aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--bruiser/asmrewriter.c73
-rw-r--r--bruiser/asmrewriter.h11
-rw-r--r--bruiser/bruiser.cpp8
-rw-r--r--bruiser/bruisercapstone.c72
-rw-r--r--bruiser/bruisercapstone.h5
-rw-r--r--bruiser/lua-scripts/demo2.lua15
-rw-r--r--bruiser/makefile2
7 files changed, 125 insertions, 61 deletions
diff --git a/bruiser/asmrewriter.c b/bruiser/asmrewriter.c
index 0cff6d6..2e3a98d 100644
--- a/bruiser/asmrewriter.c
+++ b/bruiser/asmrewriter.c
@@ -41,13 +41,60 @@ static JMP_S_T* check_jmpt(lua_State* __ls, int index) {
}
JMP_S_T* push_jmpt(lua_State* __ls) {
- JMP_S_T* dummy = (JMP_S_T*)lua_newuserdata(__ls, sizeof(JMP_S_T));
+ lua_checkstack(__ls, 1);
+ JMP_S_T* dummy = lua_newuserdata(__ls, sizeof(JMP_S_T));
luaL_getmetatable(__ls, "jmp_s_t");
lua_setmetatable(__ls, -2);
return dummy;
}
-static int new_jmpt(lua_State* __ls) {
+int jmpt_push_args(lua_State* __ls, JMP_S_T* jmpt) {
+ lua_checkstack(__ls, 12);
+ lua_pushinteger(__ls, jmpt->type);
+ lua_pushinteger(__ls, jmpt->location);
+ lua_pushinteger(__ls, jmpt->size);
+ lua_pushlightuserdata(__ls, jmpt->next);
+ lua_pushlightuserdata(__ls, jmpt->next_y);
+ lua_pushlightuserdata(__ls, jmpt->next_n);
+ lua_pushinteger(__ls, jmpt->address);
+ lua_pushinteger(__ls, jmpt->address_y);
+ lua_pushinteger(__ls, jmpt->address_n);
+ lua_pushinteger(__ls, jmpt->y);
+ lua_pushinteger(__ls, jmpt->n);
+ lua_pushinteger(__ls, jmpt->z);
+}
+
+int new_jmpt_2(lua_State* __ls) {
+ lua_checkstack(__ls, 12);
+ JMP_T jmp_t = luaL_optinteger(__ls, -12, 0);
+ uint64_t location = luaL_optinteger(__ls, -11, 0);
+ uint8_t size = luaL_optinteger(__ls, -10, 0);
+ JMP_S_T* next = lua_touserdata(__ls, -9);
+ JMP_S_T* next_y = lua_touserdata(__ls, -8);
+ JMP_S_T* next_n = lua_touserdata(__ls, -7);
+ uint64_t address = luaL_optinteger(__ls, -6, 0);
+ uint64_t address_y = luaL_optinteger(__ls, -5, 0);
+ uint64_t address_n = luaL_optinteger(__ls, -4, 0);
+ unsigned char y = luaL_optinteger(__ls, -3, 0);
+ unsigned char n = luaL_optinteger(__ls, -2, 0);
+ unsigned char z = luaL_optinteger(__ls, -1, 0);
+ JMP_S_T* dummy = push_jmpt(__ls);
+ dummy->type = jmp_t;
+ dummy->location = location;
+ dummy->size = size;
+ dummy->next = next;
+ dummy->next_y = next_y;
+ dummy->next_n = next_n;
+ dummy->address = address;
+ dummy->address_y = address_y;
+ dummy->address_n = address_n;
+ dummy->y = y;
+ dummy->n = n;
+ dummy->z = z;
+ return 1;
+}
+
+int new_jmpt(lua_State* __ls) {
lua_checkstack(__ls, 12);
JMP_T jmp_t = luaL_optinteger(__ls, 1, 0);
uint64_t location = luaL_optinteger(__ls, 2, 0);
@@ -123,22 +170,36 @@ X_LIST_GEN
static int next(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls, 1);
+ lua_pop(__ls, -1);\
lua_pushlightuserdata(__ls, dummy->next);
return 1;
}
static int next_y(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls, 1);
+ lua_pop(__ls, -1);\
lua_pushlightuserdata(__ls, dummy->next_y);
return 1;
}
static int next_n(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls, 1);
+ lua_pop(__ls, -1);\
lua_pushlightuserdata(__ls, dummy->next_n);
return 1;
}
+static int inext(lua_State* __ls) {
+ JMP_S_T* dummy = check_jmpt(__ls, 1);
+ if (dummy->next != NULL) {
+ jmpt_push_args(__ls, dummy->next);
+ new_jmpt_2(__ls);
+ } else {
+ lua_pushnil(__ls);
+ }
+ return 1;
+}
+
#define SET_GENERATOR(X) \
static int jmpt_set_##X(lua_State* __ls) {\
JMP_S_T* dummy = check_jmpt(__ls,1);\
@@ -164,20 +225,21 @@ X_LIST_GEN
#undef X_LIST_GEN
#undef SET_GENERATOR
-static int jmpt_set_next(lua_State* __ls) {
+int jmpt_set_next(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls,1);
dummy->next = luaL_checkudata(__ls, 2, "jmp_s_t");
lua_settop(__ls, 1);
return 1;
}
-static int jmpt_set_next_y(lua_State* __ls) {
+int jmpt_set_next_y(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls,1);
dummy->next_y = luaL_checkudata(__ls, 2, "jmp_s_t");
lua_settop(__ls, 1);
return 1;
}
-static int jmpt_set_next_n(lua_State* __ls) {
+
+int jmpt_set_next_n(lua_State* __ls) {
JMP_S_T* dummy = check_jmpt(__ls,1);
dummy->next_n = luaL_checkudata(__ls, 2, "jmp_s_t");
lua_settop(__ls, 1);
@@ -223,6 +285,7 @@ static const luaL_Reg jmpt_methods[] = {
{"y", y},
{"n", n},
{"z", z},
+ {"inext", inext},
{0,0}
};
diff --git a/bruiser/asmrewriter.h b/bruiser/asmrewriter.h
index d700a8d..c8b69c0 100644
--- a/bruiser/asmrewriter.h
+++ b/bruiser/asmrewriter.h
@@ -35,7 +35,9 @@ extern "C" {
static JMP_S_T* convert_jmpt(lua_State* __ls, int index);
static JMP_S_T* check_jmpt(lua_State* __ls, int index);
JMP_S_T* push_jmpt(lua_State* __ls);
-static int new_jmpt(lua_State* __ls);
+int jmpt_push_args(lua_State* __ls, JMP_S_T* jmpt);
+int new_jmpt_2(lua_State* __ls);
+int new_jmpt(lua_State* __ls);
static int jmpt_custom(lua_State* __ls);
#define SET_GENERATOR(X) \
@@ -56,7 +58,7 @@ static int jmpt_custom(lua_State* __ls);
X_LIST_GEN
#undef X
#undef X_LIST_GEN
-#undef SET_GENERATOR
+#undef GET_GENERATOR
#define GET_GENERATOR(X) \
static int X(lua_State* __ls);
@@ -79,9 +81,10 @@ X_LIST_GEN
#undef SET_GENERATOR
static int next(lua_State* __ls);
-static int next(lua_State* __ls);
-static int next(lua_State* __ls);
+static int next_y(lua_State* __ls);
+static int next_n(lua_State* __ls);
+static int inext(lua_State* __ls);
static int jmpt_set_next(lua_State* __ls);
static int jmpt_set_next_y(lua_State* __ls);
static int jmpt_set_next_n(lua_State* __ls);
diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp
index ae7359a..8b00b5e 100644
--- a/bruiser/bruiser.cpp
+++ b/bruiser/bruiser.cpp
@@ -1602,10 +1602,10 @@ class LuaWrapper
if (numargs != 2) {PRINT_WITH_COLOR_LB(RED, "expected exactly two args. did not get that.");return 0;}
uint64_t size = lua_tointeger(__ls, 1);
std::vector<uint8_t> code_v = getLuaTableInt<uint8_t>(__ls, 2, 2);
- JMP_S_T* head = makejmptable(size, code_v.data(), Verbose);
- JMP_S_T* dummy = push_jmpt(__ls);
- dummy = head;
- dumpjmptable(dummy);
+ auto head = makejmptable(size, code_v.data(), Verbose, __ls);
+ jmpt_push_args(__ls, head);
+ new_jmpt_2(__ls);
+ dumpjmptable(head);
return 1;
}
diff --git a/bruiser/bruisercapstone.c b/bruiser/bruisercapstone.c
index 21b1743..9f85f1b 100644
--- a/bruiser/bruisercapstone.c
+++ b/bruiser/bruisercapstone.c
@@ -21,6 +21,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*
/**********************************************************************************************************************/
#include "./bruisercapstone.h"
#include "./devi_extra.h"
+#include "./asmrewriter.h"
+#include "./lua-5.3.4/src/lua.h"
+#include "./lua-5.3.4/src/lauxlib.h"
+#include "./lua-5.3.4/src/lualib.h"
#include <capstone/capstone.h>
#include <errno.h>
#include <inttypes.h>
@@ -213,7 +217,7 @@ int call_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj) {
}
/**********************************************************************************************************************/
/**********************************************************************************************************************/
-JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
+JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls) {
csh handle;
cs_insn* insn;
size_t count;
@@ -221,8 +225,9 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
uint8_t code[16];
size_t size_counter = 0;
- JMP_S_T* head = malloc(sizeof(JMP_S_T));
- JMP_S_T* tail = malloc(sizeof(JMP_S_T));
+ JMP_S_T* head = push_jmpt(__ls);
+ //JMP_S_T* head = malloc(sizeof(JMP_S_T));
+ JMP_S_T* tail;
head->type = NONE;
head->next = NULL;
tail = head;
@@ -254,12 +259,12 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
if (Verbose) printf(RED"%jx\n", address);
if (Verbose) printf(RED"%d\n", insn[j].size);
#endif
- JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
- dummy->location = insn[j].address;
- dummy->type = JMP;
- dummy->address = address;
- dummy->size = insn[j].size;
- dummy->next = NULL;
+ tail->location = insn[j].address;
+ tail->type = JMP;
+ tail->address = address;
+ tail->size = insn[j].size;
+ JMP_S_T* dummy = push_jmpt(__ls);
+ //JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
tail->next = dummy;
tail = dummy;
}
@@ -274,12 +279,12 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
if (Verbose) printf(RED"%jx\n", address);
if (Verbose) printf(RED"%d\n", insn[j].size);
#endif
- JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
- dummy->location = insn[j].address;
- dummy->type = JE;
- dummy->address_y = address;
- dummy->size = insn[j].size;
- dummy->next = NULL;
+ tail->location = insn[j].address;
+ tail->type = JE;
+ tail->address = address;
+ tail->size = insn[j].size;
+ JMP_S_T* dummy = push_jmpt(__ls);
+ //JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
tail->next = dummy;
tail = dummy;
}
@@ -294,12 +299,12 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
if (Verbose) printf(RED"%lx\n", address);
if (Verbose) printf(RED"%d\n", insn[j].size);
#endif
- JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
- dummy->location = insn[j].address;
- dummy->type = JNE;
- dummy->address_y = address;
- dummy->size = insn[j].size;
- dummy->next = NULL;
+ tail->location = insn[j].address;
+ tail->type = JNE;
+ tail->address = address;
+ tail->size = insn[j].size;
+ JMP_S_T* dummy = push_jmpt(__ls);
+ //JMP_S_T* dummy = malloc(sizeof(JMP_S_T));
tail->next = dummy;
tail = dummy;
}
@@ -317,6 +322,7 @@ JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose) {
printf("ERROR!!!\n");
}
cs_close(&handle);
+ tail->next = NULL;
return head;
}
/**********************************************************************************************************************/
@@ -333,7 +339,7 @@ int freejmptable(JMP_S_T* _head) {
/**********************************************************************************************************************/
int dumpjmptable(JMP_S_T* current) {
while (current != NULL) {
- printf("jump location: %ld", current->location);
+ printf("jump location: %lx", current->location);
printf("\tjump address: %lu", current->address);
printf("\tjump type: %d", current->type);
printf("\tjump next: %x", &current->next);
@@ -393,27 +399,13 @@ int main(int argc, char** argv) {
ks_write(KS_ARCH_X86, KS_MODE_64, "add rax, rcx", 0, encode);
ks_free(encode);
-#if 0
- head = malloc(sizeof(JMP_S_T));
- tail = malloc(sizeof(JMP_S_T));
- head->type = NONE;
- head->next = NULL;
- tail = head;
-#endif
uint8_t asm_code3[834];
- JMP_S_T* current = makejmptable(834, CODE_3, true);
+ lua_State* L = luaL_newstate();
+ JMP_S_T* current = makejmptable(834, CODE_3, true, L);
-#if 0
- while (current != NULL) {
- printf("jump location: %lx", current->location);
- printf("\tjump address: %lu", current->address);
- printf("\tjump type: %d", current->type);
- printf("\tinstruction size: %d\n", current->size);
- current = current->next;
- }
-#endif
dumpjmptable(current);
- freejmptable(current);
+ lua_close(L);
+ //freejmptable(current);
return 0;
}
diff --git a/bruiser/bruisercapstone.h b/bruiser/bruisercapstone.h
index 1b4879f..8d97220 100644
--- a/bruiser/bruisercapstone.h
+++ b/bruiser/bruisercapstone.h
@@ -18,6 +18,9 @@ You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/
/**********************************************************************************************************************/
+#include "./lua-5.3.4/src/lua.h"
+#include "./lua-5.3.4/src/lauxlib.h"
+#include "./lua-5.3.4/src/lualib.h"
#include <capstone/capstone.h>
#include <keystone/keystone.h>
#include <stdint.h>
@@ -62,7 +65,7 @@ void leb128_decode_u(uint32_t value, uint8_t* ret_value, size_t size);
int ks_write(ks_arch arch, int mode, const char* assembly, int syntax, unsigned char* encode);
int global_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj);
int call_rewriter(int offset, size_t size, uint8_t* asm_code, const char* obj);
-JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose);
+JMP_S_T* makejmptable(size_t size, uint8_t* obj, bool Verbose, lua_State* __ls);
int freejmptable(JMP_S_T* _head);
int dumpjmptable(JMP_S_T* head);
void jmprewriter_j(JMP_S_T* jmp, uint8_t* code, JMP_T type, uint8_t* rewritten);
diff --git a/bruiser/lua-scripts/demo2.lua b/bruiser/lua-scripts/demo2.lua
index fc50cc1..de13c58 100644
--- a/bruiser/lua-scripts/demo2.lua
+++ b/bruiser/lua-scripts/demo2.lua
@@ -61,6 +61,9 @@ setmetatable(jmp_s_t, {__call = function(self, arg1,arg2,arg3,arg4,arg5,arg6,arg
return t
end})
+setmetatable(jmp_s_t, {__index = function(self, arg1)
+end})
+
function jmp_s_t:show(msg)
print(msg, self, self:custom())
return self
@@ -84,14 +87,14 @@ end
function integ_test()
local text_section = xobj.getTextSection()
- local head = jmp_s_t.new()
- head = getjmptable(#text_section, text_section)
+ local head = getjmptable(#text_section, text_section)
head:show("XXXXXhead is")
- print(head:location())
- --while head:next() ~= nil do
- for i=1,11,1 do
- head = head:next()
+ print("head location is ", head:location())
+ while head:inext() ~= nil do
+ --for i=1,11,1 do
head:show("next is")
+ head = head:inext()
+ --if head:type() == 0 then break end
end
end
diff --git a/bruiser/makefile b/bruiser/makefile
index 5f16931..31a6892 100644
--- a/bruiser/makefile
+++ b/bruiser/makefile
@@ -52,7 +52,7 @@ $(LIB_LUA_JIT):
$(MAKE) -C LuaJIT
@echo "building with jit"
-$(BRUISER): $(BRUISER).o ../mutator_aux.o ../tinyxml2/tinyxml2.o linenoise.o CompletionHints.o mutagen.o ORCmutation.o bruiserffi.o bruisercapstone.o asmrewriter.o $(LIB_LUA)
+$(BRUISER): $(BRUISER).o ../mutator_aux.o ../tinyxml2/tinyxml2.o linenoise.o CompletionHints.o mutagen.o ORCmutation.o bruiserffi.o asmrewriter.o bruisercapstone.o $(LIB_LUA)
$(CXX) $^ $(LD_FLAGS) -o $@
clean:
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 22:10:06 +0000