def get_str(jit, addr):
data = jit.vm.get_mem(addr, 10)
return data[:data.find(b'\x00')].decode('utf-8')
def exception_int(jitter):
print("SYSCALL {}".format(jitter.cpu.EAX))
jitter.cpu.set_exception(0)
return True
if __name__ == '__main__':
parser = ArgumentParser(description="x86 64 basic Jitter")
parser.add_argument("filename", help="x86 64 shellcode filename")
parser.add_argument("-j",
"--jitter",
help="Jitter engine",
default="python")
args = parser.parse_args()
myjit = Machine("x86_64").jitter(args.jitter)
myjit.init_stack()
data = open(args.filename, 'rb').read()
run_addr = 0x40000000
myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data)
#myjit.set_trace_log()
myjit.add_exception_handler(EXCEPT_SYSCALL, exception_int)
myjit.run(run_addr)
myjit = Machine("x86_64").jitter(loc_db, args.jitter)
myjit.init_stack()
##end_miasm_init
# Load the binary
##begin_qbdl_load
x86_64_arch = pyqbdl.Arch(lief.ARCHITECTURES.X86, lief.ENDIANNESS.LITTLE, True)
system = MiasmSystem(myjit, x86_64_arch)
loader = pyqbdl.loaders.MachO.from_file(args.filename, x86_64_arch, system,
pyqbdl.Loader.BIND.NOW)
##end_qbdl_load
print(myjit.vm)
# Run the binary
##begin_miasm_run
def code_sentinelle(jitter):
print("[+] End!")
return False
myjit.push_uint64_t(0x1337beef)
myjit.add_breakpoint(0x1337beef, code_sentinelle)
myjit.run(loader.entrypoint)
##end_miasm_run