def main(args): # Init the speakeasy object, an optional logger can be supplied se = speakeasy.Speakeasy(logger=get_logger()) module = se.load_module(args.file) # Begin emulating the DLL at its defined entry point. # If all_entrypoints is set to True, all exports will be emulated sequentially. # In this example, lets just run the main entry point and call exports manually. se.run_module(module, all_entrypoints=False) # Hook user32!MessageBoxA/W and call our function; wild cards are supported here so we can # hook both versions with a single hook se.add_api_hook(hook_messagebox, "user32", "MessageBox*") # Hook all memory writes as an example se.add_mem_write_hook(hook_mem_write) # Set up some fake args arg0 = 0x0 arg1 = 0x1 # Walk the DLLs exports for exp in module.get_exports(): if exp.name == "emu_test_one": # Call an export named 'emu_test_one' and emulate it se.call(exp.address, [arg0, arg1]) if exp.name == "emu_test_two": # Call an export named 'emu_test_two' and emulate it se.call(exp.address, [arg0, arg1])
def __init__( self, target=None, is_sc=False, arch=None, data=None, logger=None, se_inst=None ): super(SpeakeasyDebugger, self).__init__() self.target = target self.is_sc = is_sc self.arch = arch self.logger = logger if not se_inst: self.se = speakeasy.Speakeasy(logger=self.logger) else: self.se = se_inst self.loaded_modules = [] self.loaded_shellcode = [] self.targets = [] self.breakpoints = {} self.init_state() if self.is_sc and not self.arch: raise DebuggerException("Architecture required when debugging shellcode") if self.target: if not self.is_sc: # Load the initial target module self.load_module(self.target) else: self.load_shellcode(self.target, self.arch)
def run(self): results = {} s = speakeasy.Speakeasy() m = s.load_module(self.filepath) s.run_module(m) results = s.get_report() return results
def main(args): # Init the speakeasy object, an optional logger can be supplied se = speakeasy.Speakeasy(logger=get_logger()) # Hook ntdll!NtReadFile so we can modify the returned buffer se.add_api_hook(hook_ntreadfile, 'ntdll', 'NtReadFile') # Load the module into the emulation space module = se.load_module(args.file) # Begin emulating the EXE at its defined entry point. se.run_module(module)
def do_restart(self, arg): """ Restart emulation from the entry point """ self.se = speakeasy.Speakeasy(logger=self.logger) if self.target: if not self.is_sc: # Load the initial target module self.load_module(self.target) else: self.load_shellcode(self.target, self.arch) self.init_state() self.do_run(None)
def run(self): results = {} s = speakeasy.Speakeasy() if self.shellcode: arch = e_arch.ARCH_AMD64 if self.arch == "x86": arch = e_arch.ARCH_X86 sc_addr = s.load_shellcode(self.filepath, arch) s.run_shellcode(sc_addr, offset=self.raw_offset or 0) else: m = s.load_module(self.filepath) s.run_module(m) results = s.get_report() return results
def main(args): se = speakeasy.Speakeasy(logger=get_logger()) module = se.load_module(args.file) se.run_module(module, all_entrypoints=False) se.add_code_hook(hook_code) # Set up some fake args arg0 = 1 arg1 = 2 # Start the RunDLL export for exp in module.get_exports(): if exp.name == 'RunDLL': se.call(exp.address, [arg0, arg1])
def run(self): results = {} s = speakeasy.Speakeasy() try: m = s.load_module(self.filepath) s.run_module(m) results = s.get_report() except SoftTimeLimitExceeded as e: error_message = ( f"job_id:{self.job_id} analyzer:{self.analyzer_name} md5:{self.md5}" f"filename: {self.filename}. Soft Time Limit Exceeded Error {e}" ) logger.error(error_message) self.report["errors"].append(str(e)) self.report["success"] = False return results
def check_shellcode_speakeasy(self, shellcode, sc): if not SPEAKEASY_MODULE: return # pragma: no cover se = speakeasy.Speakeasy() se.add_api_hook(self.hook_URLDownloadToFile, 'urlmon', 'URLDownloadToFile*') se.add_api_hook(self.hook_WinExec, 'kernel32', 'WinExec') address = se.load_shellcode(None, speakeasy.arch.ARCH_X86, data = sc) se.run_shellcode(address) if self.snippet is None: self.snippet = self.build_snippet(shellcode) self.log_shellcode_profile("SPEAKEASY", se.get_report())
def __init__(self, target=None, is_sc=False, arch=None, data=None, logger=None, se_inst=None): super(SpeakeasyDebugger, self).__init__() self.target = target self.is_sc = is_sc self.arch = arch self.logger = logger if not se_inst: self.se = speakeasy.Speakeasy(logger=self.logger) else: self.se = se_inst self.loaded_modules = [] self.loaded_shellcode = [] self.targets = [] self.se.add_code_hook(self.code_hook) self.se.add_api_hook(self.api_hook, '*', '*') # hook every API self.step = False self.running = False self._do_stop = False self.exit = False self.step_over = 0 self.next_pc = 0 self.breakpoints = {} if self.is_sc and not self.arch: raise DebuggerException( 'Architecture required when debugging shellcode') if self.target: if not self.is_sc: # Load the initial target module self.load_module(self.target) else: self.load_shellcode(self.target, self.arch)