mdis.dont_dis_nulstart_bloc = True
ab = mdis.dis_multibloc(ep)
bb = asmbloc.basicblocs(ab)
leaves = bb.get_bad_dst()
assert(len(leaves) == 1)
l = leaves.pop()
logging.info(l)
end_label = l.label.offset
logging.info('final label')
logging.info(end_label)
# Export CFG graph (dot format)
if options.graph is True:
g = asmbloc.bloc2graph(ab)
open("graph.txt", "w").write(g)
if options.verbose is True:
sb.jitter.vm.dump_memory_page_pool()
def update_binary(jitter):
sb.pe.Opthdr.AddressOfEntryPoint = sb.pe.virt2rva(jitter.pc)
logging.info('updating binary')
for s in sb.pe.SHList:
sdata = sb.jitter.vm.get_mem(sb.pe.rva2virt(s.addr), s.rawsize)
sb.pe.virt[sb.pe.rva2virt(s.addr)] = sdata
with open(args.source) as fstream:
source = fstream.read()
blocs, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source)
# Fix shellcode addrs
symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main)
if args.PE:
symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"),
pe.DirImport.get_funcvirt('MessageBoxA'))
# Print and graph firsts blocs before patching it
for bloc in blocs:
print bloc
graph = asmbloc.bloc2graph(blocs)
open("graph.dot", "w").write(graph)
# Apply patches
patches = asmbloc.asm_resolve_final(machine.mn,
blocs,
symbol_pool,
dst_interval)
if args.encrypt:
# Encrypt code
ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset
ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset
new_patches = dict(patches)
for ad, val in patches.items():
if ad_start <= ad < ad_stop:
import sys
from elfesteem import pe_init
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph
from miasm2.core.bin_stream import bin_stream_pe
if len(sys.argv) != 3:
print "Example:"
print "%s box_upx.exe 0x410f90" % sys.argv[0]
sys.exit(0)
fname = sys.argv[1]
ad = int(sys.argv[2], 16)
e = pe_init.PE(open(fname).read())
bs = bin_stream_pe(e.virt)
mdis = dis_x86_32(bs)
# inform the engine not to disasm nul instructions
mdis.dont_dis_nulstart_bloc = True
blocs = mdis.dis_multibloc(ad)
g = bloc2graph(blocs)
open("graph.txt", "w").write(g)
import sys
from miasm2.arch.x86.disasm import dis_x86_32
from miasm2.core.asmbloc import bloc2graph
from miasm2.analysis.binary import Container
from pdb import pm
if len(sys.argv) != 3:
print 'Example:'
print "%s samples/box_upx.exe 0x407570" % sys.argv[0]
sys.exit(0)
addr = int(sys.argv[2], 16)
cont = Container.from_stream(open(sys.argv[1]))
mdis = dis_x86_32(cont.bin_stream)
# Inform the engine to avoid disassembling null instructions
mdis.dont_dis_nulstart_bloc = True
blocs = mdis.dis_multibloc(addr)
graph = bloc2graph(blocs)
open('graph.txt', 'w').write(graph)
.byte 0x11
mystr:
.string "test string"
mystrend:
.long 0
'''
blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt)
blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt)
# fix shellcode addr
symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0x0)
symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0x0)
# graph sc####
g = asmbloc.bloc2graph(blocs_l[0])
open("graph.txt", "w").write(g)
s_b = StrPatchwork()
s_l = StrPatchwork()
print "symbols"
print symbol_pool_l
# dont erase from start to shell code padading
resolved_b, patches_b = asmbloc.asm_resolve_final(my_mn, blocs_b[0],
symbol_pool_b)
resolved_l, patches_l = asmbloc.asm_resolve_final(my_mn, blocs_l[0],
symbol_pool_l)
print patches_b
for offset, raw in patches_b.items():
with open(args.source) as fstream:
source = fstream.read()
blocs, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source)
# Fix shellcode addrs
symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main)
if args.PE:
symbol_pool.set_offset(symbol_pool.getby_name_create("MessageBoxA"),
pe.DirImport.get_funcvirt('MessageBoxA'))
# Print and graph firsts blocs before patching it
for bloc in blocs[0]:
print bloc
graph = asmbloc.bloc2graph(blocs[0])
open("graph.txt", "w").write(graph)
# Apply patches
patches = asmbloc.asm_resolve_final(machine.mn, blocs[0], symbol_pool,
dst_interval)
if args.encrypt:
# Encrypt code
ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset
ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset
new_patches = dict(patches)
for ad, val in patches.items():
if ad_start <= ad < ad_stop:
new_patches[ad] = "".join([chr(ord(x) ^ 0x42) for x in val])
patches = new_patches
if args.try_disasm_all:
for a, b in done_interval.intervals:
if b in done:
continue
log.debug('add func %s' % hex(b))
todo.append((mdis, None, b))
# Generate dotty graph
all_blocs = []
for blocs in all_funcs_blocs.values():
all_blocs += blocs
# for b in blocs:
# print b
log.info('generate graph file')
g = bloc2graph(all_blocs, True)
open('graph_execflow.txt', 'w').write(g)
log.info('generate intervals')
all_lines = []
total_l = 0
print done_interval
if args.image:
log.info('build img')
done_interval.show()
for i, j in done_interval.intervals:
log.debug((hex(i), "->", hex(j)))
for a, b in done_interval.intervals:
if b in done:
continue
log.debug('add func %s' % hex(b))
todo.append((mdis, None, b))
# Generate dotty graph
all_blocs = []
for blocs in all_funcs_blocs.values():
all_blocs += blocs
# for b in blocs:
# print b
log.info('generate graph file')
g = bloc2graph(all_blocs, True)
open('graph_execflow.txt', 'w').write(g)
log.info('generate intervals')
all_lines = []
total_l = 0
print done_interval
if args.image:
log.info('build img')
done_interval.show()
for i, j in done_interval.intervals:
log.debug((hex(i), "->", hex(j)))
ADD SP, 0x100
POP {PC}
mystr:
.string "toto"
'''
blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt)
blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt)
# fix shellcode addr
symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0)
symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0)
# graph sc####
g = asmbloc.bloc2graph(blocs_b[0])
open("graph.txt", "w").write(g)
s_b = StrPatchwork()
s_l = StrPatchwork()
print "symbols"
print symbol_pool_b
# dont erase from start to shell code padading
resolved_b, patches_b = asmbloc.asm_resolve_final(
my_mn, blocs_b[0], symbol_pool_b)
resolved__l, patches_l = asmbloc.asm_resolve_final(
my_mn, blocs_l[0], symbol_pool_l)
print patches_b
print patches_l
mystr:
.string "test string"
mystrend:
.long 0
'''
blocs_b, symbol_pool_b = parse_asm.parse_txt(my_mn, "b", txt)
blocs_l, symbol_pool_l = parse_asm.parse_txt(my_mn, "l", txt)
# fix shellcode addr
symbol_pool_b.set_offset(symbol_pool_b.getby_name("main"), 0x0)
symbol_pool_l.set_offset(symbol_pool_l.getby_name("main"), 0x0)
# graph sc####
g = asmbloc.bloc2graph(blocs_l[0])
open("graph.txt", "w").write(g)
s_b = StrPatchwork()
s_l = StrPatchwork()
print "symbols"
print symbol_pool_l
# dont erase from start to shell code padading
resolved_b, patches_b = asmbloc.asm_resolve_final(
my_mn, blocs_b[0], symbol_pool_b)
resolved_l, patches_l = asmbloc.asm_resolve_final(
my_mn, blocs_l[0], symbol_pool_l)
print patches_b
for offset, raw in patches_b.items():
