diff options
Diffstat (limited to 'bruiser/lua-scripts')
-rw-r--r-- | bruiser/lua-scripts/asmrw.lua | 53 | ||||
-rw-r--r-- | bruiser/lua-scripts/asmtest.lua | 23 | ||||
-rw-r--r-- | bruiser/lua-scripts/demo2.lua | 56 | ||||
-rw-r--r-- | bruiser/lua-scripts/xobj.lua | 2 |
4 files changed, 109 insertions, 25 deletions
diff --git a/bruiser/lua-scripts/asmrw.lua b/bruiser/lua-scripts/asmrw.lua new file mode 100644 index 0000000..2f68d2b --- /dev/null +++ b/bruiser/lua-scripts/asmrw.lua @@ -0,0 +1,53 @@ +------------------------------------------------Project Mutator----------------------------------------------- +--bruiser's asmrw module +--Copyright (C) 2018 Farzad Sadeghi + +--This program is free software; you can redistribute it and/or +--modify it under the terms of the GNU General Public License +--as published by the Free Software Foundation; either version 2 +--of the License, or (at your option) any later version. + +--This program is distributed in the hope that it will be useful, +--but WITHOUT ANY WARRANTY; without even the implied warranty of +--MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +--GNU General Public License for more details. + +--You should have received a copy of the GNU General Public License +--along with this program; if not, write to the Free Software +--Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +-------------------------------------------------------------------------------------------------------------- +--start of asmrewriter module +local asmrw = {} +xobj = require("lua-scripts.xobj") + +setmetatable(jmp_s_t, {__call = + function(self, arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) + local t = self.new(arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) + print("created", t) + return t + end + } +) + +function jmp_s_t:dump(msg) + print(msg, self:custom()) + return self +end + +function asmrw.get_head(elf_exe) + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + return head +end + +function asmrw.get_jmp(location) + while head:inext() ~= nil do + if head:location() == location then return head end + head = head:inext() + end +end + +--end of asmrewriter module +return asmrw +-------------------------------------------------------------------------------------------------------------- + diff --git a/bruiser/lua-scripts/asmtest.lua b/bruiser/lua-scripts/asmtest.lua index 83b523a..ac5730e 100644 --- a/bruiser/lua-scripts/asmtest.lua +++ b/bruiser/lua-scripts/asmtest.lua @@ -1,10 +1,21 @@ + +xobj = require("lua-scripts.xobj") +asmrw = require("lua-scripts.asmrw") + function test() - print("running asmtest.lua") - --for k,v in pairs(jmp_s_t) do print(k,v) end - local t = jmp_s_t.new() - print(t) - t:set_type(3) - print(t.type) + local elf_exe = "../bfd/test/test" + local text_section = xobj.getTextSection(elf_exe) + local head = jmp_s_t() + -- messes up the stack. I could fix it but not sure why i would want to keep this in + --local head2 = jmp_s_t:new() + head = getjmptable(#text_section, text_section) + + while head:inext() ~= nil do + head:dump("entry") + io.write("type:", head:type(), "\tlocation:", "0x"..string.format("%x", head:location())) + print() + head = head:inext() + end end test() diff --git a/bruiser/lua-scripts/demo2.lua b/bruiser/lua-scripts/demo2.lua index de13c58..db840fc 100644 --- a/bruiser/lua-scripts/demo2.lua +++ b/bruiser/lua-scripts/demo2.lua @@ -4,6 +4,13 @@ colors = require("ansicolors") elf_file = "../bfd/test/test.so" elf_exe = "../bfd/test/test" +function get_jmp_type(val) + if val == 1 then return "JMP" end + if val == 2 then return "JNE" end + if val == 3 then return "JE" end + return "U" +end + function main() xobj.getSO(elf_file) local add2_code = xobj.codeTableByName_number("'add2'") @@ -27,7 +34,7 @@ end function pretty_dump() count = 0 - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) io.write(colors("%{blue}".." ".."\t".."00 ".."01 ".."02 ".."03 ".."04 ".."05 ".."06 ".."07 ".."08 ".."09 ".."0A ".."0B ".."0C ".."0D ".."0E ".."0F")) for k,v in pairs(text_section) do if count % 16 == 0 then @@ -42,28 +49,17 @@ function pretty_dump() end function test() - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) dummy = xobj.CSDump(text_section) print(dummy) end -function asm_rewriter() - local text_section = xobj.getTextSection() - local head = getjmptable(#text_section, text_section) - print("head value is",head) - dumpjmptable(head) - freejmptable(haed) -end - setmetatable(jmp_s_t, {__call = function(self, arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) local t = self.new(arg1,arg2,arg3,arg4,arg5,arg6,arg7,arg8,arg9,arg10,arg11,arg12) print("created", t) return t end}) -setmetatable(jmp_s_t, {__index = function(self, arg1) -end}) - function jmp_s_t:show(msg) print(msg, self, self:custom()) return self @@ -86,21 +82,45 @@ function jmp_t_test() end function integ_test() - local text_section = xobj.getTextSection() + local text_section = xobj.getTextSection(elf_exe) local head = getjmptable(#text_section, text_section) head:show("XXXXXhead is") print("head location is ", head:location()) while head:inext() ~= nil do - --for i=1,11,1 do head:show("next is") head = head:inext() - --if head:type() == 0 then break end end end +function asm_rewriter_pretty() + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + while head:inext() ~= nil do + io.write(colors("%{blue}".."type:"),colors("%{green}"..get_jmp_type(head:type())),"\t",colors("%{blue}".."location:"),colors("%{green}".."0x"..string.format("%x",head:location())),"\t",colors("%{blue}".."size:"),colors("%{green}"..head:size()),"\n") + head = head:inext() + end + freejmptable(haed) +end + +function dump_jmp_table() + local text_section = xobj.getTextSection(elf_exe) + local head = getjmptable(#text_section, text_section) + while head:inext() ~= nil do + io.write("type:", head:type(), "\tlocation:", "0x"..string.format("%x", head:location())) + print() + head = head:inext() + end +end + +function get_jmp_table() + local text_section = xobj.getTextSection(elf_exe) + return getjmptable(#text_section, text_section) +end + --main() --pretty_dump() --test() ---asm_rewriter() --jmp_t_test() -integ_test() +--integ_test() +--asm_rewriter_pretty() +dump_jmp_table() diff --git a/bruiser/lua-scripts/xobj.lua b/bruiser/lua-scripts/xobj.lua index 81d0bc0..8453a93 100644 --- a/bruiser/lua-scripts/xobj.lua +++ b/bruiser/lua-scripts/xobj.lua @@ -129,7 +129,7 @@ function xobj.printFuncSizes() end end -function xobj.getTextSection() +function xobj.getTextSection(elf_exe) return objload("elf_get_text_section", elf_exe, "bytes") end |