Add pull requests pbiernat#15 and pbiernat#16

Bjoern Kerler · Bjoern Kerler · commit ed063e38e5f7 · 2018-08-22T23:57:40.000+02:00
diff --git a/README.md b/README.md
@@ -35,6 +35,7 @@ Installation on Windows typically requires installing PyQt5.
 ---
 
 #### Packaging a Function
+##### Binary Ninja
 From within Binary Ninja, right click anywhere inside of a function and select `[ripr] Package Function`.
 
 <img src="https://puu.sh/thLAo/491ac39e58.PNG" width="600">
@@ -43,6 +44,10 @@ After packaging, a table will appear listing all of the "packages" you have crea
 
 <img src="https://puu.sh/tnz8C/d0f5141f43.PNG" width="600">
 
+##### Radare2
+If you've followed step 3 in the installation instructions, run `.(ripr 0x1234)` (with 0x1234 replaced by the address of the function).
+Otherwise, you can manually invoke ripr with `#!pipe python /absolute/path/to/ripr/r2pipe_run.py 0x1234`.
+
 #### Packaging Specific Basic Blocks
 You can also choose to only package specific basic blocks rather than the entire function.
 
diff --git a/codegen.py b/codegen.py
@@ -22,13 +22,24 @@ def __init__(self, name, arch):
     def gen_arg_number(self, argno):
         pass
 
+    def genPointer(self, arg, regs, indent):
+        pass
+    
+    def dumpContext(self, indent):
+        pass
+
 class x64callConv(callConv):
 # TODO Stack based arguments 
     def __init__(self, name, arch):
         self.name = name
         self.arch = arch
         self.platform = ''
-
+        self.regs = ["UC_X86_REG_RAX", "UC_X86_REG_RBP", "UC_X86_REG_RBX", "UC_X86_REG_RCX",\
+                    "UC_X86_REG_RDI", "UC_X86_REG_RDX", "UC_X86_REG_RSI", "UC_X86_REG_RSP",\
+                    "UC_X86_REG_RIP", "UC_X86_REG_R8", "UC_X86_REG_R9", "UC_X86_REG_R10",\
+                    "UC_X86_REG_R11", "UC_X86_REG_R12", "UC_X86_REG_R13", "UC_X86_REG_R14",\
+                    "UC_X86_REG_R15"]
+                    
     def gen_arg_number(self, argno, indent=1):
         print ("X64")
         if self.platform == "win":
@@ -57,10 +68,19 @@ def systemV(self, arg, indent):
                 return ' ' * (indent*4) + "self.mu.reg_write(%s, arg_%x)\n" % (regs[arg.num], arg.num)
             return self.genPointer(arg, regs, indent)
 
+    def dumpContext(self, indent):
+        ret = ' ' * (indent * 4) + ("print ('[!] Exception occured - Emulator state (x64):')\n")
+        for r in self.regs:
+            ret += ' ' * (indent * 4) + ("print (\"%s : %%016X\" %% (self.mu.reg_read(%s)))\n" % (r,r))
+        return ret
+
 class x86callConv(callConv):
     def __init__(self, name, arch):
         self.name = name
         self.arch = arch
+        self.regs = ["UC_X86_REG_EAX", "UC_X86_REG_EBP", "UC_X86_REG_EBX", "UC_X86_REG_ECX",\
+                    "UC_X86_REG_EDI", "UC_X86_REG_EDX", "UC_X86_REG_ESI", "UC_X86_REG_ESP",\
+                    "UC_X86_REG_EIP"]
 
     def genPointer(self, arg, indent):
         ret = ' ' * (indent * 4) + "argAddr_%x = (%d * 0x1000)\n" % (arg.num, arg.num + 1)
@@ -75,10 +95,20 @@ def gen_arg_number(self, arg, indent):
             return ' ' * (indent * 4) + "self.mu.mem_write(self.mu.reg_read(UC_X86_REG_ESP) + %d, struct.pack('<i', arg_%x))\n" % ( (arg.num * 4) + 4, arg.num)
         return self.genPointer(arg, indent)
 
+    def dumpContext(self, indent):
+        ret = ' ' * (indent * 4) + ("print ('[!] Exception occured - Emulator state (x86):')\n")
+        for r in self.regs:
+            ret += ' ' * (indent * 4) + ("print (\"%s : %%08X\" %% (self.mu.reg_read(%s)))\n" % (r,r))
+        return ret
+
 class armcallConv(callConv):
     def __init__(self, name, arch):
         self.name = name
         self.arch = arch
+        self.regs = ["UC_ARM_REG_R0", "UC_ARM_REG_R1", "UC_ARM_REG_R2", "UC_ARM_REG_R3",\
+                    "UC_ARM_REG_R4", "UC_ARM_REG_R5", "UC_ARM_REG_R6", "UC_ARM_REG_R7",\
+                    "UC_ARM_REG_R8", "UC_ARM_REG_R9", "UC_ARM_REG_R10", "UC_ARM_REG_R11",\
+                    "UC_ARM_REG_R12", "UC_ARM_REG_R13", "UC_ARM_REG_R14", "UC_ARM_REG_R15"]
 
     def genPointer(self, arg, regs, indent):
         ret = ' ' * (indent * 4) + "argAddr_%x = (%d * 0x1000)\n" % (arg.num, arg.num+1)
@@ -92,7 +122,12 @@ def gen_arg_number(self, arg, indent):
             if arg.pointerDepth == 0 or arg.pointerDepth > 1:
                 return ' ' * (indent *4 ) + "self.mu.reg_write(%s, arg_%x)\n" % (regs[arg.num], arg.num)
             return self.genPointer(arg, regs, indent)
-            
+
+    def dumpContext(self, indent):
+        ret = ' ' * (indent * 4) + ("print ('[!] Exception occured - Emulator state (arm):')\n")
+        for r in self.regs:
+            ret += ' ' * (indent * 4) + ("print (\"%s : %%X\" %% (self.mu.reg_read(%s)))\n" % (r,r))
+        return ret            
 
 class codeSlice(object):
     '''
@@ -155,6 +190,15 @@ def __init__(self, name, isFunc=True):
 
         self.isFunc = isFunc
         
+    def setArch(self,a):
+        self.arch=a
+        if self.arch == 'x64':
+            self.callConv = x64callConv("linux", "x64")
+        if self.arch == 'x86':
+            self.callConv = x86callConv("linux", "x86")
+        if self.arch == 'arm':
+            self.callConv =armcallConv("linux", "arm")
+
     def data_saved(self, addr): 
         return any(lowaddr <= addr <= highaddr for (lowaddr, highaddr) in self.saved_ranges)
     
@@ -369,6 +413,8 @@ def generate_return_guard(self, indent=1):
 
         # Raise original exception if PC is not equal to the appropriate marker value or imported call marker
         out += ' ' * (indent * 4) + "else:\n"
+        if self.callConv is not None:
+            out += self.callConv.dumpContext(indent+1)
         out += ' ' * ((indent + 1) * 4) + "raise e"
 
         return out + "\n"
@@ -465,7 +511,8 @@ def generate_default_hookFunc(self, name, indent=1):
             The default python hook for imported calls should do nothing.
         '''
         out = ' ' * (indent * 4) + """def hook_%s(self):
-        pass\n""" % name
+        print ("[!] %s hook not implemented!")
+        pass\n""" % (name, name)
         return out
         
     def _build_impCall_hook_dict(self, indent=1):
diff --git a/conScan.py b/conScan.py
@@ -1,4 +1,12 @@
-from binaryninja import *
+try:
+    from binaryninja import *
+except:
+    print ("[!!] Not running in Binary Ninja")
+try:
+    import r2pipe
+except:
+    print ("[!!] Not running in Radare2")
+
 from .analysis_engine import *
 
 class ilVar(object):
diff --git a/dependency.py b/dependency.py
@@ -5,7 +5,16 @@
 '''
 
 from .analysis_engine import aengine as ae
-from binaryninja import *
+# Try to import stuff.
+try:
+    from binaryninja import *
+except:
+    print ("[!!] Not running in Binary Ninja")
+try:
+    import r2pipe
+except:
+    print ("[!!] Not running in Radare2")
+
 
 class ImportedCall(object):
     '''
diff --git a/packager.py b/packager.py
@@ -26,7 +26,7 @@ def __init__(self, isFunc, address, engine, ui = None, length=None):
         
         self.codeobj = genwrapper('', isFunc)
         self.arch = self.engine.get_arch()
-        self.codeobj.arch = self.arch
+        self.codeobj.setArch(self.arch)
 
         self.impCallStrategy = None
         self.dataStrategy = None
