Example #1
0
        private void Given_MsdosCode(Action <X86Assembler> coder)
        {
            arch = new X86ArchitectureReal(new ServiceContainer(), "x86-real-16");
            var asm = new X86Assembler(arch, Address.SegPtr(0x07F0, 0), new List <ImageSymbol>());

            asm.Segment("PSP");
            asm.Repeat(0x100, m => m.Db(0));
            asm.Segment("Code");
            coder(asm);
            asm.Align(0x2000);  // make room for a stack.
            var program = asm.GetImage();

            this.segmentMap = program.SegmentMap;

            Given_Platform();

            var msdos = platform.CreateEmulator(program.SegmentMap, importReferences);

            emu = (X86Emulator)arch.CreateEmulator(program.SegmentMap, msdos);
            emu.InstructionPointer = Address.SegPtr(0x800, 0);
            emu.WriteRegister(Registers.cs, 0x0800);
            emu.WriteRegister(Registers.ds, 0x0800);
            emu.WriteRegister(Registers.es, 0x0800);
            emu.WriteRegister(Registers.ss, 0x0800);
            emu.WriteRegister(Registers.sp, 0x0FFE);
            emu.ExceptionRaised += delegate { throw new Exception(); };
        }
Example #2
0
        public override Program Load(Address addrLoad)
        {
            // First load the file as a PE Executable. This gives us a (writeable) image and
            // the packed entry point.
            var pe      = CreatePeImageLoader();
            var program = pe.Load(pe.PreferredBaseAddress);
            var rr      = pe.Relocate(program, pe.PreferredBaseAddress);

            this.ImageMap     = program.SegmentMap;
            this.Architecture = (IntelArchitecture)program.Architecture;

            var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences);
            var state = (X86State)program.Architecture.CreateProcessorState();
            var emu   = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32);

            this.debugger                   = new Debugger(emu);
            this.scriptInterpreter          = new OllyLang(Services);
            this.scriptInterpreter.Host     = new Host(this);
            this.scriptInterpreter.Debugger = this.debugger;
            emu.InstructionPointer          = rr.EntryPoints[0].Address;
            emu.WriteRegister(Registers.esp, (uint)ImageMap.BaseAddress.ToLinear() + 0x1000 - 4u);
            emu.BeforeStart     += emu_BeforeStart;
            emu.ExceptionRaised += emu_ExceptionRaised;

            // Load the script.
            LoadScript(Argument, scriptInterpreter.script);

            emu.Start();

            foreach (var ic in win32.InterceptedCalls)
            {
                program.InterceptedCalls.Add(Address.Ptr32(ic.Key), ic.Value);
            }
            return(program);
        }
Example #3
0
        private ImageSegment InitializeStack(X86Emulator emu)
        {
            var stack    = new MemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]);
            var stackSeg = this.ImageMap.AddSegment(stack, "stack", AccessMode.ReadWrite);

            emu.WriteRegister(Registers.esp, (uint)stack.EndAddress.ToLinear() - 4u);
            return(stackSeg);
        }
Example #4
0
        private void Given_Win32Code(Action <X86Assembler> coder)
        {
            var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <ImageSymbol>());

            coder(asm);
            var program = asm.GetImage();

            this.segmentMap = program.SegmentMap;

            Given_Platform();

            var win32 = new Win32Emulator(program.SegmentMap, platform, importReferences);

            emu = (X86Emulator)arch.CreateEmulator(program.SegmentMap, win32);
            emu.InstructionPointer = program.ImageMap.BaseAddress;
            emu.WriteRegister(Registers.esp, (uint)program.ImageMap.BaseAddress.ToLinear() + 0x0FFC);
            emu.ExceptionRaised += delegate { throw new Exception(); };
        }
Example #5
0
        private void Given_Code(Action <X86Assembler> coder)
        {
            var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <EntryPoint>());

            coder(asm);
            var program = asm.GetImage();

            this.image = program.Image;

            Given_Platform();

            var win32 = new Win32Emulator(image, platform, importReferences);

            emu = new X86Emulator(arch, program.Image, win32);
            emu.InstructionPointer = program.Image.BaseAddress;
            emu.WriteRegister(Registers.esp, (uint)program.Image.BaseAddress.ToLinear() + 0x0FFC);
            emu.ExceptionRaised += delegate { throw new Exception(); };
        }
Example #6
0
        private void emulatorToolStripMenuItem_Click(object sender, EventArgs e)
        {
            var sc      = new ServiceContainer();
            var fs      = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open);
            var size    = fs.Length;
            var abImage = new byte[size];

            fs.Read(abImage, 0, (int)size);
            var exe     = new ExeImageLoader(sc, "foolexe", abImage);
            var peLdr   = new PeImageLoader(sc, "foo.exe", abImage, exe.e_lfanew);
            var addr    = peLdr.PreferredBaseAddress;
            var program = peLdr.Load(addr);
            var rr      = peLdr.Relocate(program, addr);
            var win32   = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences);
            var emu     = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32);

            emu.InstructionPointer = rr.EntryPoints[0].Address;
            emu.ExceptionRaised   += delegate { throw new Exception(); };
            emu.WriteRegister(Registers.esp, (uint)peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC);
            emu.Start();
        }
Example #7
0
 private void Given_RegValue(RegisterStorage reg, uint value)
 {
     emu.WriteRegister(reg, value);
 }
Example #8
0
 private void Given_RegValue(IntelRegister reg, uint value)
 {
     emu.WriteRegister(reg, value);
 }