diff options
| author | bloodstalker <thabogre@gmail.com> | 2018-03-12 13:00:46 +0000 |
|---|---|---|
| committer | bloodstalker <thabogre@gmail.com> | 2018-03-12 13:00:46 +0000 |
| commit | ab8c8bf7f6d5fec080cfae5155ae891af214674f (patch) | |
| tree | 97c01489d3b17cf7e6ed5e6913ef5594c849a88a /bruiser | |
| parent | the jmp table is working now. you get member set and get methods, and an iter... (diff) | |
| download | mutator-ab8c8bf7f6d5fec080cfae5155ae891af214674f.tar.gz mutator-ab8c8bf7f6d5fec080cfae5155ae891af214674f.zip | |
added a lua module for asmrewriter, will soon add docs. you can try the new module by running asmtest.lua or demo2.lua did some cosmetic fixes to load bfd so it doesnt suck as hard when you get dumps
Diffstat (limited to 'bruiser')
| -rw-r--r-- | bruiser/asmrewriter.c | 2 | ||||
| -rw-r--r-- | bruiser/bruiser.cpp | 1 | ||||
| -rw-r--r-- | bruiser/bruisercapstone.c | 4 | ||||
| -rw-r--r-- | bruiser/lua-scripts/asmrw.lua | 53 | ||||
| -rw-r--r-- | bruiser/lua-scripts/asmtest.lua | 23 | ||||
| -rw-r--r-- | bruiser/lua-scripts/demo2.lua | 56 | ||||
| -rw-r--r-- | bruiser/lua-scripts/xobj.lua | 2 |
7 files changed, 110 insertions, 31 deletions
diff --git a/bruiser/asmrewriter.c b/bruiser/asmrewriter.c index 2e3a98d..e126577 100644 --- a/bruiser/asmrewriter.c +++ b/bruiser/asmrewriter.c @@ -259,7 +259,7 @@ static int jmpt_tostring(lua_State* __ls) { } static const luaL_Reg jmpt_methods[] = { - {"new", new_jmpt}, + {"new", new_jmpt_2}, {"set_type", jmpt_set_type}, {"set_location", jmpt_set_location}, {"set_size", jmpt_set_size}, diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index 8b00b5e..ea2add1 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -1605,7 +1605,6 @@ class LuaWrapper auto head = makejmptable(size, code_v.data(), Verbose, __ls); jmpt_push_args(__ls, head); new_jmpt_2(__ls); - dumpjmptable(head); return 1; } diff --git a/bruiser/bruisercapstone.c b/bruiser/bruisercapstone.c index 9f85f1b..f8dff64 100644 --- a/bruiser/bruisercapstone.c +++ b/bruiser/bruisercapstone.c @@ -226,7 +226,6 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls) size_t size_counter = 0; JMP_S_T* head = push_jmpt(__ls); - //JMP_S_T* head = malloc(sizeof(JMP_S_T)); JMP_S_T* tail; head->type = NONE; head->next = NULL; @@ -264,7 +263,6 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls) tail->address = address; tail->size = insn[j].size; JMP_S_T* dummy = push_jmpt(__ls); - //JMP_S_T* dummy = malloc(sizeof(JMP_S_T)); tail->next = dummy; tail = dummy; } @@ -284,7 +282,6 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls) tail->address = address; tail->size = insn[j].size; JMP_S_T* dummy = push_jmpt(__ls); - //JMP_S_T* dummy = malloc(sizeof(JMP_S_T)); tail->next = dummy; tail = dummy; } @@ -304,7 +301,6 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls) tail->address = address; tail->size = insn[j].size; JMP_S_T* dummy = push_jmpt(__ls); - //JMP_S_T* dummy = malloc(sizeof(JMP_S_T)); tail->next = dummy; tail = dummy; } diff --git a/bruiser/lua-scripts/asmrw.lua b/bruiser/lua-scripts/asmrw.lua new file mode 100644 index 0000000..2f68d2b --- /dev/null +++ b/bruiser/lua-scripts/asmrw.lua @@ -0,0 +1,53 @@ +------------------------------------------------Project Mutator----------------------------------------------- +--bruiser's asmrw module +--Copyright (C) 2018 Farzad Sadeghi + +--This program is free software; you can redistribute it and/or +--modify it under the terms of the GNU General Public License +--as published by the Free Software Foundation; either version 2 +--of the License, or (at your option) any later version. + +--This program is distributed in the hope that it will be useful, +--but WITHOUT ANY WARRANTY; without even the implied warranty of +--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +--GNU General Public License for more details. + +--You should have received a copy of the GNU General Public License +--along with this program; if not, write to the Free Software +--Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +-------------------------------------------------------------------------------------------------------------- +--start of asmrewriter module +local asmrw = {} +xobj = require("lua-scripts.xobj") + +setmetatable(jmp_s_t, {__call = + function(self, arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) + local t = self.new(arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) + print("created", t) + return t + end + } +) + +function jmp_s_t:dump(msg) + print(msg, self:custom()) + return self +end + +function asmrw.get_head(elf_exe) + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + return head +end + +function asmrw.get_jmp(location) + while head:inext() ~= nil do + if head:location() == location then return head end + head = head:inext() + end +end + +--end of asmrewriter module +return asmrw +-------------------------------------------------------------------------------------------------------------- + diff --git a/bruiser/lua-scripts/asmtest.lua b/bruiser/lua-scripts/asmtest.lua index 83b523a..ac5730e 100644 --- a/bruiser/lua-scripts/asmtest.lua +++ b/bruiser/lua-scripts/asmtest.lua @@ -1,10 +1,21 @@ + +xobj = require("lua-scripts.xobj") +asmrw = require("lua-scripts.asmrw") + function test() - print("running asmtest.lua") - --for k,v in pairs(jmp_s_t) do print(k,v) end - local t = jmp_s_t.new() - print(t) - t:set_type(3) - print(t.type) + local elf_exe = "../bfd/test/test" + local text_section = xobj.getTextSection(elf_exe) + local head = jmp_s_t() + -- messes up the stack. I could fix it but not sure why i would want to keep this in + --local head2 = jmp_s_t:new() + head = getjmptable(#text_section, text_section) + + while head:inext() ~= nil do + head:dump("entry") + io.write("type:", head:type(), "\tlocation:", "0x"..string.format("%x", head:location())) + print() + head = head:inext() + end end test() diff --git a/bruiser/lua-scripts/demo2.lua b/bruiser/lua-scripts/demo2.lua index de13c58..db840fc 100644 --- a/bruiser/lua-scripts/demo2.lua +++ b/bruiser/lua-scripts/demo2.lua @@ -4,6 +4,13 @@ colors = require("ansicolors") elf_file = "../bfd/test/test.so" elf_exe = "../bfd/test/test" +function get_jmp_type(val) + if val == 1 then return "JMP" end + if val == 2 then return "JNE" end + if val == 3 then return "JE" end + return "U" +end + function main() xobj.getSO(elf_file) local add2_code = xobj.codeTableByName_number("'add2'") @@ -27,7 +34,7 @@ end function pretty_dump() count = 0 - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) io.write(colors("%{blue}".." ".."\t".."00 ".."01 ".."02 ".."03 ".."04 ".."05 ".."06 ".."07 ".."08 ".."09 ".."0A ".."0B ".."0C ".."0D ".."0E ".."0F")) for k,v in pairs(text_section) do if count % 16 == 0 then @@ -42,28 +49,17 @@ function pretty_dump() end function test() - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) dummy = xobj.CSDump(text_section) print(dummy) end -function asm_rewriter() - local text_section = xobj.getTextSection() - local head = getjmptable(#text_section, text_section) - print("head value is",head) - dumpjmptable(head) - freejmptable(haed) -end - setmetatable(jmp_s_t, {__call = function(self, arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) local t = self.new(arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) print("created", t) return t end}) -setmetatable(jmp_s_t, {__index = function(self, arg1) -end}) - function jmp_s_t:show(msg) print(msg, self, self:custom()) return self @@ -86,21 +82,45 @@ function jmp_t_test() end function integ_test() - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) local head = getjmptable(#text_section, text_section) head:show("XXXXXhead is") print("head location is ", head:location()) while head:inext() ~= nil do - --for i=1,11,1 do head:show("next is") head = head:inext() - --if head:type() == 0 then break end end end +function asm_rewriter_pretty() + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + while head:inext() ~= nil do + io.write(colors("%{blue}".."type:"),colors("%{green}"..get_jmp_type(head:type())),"\t",colors("%{blue}".."location:"),colors("%{green}".."0x"..string.format("%x",head:location())),"\t",colors("%{blue}".."size:"),colors("%{green}"..head:size()),"\n") + head = head:inext() + end + freejmptable(haed) +end + +function dump_jmp_table() + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + while head:inext() ~= nil do + io.write("type:", head:type(), "\tlocation:", "0x"..string.format("%x", head:location())) + print() + head = head:inext() + end +end + +function get_jmp_table() + local text_section = xobj.getTextSection(elf_exe) + return getjmptable(#text_section, text_section) +end + --main() --pretty_dump() --test() ---asm_rewriter() --jmp_t_test() -integ_test() +--integ_test() +--asm_rewriter_pretty() +dump_jmp_table() diff --git a/bruiser/lua-scripts/xobj.lua b/bruiser/lua-scripts/xobj.lua index 81d0bc0..8453a93 100644 --- a/bruiser/lua-scripts/xobj.lua +++ b/bruiser/lua-scripts/xobj.lua @@ -129,7 +129,7 @@ function xobj.printFuncSizes() end end -function xobj.getTextSection() +function xobj.getTextSection(elf_exe) return objload("elf_get_text_section", elf_exe, "bytes") end |