Merge pull request #1104 from serpilliere/multiple_fix

Multiple fix
cea-sec · Nov 26, 2019 · c37cec9 · c37cec9
2 parents 30916ae + 87dba49
commit c37cec9
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 33 deletions.
diff --git a/example/jitter/x86_32.py b/example/jitter/x86_32.py
@@ -29,5 +29,4 @@ def code_sentinelle(jitter):
 
 myjit.add_breakpoint(0x1337beef, code_sentinelle)
 
-myjit.init_run(run_addr)
-myjit.continue_run()
+myjit.run(run_addr)
diff --git a/miasm/core/interval.py b/miasm/core/interval.py
@@ -125,16 +125,26 @@ def __eq__(self, i):
     def __ne__(self, other):
         return not self.__eq__(other)
 
-    def __add__(self, i):
-        if isinstance(i, interval):
-            i = i.intervals
-        i = interval(self.intervals + i)
-        return i
+    def union(self, other):
+        """
+        Return the union of intervals
+        @other: interval instance
+        """
+
+        if isinstance(other, interval):
+            other = other.intervals
+        other = interval(self.intervals + other)
+        return other
+
+    def difference(self, other):
+        """
+        Return the difference of intervals
+        @other: interval instance
+        """
 
-    def __sub__(self, v):
         to_test = self.intervals[:]
         i = -1
-        to_del = v.intervals[:]
+        to_del = other.intervals[:]
         while i < len(to_test) - 1:
             i += 1
             x = to_test[i]
@@ -181,12 +191,17 @@ def __sub__(self, v):
                     raise ValueError('unknown state', rez)
         return interval(to_test)
 
-    def __and__(self, v):
+    def intersection(self, other):
+        """
+        Return the intersection of intervals
+        @other: interval instance
+        """
+
         out = []
         for x in self.intervals:
             if x[0] > x[1]:
                 continue
-            for y in v.intervals:
+            for y in other.intervals:
                 rez = cmp_interval(x, y)
 
                 if rez == INT_DISJOIN:
@@ -214,6 +229,16 @@ def __and__(self, v):
                     raise ValueError('unknown state', rez)
         return interval(out)
 
+
+    def __add__(self, other):
+        return self.union(other)
+
+    def __and__(self, other):
+        return self.intersection(other)
+
+    def __sub__(self, other):
+        return self.difference(other)
+
     def hull(self):
         "Return the first and the last bounds of intervals"
         if not self.intervals:

diff --git a/miasm/jitter/jitload.py b/miasm/jitter/jitload.py
@@ -413,6 +413,16 @@ def continue_run(self, step=False):
 
         return None
 
+
+    def run(self, addr):
+        """
+        Launch emulation
+        @addr: (int) start address
+        """
+        self.init_run(addr)
+        return self.continue_run()
+
+
     def init_stack(self):
         self.vm.add_memory_page(
             self.stack_base,

diff --git a/miasm/jitter/loader/pe.py b/miasm/jitter/loader/pe.py
@@ -30,12 +30,8 @@ def get_pe_dependencies(pe_obj):
     out = set()
     for dependency in pe_obj.DirImport.impdesc:
         libname = dependency.dlldescname.name.lower()
-        # transform bytes to chr
-        if isinstance(libname, bytes):
-            libname_str = ''
-            for c in libname:
-                libname_str += chr(c)
-            libname = libname_str
+        # transform bytes to str
+        libname = force_str(libname)
         out.add(libname)
 
     # If binary has redirected export, add dependencies
@@ -327,8 +323,12 @@ def vm2pe(myjit, fname, libs=None, e_orig=None,
     addrs = list(all_mem)
     addrs.sort()
     entry_point = mye.virt2rva(myjit.pc)
-    if not 0 < entry_point < 0xFFFFFFFF:
-        raise ValueError("Cannot compute a valid entry point RVA")
+    if entry_point is None or not 0 < entry_point < 0xFFFFFFFF:
+        raise ValueError(
+            "Current pc (0x%x) used as entry point seems to be out of the binary" %
+            myjit.pc
+        )
+
     mye.Opthdr.AddressOfEntryPoint = entry_point
     first = True
     for ad in addrs:

diff --git a/miasm/jitter/loader/utils.py b/miasm/jitter/loader/utils.py
@@ -8,7 +8,7 @@
 hnd = logging.StreamHandler()
 hnd.setFormatter(logging.Formatter("[%(levelname)s]: %(message)s"))
 log.addHandler(hnd)
-log.setLevel(logging.DEBUG)
+log.setLevel(logging.INFO)
 
 
 def canon_libname_libfunc(libname, libfunc):
@@ -39,9 +39,9 @@ def lib_get_add_base(self, name):
         assert isinstance(name, basestring)
         name = name.lower().strip(' ')
         if not "." in name:
-            log.debug('warning adding .dll to modulename')
+            log.warning('warning adding .dll to modulename')
             name += '.dll'
-            log.debug(name)
+            log.warning(name)
 
         if name in self.name2off:
             ad = self.name2off[name]

diff --git a/miasm/loader/pe_init.py b/miasm/loader/pe_init.py
@@ -476,18 +476,30 @@ def off2rva(self, off):
             return
         return off - section.offset + section.addr
 
-    def virt2rva(self, virt):
-        if virt is None:
-            return
-        return virt - self.NThdr.ImageBase
+    def virt2rva(self, addr):
+        """
+        Return rva of virtual address @addr; None if addr is below ImageBase
+        """
+        if addr is None:
+            return None
+        rva = addr - self.NThdr.ImageBase
+        if rva < 0:
+            return None
+        return rva
 
     def rva2virt(self, rva):
         if rva is None:
             return
         return rva + self.NThdr.ImageBase
 
-    def virt2off(self, virt):
-        return self.rva2off(self.virt2rva(virt))
+    def virt2off(self, addr):
+        """
+        Return offset of virtual address @addr
+        """
+        rva = self.virt2rva(addr)
+        if rva is None:
+            return None
+        return self.rva2off(rva)
 
     def off2virt(self, off):
         return self.rva2virt(self.off2rva(off))

diff --git a/miasm/os_dep/win_api_x86_32.py b/miasm/os_dep/win_api_x86_32.py
@@ -757,7 +757,6 @@ def kernel32_VirtualProtect(jitter):
         old = jitter.vm.get_mem_access(args.lpvoid)
         jitter.vm.set_u32(args.lpfloldprotect, ACCESS_DICT_INV[old])
 
-    print("XXX VIRTUALP")
     log.warn("set page %x %x", args.lpvoid, args.dwsize)
     for addr, data in jitter.vm.get_all_memory().items():
         size = data["size"]

diff --git a/miasm/os_dep/win_api_x86_32_seh.py b/miasm/os_dep/win_api_x86_32_seh.py
@@ -130,16 +130,16 @@ def build_peb(jitter, peb_address):
     """
 
     if main_pe:
-        offset, length = peb_address + 8, 4
+        offset, length = 8, 4
     else:
-        offset, length = peb_address + 0xC, 0
+        offset, length = 0xC, 0
     length += 4
 
     jitter.vm.add_memory_page(
-        offset,
+        peb_address + offset,
         PAGE_READ | PAGE_WRITE,
         b"\x00" * length,
-        "PEB"
+        "PEB + 0x%x" % offset
     )
 
     Peb = PEB(jitter.vm, peb_address)