private void Given_MsdosCode(Action <X86Assembler> coder) { arch = new X86ArchitectureReal(new ServiceContainer(), "x86-real-16"); var asm = new X86Assembler(arch, Address.SegPtr(0x07F0, 0), new List <ImageSymbol>()); asm.Segment("PSP"); asm.Repeat(0x100, m => m.Db(0)); asm.Segment("Code"); coder(asm); asm.Align(0x2000); // make room for a stack. var program = asm.GetImage(); this.segmentMap = program.SegmentMap; Given_Platform(); var msdos = platform.CreateEmulator(program.SegmentMap, importReferences); emu = (X86Emulator)arch.CreateEmulator(program.SegmentMap, msdos); emu.InstructionPointer = Address.SegPtr(0x800, 0); emu.WriteRegister(Registers.cs, 0x0800); emu.WriteRegister(Registers.ds, 0x0800); emu.WriteRegister(Registers.es, 0x0800); emu.WriteRegister(Registers.ss, 0x0800); emu.WriteRegister(Registers.sp, 0x0FFE); emu.ExceptionRaised += delegate { throw new Exception(); }; }
public override Program Load(Address addrLoad) { // First load the file as a PE Executable. This gives us a (writeable) image and // the packed entry point. var pe = CreatePeImageLoader(); var program = pe.Load(pe.PreferredBaseAddress); var rr = pe.Relocate(program, pe.PreferredBaseAddress); this.ImageMap = program.SegmentMap; this.Architecture = (IntelArchitecture)program.Architecture; var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences); var state = (X86State)program.Architecture.CreateProcessorState(); var emu = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32); this.debugger = new Debugger(emu); this.scriptInterpreter = new OllyLang(Services); this.scriptInterpreter.Host = new Host(this); this.scriptInterpreter.Debugger = this.debugger; emu.InstructionPointer = rr.EntryPoints[0].Address; emu.WriteRegister(Registers.esp, (uint)ImageMap.BaseAddress.ToLinear() + 0x1000 - 4u); emu.BeforeStart += emu_BeforeStart; emu.ExceptionRaised += emu_ExceptionRaised; // Load the script. LoadScript(Argument, scriptInterpreter.script); emu.Start(); foreach (var ic in win32.InterceptedCalls) { program.InterceptedCalls.Add(Address.Ptr32(ic.Key), ic.Value); } return(program); }
private ImageSegment InitializeStack(X86Emulator emu) { var stack = new MemoryArea(Address.Ptr32(0x7FE00000), new byte[1024 * 1024]); var stackSeg = this.ImageMap.AddSegment(stack, "stack", AccessMode.ReadWrite); emu.WriteRegister(Registers.esp, (uint)stack.EndAddress.ToLinear() - 4u); return(stackSeg); }
private void Given_Win32Code(Action <X86Assembler> coder) { var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <ImageSymbol>()); coder(asm); var program = asm.GetImage(); this.segmentMap = program.SegmentMap; Given_Platform(); var win32 = new Win32Emulator(program.SegmentMap, platform, importReferences); emu = (X86Emulator)arch.CreateEmulator(program.SegmentMap, win32); emu.InstructionPointer = program.ImageMap.BaseAddress; emu.WriteRegister(Registers.esp, (uint)program.ImageMap.BaseAddress.ToLinear() + 0x0FFC); emu.ExceptionRaised += delegate { throw new Exception(); }; }
private void Given_Code(Action <X86Assembler> coder) { var asm = new X86Assembler(arch, Address.Ptr32(0x00100000), new List <EntryPoint>()); coder(asm); var program = asm.GetImage(); this.image = program.Image; Given_Platform(); var win32 = new Win32Emulator(image, platform, importReferences); emu = new X86Emulator(arch, program.Image, win32); emu.InstructionPointer = program.Image.BaseAddress; emu.WriteRegister(Registers.esp, (uint)program.Image.BaseAddress.ToLinear() + 0x0FFC); emu.ExceptionRaised += delegate { throw new Exception(); }; }
private void emulatorToolStripMenuItem_Click(object sender, EventArgs e) { var sc = new ServiceContainer(); var fs = new FileStream(@"D:\dev\jkl\dec\halsten\decompiler_paq\upx\demo.exe", FileMode.Open); var size = fs.Length; var abImage = new byte[size]; fs.Read(abImage, 0, (int)size); var exe = new ExeImageLoader(sc, "foolexe", abImage); var peLdr = new PeImageLoader(sc, "foo.exe", abImage, exe.e_lfanew); var addr = peLdr.PreferredBaseAddress; var program = peLdr.Load(addr); var rr = peLdr.Relocate(program, addr); var win32 = new Win32Emulator(program.SegmentMap, program.Platform, program.ImportReferences); var emu = new X86Emulator((IntelArchitecture)program.Architecture, program.SegmentMap, win32); emu.InstructionPointer = rr.EntryPoints[0].Address; emu.ExceptionRaised += delegate { throw new Exception(); }; emu.WriteRegister(Registers.esp, (uint)peLdr.PreferredBaseAddress.ToLinear() + 0x0FFC); emu.Start(); }
private void Given_RegValue(RegisterStorage reg, uint value) { emu.WriteRegister(reg, value); }
private void Given_RegValue(IntelRegister reg, uint value) { emu.WriteRegister(reg, value); }