Comments (2)
serpilliere
commented on May 10, 2024
You are right. There is a bad cast in umod/udiv arguments.
I will fix this.
By the way: Here is a little script to handle correctly linux shellcode and syscalls.
from pdb import pm
from miasm2.core.utils import *
from miasm2.jitter.jitload import EXCEPT_INT_XX
from miasm2.analysis.sandbox import Sandbox, OS_Linux_str, Arch_x86_32
class Sandbox_Linux_x86_32_str(Sandbox, Arch_x86_32, OS_Linux_str):
def __init__(self, *args, **kwargs):
Sandbox.__init__(self, *args, **kwargs)
self.jitter.push_uint32_t(0x1337beef)
# Set the runtime guard
self.jitter.add_breakpoint(0x1337beef, self.__class__.code_sentinelle)
def run(self, addr = None):
if addr is None and self.options.address is not None:
addr = int(self.options.address, 16)
super(Sandbox_Linux_x86_32_str, self).run(addr)
parser = Sandbox_Linux_x86_32_str.parser(description="str sandboxer")
parser.add_argument("filename", help="PE Filename")
options = parser.parse_args()
# Create sandbox
sb = Sandbox_Linux_x86_32_str(options.filename, options, globals())
def exception_int(jitter):
if jitter.cpu.EAX == 0x66:
# socketcall
print 'args', hex(jitter.cpu.EBX), hex(jitter.cpu.ECX)
if jitter.cpu.EBX == 1:
print 'SOCKET'
jitter.cpu.EAX = 3
elif jitter.cpu.EBX == 2:
print 'BIND'
jitter.cpu.EAX = 3
elif jitter.cpu.EBX == 4:
print 'LISTEN'
jitter.cpu.EAX = 3
elif jitter.cpu.EBX == 5:
print 'ACCEPT'
jitter.cpu.EAX = 3
elif jitter.cpu.EBX == 9:
args = []
for i in xrange(3):
args.append(upck32(jitter.vm.get_mem(jitter.cpu.ECX+4*i, 4)))
print [hex(arg) for arg in args]
buf = jitter.vm.get_mem(args[1], args[2])
print 'BUF sent', repr(buf)
jitter.cpu.EAX = len(buf)
elif jitter.cpu.EBX == 10:
print 'RECV'
args = []
for i in xrange(3):
args.append(upck32(jitter.vm.get_mem(jitter.cpu.ECX+4*i, 4)))
print [hex(arg) for arg in args]
buf = "gotfault"
jitter.vm.set_mem(args[1], buf)
print 'BUF RECV'
jitter.cpu.EAX = len(buf)
else:
raise NotImplementedError('unknown socketcall %d'%jitter.cpu.EAX)
elif jitter.cpu.EAX == 0x1:
print 'EXIT'
return False
pass
elif jitter.cpu.EAX == 63:
print "DUP2"
jitter.cpu.EAX = 8
else:
raise NotImplementedError('unknown syscall %d'%jitter.cpu.EAX)
jitter.cpu.set_exception(0)
return True
def dump_pwd(jitter):
print repr(jitter.vm.get_mem(jitter.cpu.ESI, jitter.cpu.ECX))
print repr(jitter.vm.get_mem(jitter.cpu.EDI, jitter.cpu.ECX))
return True
sb.jitter.add_exception_handler(EXCEPT_INT_XX, exception_int)
sb.jitter.add_breakpoint(0x80, dump_pwd)
sb.run(0x0)from miasm.
Summus-31c04089c3cd80
commented on May 10, 2024
Hi,
Thank you for the fix !
The script I gave you is only for testing when I have a problem with my complete script :)
I use it on command line (ipython) to explore the jitter, or at least the memory, to understand what is going wrong.
from miasm.
Related Issues (20)
- cannot convert miasm ir to llvm ir HOT 1
- How can i save passes to asmcfg HOT 1
- test_all.py errors HOT 4
- How to draw a single block? HOT 2
- x86-64 out of order IR block (add_asmblock_to_ircfg -> add_instr_to_current_state) HOT 2
- Miasm mn_x86.fromstring does not recognize JE/JNE instructions HOT 1
- CMP and CMOV? analysis HOT 2
- [ARM-semantic] Implement carry flag for basic shifters HOT 2
- Convert miasm IR to llvm IR: AttributeError: 'LLVMContext_IRCompilation' object has no attribute 'vmcpu' HOT 2
- Rebasing program in graph HOT 2
- Error when using iterator from DependencyGraph object HOT 2
- Unrolling of loop in SSA through symbolic execution HOT 10
- Exporting `AsmCFG` to `dot` format might generate `dot` code that fails to parse if the `HTML` node label if it contains `>]<`
- miasm in Rust #2 HOT 2
- confusing doc on how to compile on windows. doc added on readme
- FreeBSD Build Error HOT 1
- ImportError: cannot import name 'JitCore_x86' from 'miasm.jitter.arch' HOT 2
- Early stop of IR CFG's Symbolic Execution (stops at SHR instruction) HOT 12
- Apply repo-review suggestions?
- Make disassembly output AT&T syntax? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from miasm.