Example #1
0
func doit(path string) error {
	f, e := pe.Open(path)
	check(e)

	ws, e := workspace.New(workspace.ARCH_X86, workspace.MODE_32)
	check(e)

	loader, e := peloader.New(path, f)
	check(e)

	m, e := loader.Load(ws)
	check(e)

	e = ws.Disassemble(m.EntryPoint, 0x30, os.Stdout)
	check(e)

	emu, e := ws.GetEmulator()
	check(e)

	emu.SetInstructionPointer(m.EntryPoint)

	log.Printf("emudbg: start: 0x%x", emu.GetInstructionPointer())

	e = doloop(emu)
	check(e)

	return nil
}
Example #2
0
func doit(path string) error {
	logrus.SetLevel(logrus.DebugLevel)

	f, e := pe.Open(path)
	check(e)

	persis, e := config.MakeDefaultPersistence()
	check(e)

	ws, e := W.New(W.ARCH_X86, W.MODE_32, persis)
	check(e)

	loader, e := peloader.New(path, f)
	check(e)

	_, e = loader.Load(ws)
	check(e)

	check(config.RegisterDefaultAnalyzers(ws))

	ws.AnalyzeAll()

	return nil
}
Example #3
0
func doit(path string, fva AS.VA) error {
	runtime.LockOSThread()
	logrus.SetLevel(logrus.DebugLevel)

	exe, e := pe.Open(path)
	check(e)

	persis, e := config.MakeDefaultPersistence()
	check(e)

	ws, e := W.New(W.ARCH_X86, W.MODE_32, persis)
	check(e)

	dis, e := ws.GetDisassembler()
	check(e)

	loader, e := peloader.New(path, exe)
	check(e)

	_, e = loader.Load(ws)
	check(e)

	check(config.RegisterDefaultAnalyzers(ws))

	check(ws.MakeFunction(fva))

	f, e := ws.Artifacts.GetFunction(fva)
	check(e)

	fmt.Printf("digraph asm {\n")
	fmt.Printf(" node [shape=plain, style=\"rounded\", fontname=\"courier\"]\n")

	var exploreBBs func(bb *artifacts.BasicBlock) error
	exploreBBs = func(bb *artifacts.BasicBlock) error {
		fmt.Printf("bb_%s [label=<\n", bb.Start)
		fmt.Printf("<TABLE BORDER='1' CELLBORDER='0'>\n")

		insns, e := bb.GetInstructions(dis, ws)
		check(e)
		for _, insn := range insns {

			d, e := ws.MemRead(AS.VA(insn.Address), uint64(insn.Size))
			check(e)

			// format each of those as hex
			var bytesPrefix []string
			for _, b := range d {
				bytesPrefix = append(bytesPrefix, fmt.Sprintf("%02X", b))
			}
			prefix := strings.Join(bytesPrefix, " ")

			fmt.Printf("  <TR>\n")
			fmt.Printf("    <TD ALIGN=\"LEFT\">\n")
			fmt.Printf("      %s\n", AS.VA(insn.Address))
			fmt.Printf("    </TD>\n")
			fmt.Printf("    <TD ALIGN=\"LEFT\">\n")
			fmt.Printf("      %s\n", prefix)
			fmt.Printf("    </TD>\n")
			fmt.Printf("    <TD ALIGN=\"LEFT\">\n")
			fmt.Printf("      %s\n", insn.Mnemonic)
			fmt.Printf("    </TD>\n")
			fmt.Printf("    <TD ALIGN=\"LEFT\">\n")
			fmt.Printf("      %s\n", insn.OpStr)
			fmt.Printf("    </TD>\n")
			fmt.Printf("  </TR>\n")
		}
		fmt.Printf("</TABLE>\n")
		fmt.Printf(">];\n")

		nextBBs, e := bb.GetNextBasicBlocks()
		check(e)

		for _, nextBB := range nextBBs {
			exploreBBs(nextBB)
		}

		for _, nextBB := range nextBBs {
			fmt.Printf("bb_%s -> bb_%s;\n", bb.Start, nextBB.Start)
		}

		return nil
	}

	firstBB, e := f.GetFirstBasicBlock()
	check(e)

	exploreBBs(firstBB)
	defer fmt.Printf("}")

	runtime.UnlockOSThread()
	return nil
}