Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    IridiumXOR
    @IridiumXOR
    OK... a little bit sterp further... i have to use IR not IRA..
    IridiumXOR
    @IridiumXOR
    @serpilliere I have another (but related) question: I have introduced all system registers for ARM, AARCH64, MIPS and PPC but I have to introduce them also in Jitcore_ARCH.h in order to use them in IR right?
    serpilliere
    @serpilliere
    @IridiumXOR : for the registers, JiCore_arch.h is only used for the jitter. So if you don't consider jit, you don't need to add them there. The IR is only using regs.py
    @IridiumXOR : for the depgraph:
    I miss read your explaination: If F1 calls F2, and you want to backtrack a register in F2, you first to an analyse in F2 => it should end up in one of the arguments of F2 right?
    And then do a depgraph in F1, starting from the point where it calls F2 using elements computed in the depgraph of F2
    IridiumXOR
    @IridiumXOR
    ok! so is it not possible to track in only one pass? I have to split the execution in two and analyze one at time//
    serpilliere
    @serpilliere
    hum: maybe, it could be possible to inline the IR of F2 in F1.
    IridiumXOR
    @IridiumXOR
    how? it could be a solution, I'm writing an automatic tool for recognize some properties of the operating systems and MMU so if the results are not perfect is not a problem because it is a statistical approach :D
    Sorry it is my first project with MIASM, it is a beautiful tool but I have some problem in order to understand its internal structure
    serpilliere
    @serpilliere
    I haven't tested that, but maybe, once you have found a call to F2 you can:
    • replace the ir code of the call by it's original code (link register and so on)
    • disasm F2/ and convert it to IR
    • link the calling basic block to the F2 IR
    • replace every RET to a POP and link to the original call location.
      But doing that, you won't be able to spot buffer overflow as the RET will be replaced.
    IridiumXOR
    @IridiumXOR
    mmm ok, I will try this strategy :) thanks a lot
    Adrien Guinet
    @aguinet
    @serpilliere : I have FP support
    I have to make some binaries that uses all of ths
    and run benchmark
    Adrien Guinet
    @aguinet
    will miasm rust jit more than one BB at a time or it will be the same as current miasm ?
    Adrien Guinet
    @aguinet
    another question : I made a function which is just a huge basic block, and the miasm jitter still splits it in multiple smaller ones. any reason?
    ok I guess this is linked to max_exec_per_call
    or jit_maxline
    Adrien Guinet
    @aguinet
    in this extreme case it gives

    custom backend
    compilation time: 37.3621 ms
    execution time: 0.0675 ms

    llvm backend
    compilation time: 1104.9287 ms
    execution time: 0.0639 ms

    serpilliere
    @serpilliere
    Ohh!! very interesting
    this will be great.
    Ghost
    @ghost~5eff3bc9d73408ce4fe8a17d
    Hi :) I'm playing with Rust recently and would love to have a look at miasm-rs as a potential contributor. How can one get an early access to the repo?
    Tek
    @tekkk_gitlab
    Hi, how can I load and run a dll with miasm windows sandbox?
    serpilliere
    @serpilliere
    Hi @tekkk_gitlab ! It works the very same way as a exe.
    A side note: the dll keeps their original base address in Miasm, so if it colides with something else, try to rebase it with an external tool.
    Tek
    @tekkk_gitlab
    And if I want to call an export function, I just need to put the address in sb.run(ADDR) ?
    Adrien Guinet
    @aguinet
    @tekkk_gitlab I'd say yes :)
    with the registers/stack properly setup for the function arguments
    I think there are helpers for that
    Tek
    @tekkk_gitlab
    Ok, I think I had a stack issue or something like that, good to know that I am in the right direction, thanks
    Adrien Guinet
    @aguinet
    sb.call(ptr, arg0, arg1) would do the work for "easy" ones @tekkk_gitlab
    arg0, arg1, ...
    Tek
    @tekkk_gitlab
    Ah right, it works, not sure what was the issue before. Thanks !
    serpilliere
    @serpilliere
    Don't hesitate to generate a trace (-z) to look at the registers/instruction executed. Take care, it may spit a lot of logs
    Tek
    @tekkk_gitlab
    Turns out Willi Ballenthin and others ended up rewriting Windows in python https://github.com/fireeye/speakeasy
    Too bad they did not contribute to miasm instead
    But maybe there is some code to take for miasm? I feel having a better implementation of Windows API would make miasm way easier to use for quick sandboxing
    serpilliere
    @serpilliere
    hUm: it seems to be quite modular, so maybe we could use this as a 'backend' to emulate a windows environement
    Thank you for the url @tekkk_gitlab
    Tek
    @tekkk_gitlab
    Could you use that with the miasm engine instead of the unicorn one ?
    serpilliere
    @serpilliere
    I didn't dive into it, but I will take time to analyse it.
    A22X6
    @A22X6

    i have start with my miasm with this articles: https://miasm.re/blog/2016/01/27/re150.html#first-thoughts
    When i execute this : cont = Container.from_stream(open("dump.bin"))
    it's said TypeError: from_stream() missing 1 required positional argument: 'loc_db'

    Can someones explain me what happen with this and how can i fix it pls :(((

    serpilliere
    @serpilliere
    Hi @A22X6 !
    Yes, the API has changed.
    The API are used in the examples of Miasm, and are always up to date.
    Look at the file miasm/example/disasm/dis_binary.py:
    from __future__ import print_function
    import sys
    from miasm.analysis.binary import Container
    from miasm.analysis.machine import Machine
    from miasm.core.locationdb import LocationDB
    
    fdesc = open(sys.argv[1], 'rb')
    loc_db = LocationDB()
    
    # The Container will provide a *bin_stream*, bytes source for the disasm engine
    # It will prodive a view from a PE or an ELF.
    cont = Container.from_stream(fdesc, loc_db)
    A22X6
    @A22X6
    ok tks @serpilliere
    serpilliere
    @serpilliere
    noproblemo
    IridiumXOR
    @IridiumXOR
    @serpilliere Thanks a lot for IR documentation! It is very clear! MIASM is a very powerful tool but the lack of documentation is a big issue :(
    And thanks also for the lift part!
    serpilliere
    @serpilliere
    Hey @IridiumXOR, thank you for the feed back!
    By the way, If you spot some typo, bad english or poorly explained parts, don't hesitate to tell me.
    I will add some other parts on the documentation: for example on the IR manipuation: simplification, reduction, depgraph, ...