#! /usr/bin/env python2 #-*- coding:utf-8 -*- import logging from pdb import pm from miasm2.analysis.sandbox import Sandbox_Linux_arml # Get arguments parser = Sandbox_Linux_arml.parser(description="""Sandbox an elf binary with arm engine (ex: jit_arm.py samples/md5_arm -a A684)""") parser.add_argument("filename", help="ELF Filename") parser.add_argument('-v', "--verbose", help="verbose mode", action="store_true") options = parser.parse_args() # Prepare the sandbox sb = Sandbox_Linux_arml(options.filename, options, globals()) # Handle 'verbose' option if options.verbose is True: logging.basicConfig(level=logging.INFO) else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: print sb.jitter.vm # Run the code sb.run()
#!/usr/bin/env python #-*- coding:utf-8 -*- import logging from pdb import pm from miasm2.analysis.sandbox import Sandbox_Linux_arml # Get arguments parser = Sandbox_Linux_arml.parser( description="""Sandbox an elf binary with arm engine (ex: jit_arm.py samples/md5_arm -a A684)""") parser.add_argument("filename", help="ELF Filename") parser.add_argument('-v', "--verbose", help="verbose mode", action="store_true") options = parser.parse_args() # Prepare the sandbox sb = Sandbox_Linux_arml(options.filename, options, globals()) # Handle 'verbose' option if options.verbose is True: logging.basicConfig(level=logging.INFO) else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: sb.jitter.vm.dump_memory_page_pool() if options.address is None:
# Extension of the Python jitter to track memory accesses class ESETrackMemory(EmulatedSymbExec): """Emulated symb exec with memory access tracking""" def mem_read(self, expr_mem): value = super(ESETrackMemory, self).mem_read(expr_mem) print "Read %s: %s" % (expr_mem, value) return value def mem_write(self, dest, data): print "Write %s: %s" % (dest, data) return super(ESETrackMemory, self).mem_write(dest, data) # Parse arguments parser = Sandbox_Linux_arml.parser(description="Tracer") parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() # Use our memory tracker JitCore_Python.SymbExecClass = ESETrackMemory # Create sandbox, forcing Python jitter options.jitter = "python" sb = Sandbox_Linux_arml(options.filename, options, globals()) # Force jit one instr per call, and register our callback sb.jitter.jit.set_options(jit_maxline=1, max_exec_per_call=1) sb.jitter.exec_cb = instr_hook # Run
"""This example illustrate the Sandbox.call API, for direct call of a given function""" from miasm2.analysis.sandbox import Sandbox_Linux_arml from miasm2.analysis.binary import Container from miasm2.os_dep.linux_stdlib import linobjs from miasm2.core.utils import hexdump # Parse arguments parser = Sandbox_Linux_arml.parser(description="ELF sandboxer") parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() sb = Sandbox_Linux_arml(options.filename, options, globals()) with open(options.filename, "rb") as fdesc: cont = Container.from_stream(fdesc) loc_key = cont.loc_db.get_name_location("md5_starts") addr_to_call = cont.loc_db.get_location_offset(loc_key) # Calling md5_starts(malloc(0x64)) addr = linobjs.heap.alloc(sb.jitter, 0x64) sb.call(addr_to_call, addr) hexdump(sb.jitter.vm.get_mem(addr, 0x64))
# Extension of the Python jitter to track memory accesses class ESETrackMemory(EmulatedSymbExec): """Emulated symb exec with memory access tracking""" def _func_read(self, expr_mem): value = super(ESETrackMemory, self)._func_read(expr_mem) print "Read %s: %s" % (expr_mem, value) return value def _func_write(self, symb_exec, dest, data): print "Write %s: %s" % (dest, data) return super(ESETrackMemory, self)._func_write(symb_exec, dest, data) # Parse arguments parser = Sandbox_Linux_arml.parser(description="Tracer") parser.add_argument("filename", help="ELF Filename") options = parser.parse_args() # Use our memory tracker JitCore_Python.SymbExecClass = ESETrackMemory # Create sandbox, forcing Python jitter options.jitter = "python" sb = Sandbox_Linux_arml(options.filename, options, globals()) # Force jit one instr per call, and register our callback sb.jitter.jit.set_options(jit_maxline=1, max_exec_per_call=1) sb.jitter.exec_cb = instr_hook # Run