-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #39 from doronz88/v0.2
v2.0
- Loading branch information
Showing
65 changed files
with
4,781 additions
and
4,496 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,50 +1,50 @@ | ||
| from elftools.elf import elffile | ||
| import click | ||
|
|
||
| from fa import fainterp | ||
|
|
||
|
|
||
| class ElfLoader(fainterp.FaInterp): | ||
| def __init__(self): | ||
| super(ElfLoader, self).__init__() | ||
| self._elf = None | ||
|
|
||
| def reload_segments(self): | ||
| pass | ||
|
|
||
| def set_input(self, input_): | ||
| self._elf = elffile.ELFFile(input_) | ||
| self.endianity = '<' if self._elf.little_endian else '>' | ||
|
|
||
| self._segments = {} | ||
| for s in self._elf.iter_segments(): | ||
| if s.header['p_type'] != 'PT_LOAD': | ||
| continue | ||
| self.segments[s.header['p_vaddr']] = s.data() | ||
|
|
||
| @property | ||
| def segments(self): | ||
| return self._segments | ||
|
|
||
|
|
||
| @click.command() | ||
| @click.argument('elf_file', type=click.File('rb')) | ||
| @click.argument('signatures_root') | ||
| @click.argument('project') | ||
| def main(elf_file, signatures_root, project): | ||
| interp = ElfLoader() | ||
| interp.set_input(elf_file) | ||
| interp.set_signatures_root(signatures_root) | ||
| interp.set_project(project) | ||
|
|
||
| for k, v in interp.symbols().items(): | ||
| if isinstance(v, list) or isinstance(v, set): | ||
| if len(v) > 1: | ||
| print('# {} multiple matches'.format(k)) | ||
| continue | ||
| v = v.pop() | ||
| print('{} = 0x{:x};'.format(k, v)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| main() | ||
| from elftools.elf import elffile | ||
| import click | ||
|
|
||
| from fa import fainterp | ||
|
|
||
|
|
||
| class ElfLoader(fainterp.FaInterp): | ||
| def __init__(self): | ||
| super(ElfLoader, self).__init__() | ||
| self._elf = None | ||
|
|
||
| def reload_segments(self): | ||
| pass | ||
|
|
||
| def set_input(self, input_): | ||
| self._elf = elffile.ELFFile(input_) | ||
| self.endianity = '<' if self._elf.little_endian else '>' | ||
|
|
||
| self._segments = {} | ||
| for s in self._elf.iter_segments(): | ||
| if s.header['p_type'] != 'PT_LOAD': | ||
| continue | ||
| self.segments[s.header['p_vaddr']] = s.data() | ||
|
|
||
| @property | ||
| def segments(self): | ||
| return self._segments | ||
|
|
||
|
|
||
| @click.command() | ||
| @click.argument('elf_file', type=click.File('rb')) | ||
| @click.argument('signatures_root') | ||
| @click.argument('project') | ||
| def main(elf_file, signatures_root, project): | ||
| interp = ElfLoader() | ||
| interp.set_input(elf_file) | ||
| interp.set_signatures_root(signatures_root) | ||
| interp.set_project(project) | ||
|
|
||
| for k, v in interp.symbols().items(): | ||
| if isinstance(v, list) or isinstance(v, set): | ||
| if len(v) > 1: | ||
| print('# {} multiple matches'.format(k)) | ||
| continue | ||
| v = v.pop() | ||
| print('{} = 0x{:x};'.format(k, v)) | ||
|
|
||
|
|
||
| if __name__ == '__main__': | ||
| main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,22 @@ | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
| DESCRIPTION = '''add an hard-coded value into resultset | ||
| EXAMPLE: | ||
| results = [] | ||
| -> add 80 | ||
| result = [80] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('add', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('value', type=int) | ||
| return p | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| return addresses + [args.value] | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
| DESCRIPTION = '''add an hard-coded value into resultset | ||
| EXAMPLE: | ||
| results = [] | ||
| -> add 80 | ||
| result = [80] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('add', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('value') | ||
| return p | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| return addresses + [eval(args.value)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,32 +1,33 @@ | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
|
|
||
| DESCRIPTION = '''adds a python-range to resultset | ||
| EXAMPLE: | ||
| result = [0, 0x200] | ||
| -> add-offset-range 0 4 8 | ||
| result = [0, 4, 8, 0x200, 0x204, 0x208] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('add-offset-range', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('start', type=int) | ||
| p.add_argument('end', type=int) | ||
| p.add_argument('step', type=int) | ||
| return p | ||
|
|
||
|
|
||
| def add_offset_range(addresses, start, end, step): | ||
| for ea in addresses: | ||
| for i in range(start, end, step): | ||
| yield ea + i | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| gen = add_offset_range(addresses, args.start, args.end, args.step) | ||
| return list(gen) | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
|
|
||
| DESCRIPTION = '''adds a python-range to resultset | ||
| EXAMPLE: | ||
| result = [0, 0x200] | ||
| -> add-offset-range 0 4 8 | ||
| result = [0, 4, 8, 0x200, 0x204, 0x208] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('add-offset-range', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('start') | ||
| p.add_argument('end') | ||
| p.add_argument('step') | ||
| return p | ||
|
|
||
|
|
||
| def add_offset_range(addresses, start, end, step): | ||
| for ea in addresses: | ||
| for i in range(start, end, step): | ||
| yield ea + i | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| gen = add_offset_range(addresses, eval(args.start), eval(args.end), | ||
| eval(args.step)) | ||
| return list(gen) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,9 @@ | ||
| ppc32-big-find-all = keystone-find-opcodes KS_ARCH_PPC KS_MODE_BIG_ENDIAN|KS_MODE_PPC32 | ||
| ppc32-find-all = keystone-find-opcodes --bele KS_ARCH_PPC KS_MODE_PPC32 | ||
| ppc32-big-verify = keystone-verify-opcodes KS_ARCH_PPC KS_MODE_BIG_ENDIAN|KS_MODE_PPC32 | ||
| ppc32-verify = keystone-verify-opcodes --bele KS_ARCH_PPC KS_MODE_PPC32 | ||
| arm-find-all = keystone-find-opcodes --bele KS_ARCH_ARM KS_MODE_ARM | ||
| thumb-find-all = keystone-find-opcodes --bele KS_ARCH_ARM KS_MODE_THUMB | ||
| arm-verify = keystone-verify-opcodes --bele KS_ARCH_ARM KS_MODE_ARM | ||
| find-imm = find-immediate | ||
| ppc32-big-find-all = keystone-find-opcodes KS_ARCH_PPC KS_MODE_BIG_ENDIAN|KS_MODE_PPC32 | ||
| ppc32-find-all = keystone-find-opcodes --bele KS_ARCH_PPC KS_MODE_PPC32 | ||
| ppc32-big-verify = keystone-verify-opcodes KS_ARCH_PPC KS_MODE_BIG_ENDIAN|KS_MODE_PPC32 | ||
| ppc32-verify = keystone-verify-opcodes --bele KS_ARCH_PPC KS_MODE_PPC32 | ||
| arm-find-all = keystone-find-opcodes --bele KS_ARCH_ARM KS_MODE_ARM | ||
| thumb-find-all = keystone-find-opcodes --bele KS_ARCH_ARM KS_MODE_THUMB | ||
| arm-verify = keystone-verify-opcodes --bele KS_ARCH_ARM KS_MODE_ARM | ||
| find-imm = find-immediate | ||
| save = store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,26 @@ | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
| DESCRIPTION = '''align results to given base (round-up) | ||
| EXAMPLE: | ||
| results = [0, 2, 4, 6, 8] | ||
| -> align 4 | ||
| results = [0, 4, 4, 8, 8] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('align', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('value', type=int) | ||
| return p | ||
|
|
||
|
|
||
| def align(addresses, value): | ||
| return [((ea + (value - 1)) // value) * value for ea in addresses] | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| return list(align(addresses, args.value)) | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
| DESCRIPTION = '''align results to given base (round-up) | ||
| EXAMPLE: | ||
| results = [0, 2, 4, 6, 8] | ||
| -> align 4 | ||
| results = [0, 4, 4, 8, 8] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('align', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('value') | ||
| return p | ||
|
|
||
|
|
||
| def align(addresses, value): | ||
| return [((ea + (value - 1)) // value) * value for ea in addresses] | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| return list(align(addresses, eval(args.value))) |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| from argparse import RawTextHelpFormatter | ||
| from fa import utils | ||
|
|
||
| DESCRIPTION = '''branch unconditionally to label | ||
| EXAMPLE: | ||
| results = [] | ||
| add 1 | ||
| -> b skip | ||
| add 2 | ||
| label skip | ||
| add 3 | ||
| results = [1, 3] | ||
| ''' | ||
|
|
||
|
|
||
| def get_parser(): | ||
| p = utils.ArgumentParserNoExit('b', | ||
| description=DESCRIPTION, | ||
| formatter_class=RawTextHelpFormatter) | ||
| p.add_argument('label', help='label to jump to') | ||
| return p | ||
|
|
||
|
|
||
| def run(segments, args, addresses, interpreter=None, **kwargs): | ||
| interpreter.set_pc(args.label) | ||
| # pc is incremented by 1, after each instruction | ||
| interpreter.dec_pc() | ||
| return addresses |
Oops, something went wrong.