sizeexpr)
self.canvas.addText('searching from ')
self.canvas.addVaText('0x%.8x' % addr, addr)
self.canvas.addText(' for %d bytes\n' % size)
res = self.memobj.searchMemoryRange(pattern, addr, size, regex=options.is_regex)
else:
self.vprint('searching all memory...')
res = self.memobj.searchMemory(pattern, regex=options.is_regex)
if len(res) == 0:
self.vprint('pattern not found: %s (%s)' % (pattern.encode('hex'), repr(pattern)))
return
brend = e_render.ByteRend()
self.vprint('matches for: %s (%s)' % (pattern.encode('hex'), repr(pattern)))
for va in res:
mbase,msize,mperm,mfile = self.memobj.getMemoryMap(va)
pname = e_mem.reprPerms(mperm)
sname = self.reprPointer(va)
self.canvas.addVaText('0x%.8x' % va, va)
self.canvas.addText(': ')
self.canvas.addText('%s ' % pname)
self.canvas.addText(sname)
if options.num_context_bytes != None:
self.canvas.addText('\n')
self.canvas.renderMemory(va, options.num_context_bytes, rend=brend)
def loadDefaultRenderers(self):
self.mem_canvas.addRenderer("bytes", e_render.ByteRend())
self.mem_canvas.addRenderer("u_int_16", e_render.ShortRend())
self.mem_canvas.addRenderer("u_int_32", e_render.LongRend())
self.mem_canvas.addRenderer("u_int_64", e_render.QuadRend())
def __init__(self):
QDialog.__init__(self)
self.modes = [
'ascii', 'hex', 'regex', 'utf-8', 'utf-16-le', 'utf-16-be'
]
self.pattern = None
self.filename = None
rend = e_render.ByteRend()
self.canvas = e_canvas.StringMemoryCanvas(None)
self.canvas.addRenderer('bytes', rend)
hbox1 = QHBoxLayout()
mode_label = QLabel('Input: ')
self.mode_combo = QComboBox()
self.mode_combo.addItems(self.modes)
self.mode_combo.currentIndexChanged.connect(self.encodingChanged)
hbox1.addWidget(mode_label)
hbox1.addWidget(self.mode_combo, alignment=QtCore.Qt.AlignLeft)
hbox1.addStretch(1)
hbox2 = QHBoxLayout()
data_label = QLabel('Bytes: ')
self.data_edit = QLineEdit()
hbox2.addWidget(data_label)
hbox2.addWidget(self.data_edit)
vbox1 = QVBoxLayout()
vbox1.addLayout(hbox1)
vbox1.addLayout(hbox2)
gbox1 = QGroupBox('Search Criteria')
gbox1.setLayout(vbox1)
hbox3 = QHBoxLayout()
vbox_hex_label = QVBoxLayout() # for align to top.
hex_label = QLabel('Hex: ')
vbox_hex_label.addWidget(hex_label, alignment=QtCore.Qt.AlignTop)
self.hex_edit = QPlainTextEdit()
self.hex_edit.setReadOnly(True)
font = QtGui.QFont('Courier') # should use actual memcanvas.
self.hex_edit.setFont(font)
hbox3.addLayout(vbox_hex_label)
hbox3.addWidget(self.hex_edit)
vbox2 = QVBoxLayout()
vbox2.addLayout(hbox3)
gbox2 = QGroupBox('Bytes to Search For')
gbox2.setLayout(vbox2)
hbox4 = QHBoxLayout()
save_check = QCheckBox('Save Search Results')
save_check.stateChanged.connect(self.checkChanged)
self.fname_label = QLabel('')
buttons = QDialogButtonBox()
buttons.setStandardButtons(QDialogButtonBox.Cancel
| QDialogButtonBox.Ok)
buttons.accepted.connect(self.okClicked)
buttons.rejected.connect(self.cancelClicked)
hbox4.addWidget(save_check)
hbox4.addWidget(self.fname_label)
hbox4.addWidget(buttons)
vbox = QVBoxLayout()
vbox.addWidget(gbox1)
vbox.addWidget(gbox2)
vbox.addLayout(hbox4)
self.setLayout(vbox)
self.setWindowTitle('Memory Search')
self.resize(650, 300)
self.data_edit.setFocus()
def __init__(self, expr='', esize='', emu=None, parent=None):
QWidget.__init__(self, parent=parent)
self.modes = [
'ascii', 'hex', 'regex', 'utf-8', 'utf-16-le', 'utf-16-be'
]
rend_orig = e_render.ByteRend()
self.canvas_orig = e_canvas.StringMemoryCanvas(None)
self.canvas_orig.addRenderer('bytes', rend_orig)
rend_new = e_render.ByteRend()
self.canvas_new = e_canvas.StringMemoryCanvas(None)
self.canvas_new.addRenderer('bytes', rend_new)
hbox1 = QHBoxLayout()
self.nav = MemNavWidget()
self.nav.userChanged.connect(self.renderMemory)
self.renderRequest.connect(self.nav.setValues)
hbox1.addWidget(self.nav)
hbox2 = QHBoxLayout()
self.hex_edit = QPlainTextEdit()
self.hex_edit.setWordWrapMode(QtGui.QTextOption.NoWrap)
self.hex_edit.setReadOnly(True)
font = QtGui.QFont('Courier') # should use actual memcanvas
self.hex_edit.setFont(font)
hbox2.addWidget(self.hex_edit)
vbox1 = QVBoxLayout()
vbox1.addLayout(hbox1)
vbox1.addLayout(hbox2)
gbox1 = QGroupBox('Original Bytes')
gbox1.setLayout(vbox1)
hbox3 = QHBoxLayout()
mode_label = QLabel('Input:')
self.mode_combo = QComboBox()
self.mode_combo.addItems(self.modes)
self.mode_combo.currentIndexChanged.connect(self.encodingChanged)
hbox3.addWidget(mode_label)
hbox3.addWidget(self.mode_combo, alignment=QtCore.Qt.AlignLeft)
hbox3.addStretch(1)
hbox4 = QHBoxLayout()
data_label = QLabel('Bytes:')
self.data_edit = VQLineEdit()
self.data_edit.keyReleased.connect(self.keyReleasedSlot)
hbox4.addWidget(data_label)
hbox4.addWidget(self.data_edit)
vbox2 = QVBoxLayout()
vbox2.addLayout(hbox3)
vbox2.addLayout(hbox4)
gbox2 = QGroupBox('New Bytes')
gbox2.setLayout(vbox2)
hbox5 = QHBoxLayout()
self.hex_preview = QPlainTextEdit()
self.hex_preview.setWordWrapMode(QtGui.QTextOption.NoWrap)
self.hex_preview.setReadOnly(True)
self.hex_preview.setFont(font)
hbox5.addWidget(self.hex_preview)
vbox3 = QVBoxLayout()
vbox3.addLayout(hbox5)
gbox3 = QGroupBox('Result Preview')
gbox3.setLayout(vbox3)
hbox6 = QHBoxLayout()
button = QPushButton('Write Memory')
button.clicked.connect(self.buttonClicked)
hbox6.addWidget(button)
vbox = QVBoxLayout()
vbox.addWidget(gbox1)
vbox.addWidget(gbox2)
vbox.addWidget(gbox3)
vbox.addLayout(hbox6)
self.setLayout(vbox)
self.setWindowTitle('Memory Write')
self.resize(650, 500)
self.data_edit.setFocus()
self.emu = emu
self.renderMemory(expr, esize)
def test_do_cmds(self):
mem = e_mem.MemoryObject()
mem.addMemoryMap(0x41410000, 7, 'testmem', b'@ABCDEF' * 256)
ecli = e_cli.EnviCli(mem)
ecli.canvas = e_mcanvas.StringMemoryCanvas(mem)
ecli.canvas.addRenderer("bytes", e_render.ByteRend())
ecli.canvas.addRenderer("u_int_16", e_render.ShortRend())
ecli.canvas.addRenderer("u_int_32", e_render.LongRend())
ecli.canvas.addRenderer("u_int_64", e_render.QuadRend())
# do_alias
ecli.do_alias('')
output = ecli.canvas.strval
self.assertIn('Runtime Aliases (not saved):', output)
self.assertIn('Configured Aliases:', output)
ecli.canvas.clearCanvas()
# do_binstr
ecli.do_binstr('47145')
output = ecli.canvas.strval
self.assertIn('0x0000b829 (47145) 1011100000101001', output)
ecli.canvas.clearCanvas()
# do_clear
ecli.vprint("foobar")
ecli.do_clear('')
output = ecli.canvas.strval
self.assertEqual('', output)
ecli.canvas.clearCanvas()
# do_config
ecli.do_config('')
output = ecli.canvas.strval
self.assertIn('cli.verbose = False\n', output)
ecli.canvas.clearCanvas()
# do_EOF
ecli.do_EOF('')
output = ecli.canvas.strval
self.assertIn('Use quit\n', output)
ecli.canvas.clearCanvas()
# do_eval
ecli.do_eval('0x40 + 0x47145')
output = ecli.canvas.strval
self.assertIn('0x40 + 0x47145 = 0x00047185 (291205)\n', output)
ecli.canvas.clearCanvas()
# do_maps
ecli.do_maps('')
output = ecli.canvas.strval
self.assertIn('0x41410000', output)
ecli.canvas.clearCanvas()
ecli.do_maps('0x41410001')
output = ecli.canvas.strval
self.assertIn(' 0x41410001\n0x41410000', output)
ecli.canvas.clearCanvas()
# do_mem
ecli.do_mem('0x41410001 20')
output = ecli.canvas.strval
self.assertIn(
'0x41410001 41 42 43 44 45 46 40 41 42 43 44 45 46 40 41 42 ABCDEF@ABCDEF@AB\n0x41410011 43 44 45 46 40 41 42 43 44 45 46 40 41 42 43 44 CDEF@ABCDEF@ABCD\n',
output)
ecli.canvas.clearCanvas()
ecli.do_mem('-F u_int_16 0x41410001 20')
output = ecli.canvas.strval
self.assertIn(
'0x41410001 4241 4443 4645 4140 4342 4544 4046 4241 ABCDEF@ABCDEF@AB\n0x41410011 4443 4645 4140 4342 4544 4046 4241 4443 CDEF@ABCDEF@ABCD\n',
output)
ecli.canvas.clearCanvas()
ecli.do_mem('-F u_int_32 0x41410001 20')
output = ecli.canvas.strval
self.assertIn(
'0x41410001 44434241 41404645 45444342 42414046 ABCDEF@ABCDEF@AB\n0x41410011 46454443 43424140 40464544 44434241 CDEF@ABCDEF@ABCD\n',
output)
ecli.canvas.clearCanvas()
ecli.do_mem('-F u_int_64 0x41410001 20')
output = ecli.canvas.strval
self.assertIn(
'0x0000000041410001 4140464544434241 4241404645444342 ABCDEF@ABCDEF@AB\n0x0000000041410011 4342414046454443 4443424140464544 CDEF@ABCDEF@ABCD\n',
output)
ecli.canvas.clearCanvas()
# do_memcmp
ecli.do_memcmp('0x41410001 0x41410005 20')
output = ecli.canvas.strval
self.assertIn(
'==== 20 byte difference at offset 0\n0x41410001:4142434445464041424344454640414243444546\n0x41410005:4546404142434445464041424344454640414243\n',
output)
ecli.canvas.clearCanvas()
# do_memdump
ecli.do_memdump('0x41410001 /tmp/foo40 20')
output = ecli.canvas.strval
self.assertIn('wrote 20 bytes.\n', output)
ecli.canvas.clearCanvas()
with open('/tmp/foo40', 'rb') as testfile:
self.assertEqual(testfile.read(), b'ABCDEF@ABCDEF@ABCDEF')
ecli.canvas.clearCanvas()
# do_python
ecli.do_python(
'with open("/tmp/foo41", "wb") as testfile:\n\ttestfile.write(b"Test Worked")'
)
output = ecli.canvas.strval
with open('/tmp/foo41', 'rb') as testfile:
self.assertEqual(testfile.read(), b'Test Worked')
ecli.canvas.clearCanvas()
# do_saveout
ecli.do_saveout('/tmp/foo42 search ABCDEF')
output = ecli.canvas.strval
self.assertIn('\ndone (256 results).\n', output)
ecli.canvas.clearCanvas()
# do_search
ecli.do_search('ABCDEF')
output = ecli.canvas.strval
self.assertIn('\ndone (256 results).\n', output)
ecli.canvas.clearCanvas()
def do_search(self, line):
'''
search memory for patterns.
search [options] <pattern>
-e <codec> encode the pattern with a codec (hex, utf-16le, etc)
-X pattern is in hex (ie. 41414242 is AABB)
-E pattern is an envi memory expression (numeric search)
-r pattern is a regular expression
-R <baseexpr:sizeexpr> search a range of memory (base + size)
-c show context (32 bytes) after each hit
'''
parser = VOptionParser()
parser.add_option('-e', action='store', dest='encode_as')
parser.add_option('-X', action='store_true', dest='is_hex')
parser.add_option('-E', action='store_true', dest='is_expr')
parser.add_option('-r', action='store_true', dest='is_regex')
parser.add_option('-R', action='store', dest='range_search')
parser.add_option('-c',
action='store_const',
dest='num_context_bytes',
const=32)
argv = shlex.split(line)
try:
options, args = parser.parse_args(argv)
except Exception as e:
self.vprint(repr(e))
return self.do_help('search')
pattern = ' '.join(args)
if len(pattern) == 0:
self.vprint('you must specify a pattern')
return self.do_help('search')
if options.is_expr:
import struct #FIXME see below
sval = self.parseExpression(pattern)
pattern = struct.pack('<L', sval) # FIXME 64bit (and alt arch)
if options.is_hex:
pattern = binascii.unhexlify(pattern)
if options.encode_as is not None:
if options.encode_as == 'hex':
pattern = binascii.hexlify(patter)
else:
pattern = pattern.encode(options.encode_as)
if options.range_search:
try:
addrexpr, sizeexpr = options.range_search.split(":")
except Exception as e:
self.vprint(repr(e))
return self.do_help('search')
addr = self.parseExpression(addrexpr)
size = self.parseExpression(sizeexpr)
self.canvas.addText('searching from ')
self.canvas.addVaText('0x%.8x' % addr, addr)
self.canvas.addText(' for %d bytes\n' % size)
res = self.memobj.searchMemoryRange(pattern,
addr,
size,
regex=options.is_regex)
else:
self.vprint('searching all memory...')
res = self.memobj.searchMemory(pattern, regex=options.is_regex)
if len(res) == 0:
self.vprint('pattern not found: %s (%s)' %
(binascii.hexlify(pattern), repr(pattern)))
return
brend = e_render.ByteRend()
self.vprint('matches for: %s (%s)' %
(binascii.hexlify(pattern), repr(pattern)))
for va in res:
mbase, msize, mperm, mfile = self.memobj.getMemoryMap(va)
pname = e_mem.reprPerms(mperm)
sname = self.reprPointer(va)
self.canvas.addVaText('0x%.8x' % va, va)
self.canvas.addText(': ')
self.canvas.addText('%s ' % pname)
self.canvas.addText(sname)
if options.num_context_bytes is not None:
self.canvas.addText('\n')
self.canvas.renderMemory(va,
options.num_context_bytes,
rend=brend)
self.canvas.addText('\n')
self.vprint('done (%d results).' % len(res))