Exemplo n.º 1
0
func MemReadPointer(as AS.AddressSpace, va AS.VA, mode Mode) (AS.VA, error) {
	if mode == MODE_32 {
		var data uint32
		d, e := as.MemRead(va, 0x4)
		if e != nil {
			return AS.VA(0), e
		}

		p := bytes.NewBuffer(d)
		binary.Read(p, binary.LittleEndian, &data)
		return AS.VA(uint64(data)), nil
	} else if mode == MODE_64 {
		var data uint64
		d, e := as.MemRead(va, 0x8)
		if e != nil {
			return AS.VA(0), e
		}

		p := bytes.NewBuffer(d)
		binary.Read(p, binary.LittleEndian, &data)
		return AS.VA(uint64(data)), nil
	} else {
		return 0, InvalidModeError
	}
}
Exemplo n.º 2
0
func DumpMemoryRegions(as AS.AddressSpace) error {
	fmt.Printf("=== memory map ===\n")
	mmaps, e := as.GetMaps()
	check(e)
	for _, region := range mmaps {
		fmt.Printf("  name: %s\n", region.Name)
		fmt.Printf("    address: %s\n", region.Address)
		fmt.Printf("    length: %x\n", region.Length)
	}
	return nil
}
Exemplo n.º 3
0
// ReadInstruction fetches bytes from the provided address space at the given
//  address and parses them into a single instruction instance.
func (dis *GapstoneDisassembler) ReadInstruction(as AS.AddressSpace, va AS.VA) (gapstone.Instruction, error) {
	d, e := as.MemRead(va, uint64(MAX_INSN_SIZE))
	if e != nil {
		logrus.Warnf("read instruction invalid: %s 0x%x", va, MAX_INSN_SIZE)
	}
	check(e)
	if e != nil {
		return gapstone.Instruction{}, AS.ErrInvalidMemoryRead
	}

	n := gapstone.Engine(*dis)
	insns, e := n.Disasm(d, uint64(va), 1)
	check(e)
	if e != nil {
		return gapstone.Instruction{}, ErrFailedToDisassembleInstruction
	}

	if len(insns) == 0 {
		return gapstone.Instruction{}, ErrFailedToDisassembleInstruction
	}

	insn := insns[0]
	return insn, nil
}
Exemplo n.º 4
0
func ProbeMemory(as AS.AddressSpace, va AS.VA, size uint64) bool {
	_, e := as.MemRead(va, size)
	return e == nil
}