Python unicorn.UC_ARCH_ARM Examples
The following are 6
code examples of unicorn.UC_ARCH_ARM().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
unicorn
, or try the search function
.
.
Example #1
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 6 votes |
|
def getSelRefFromImpPtr(self, eh, imp):
selref = None
retClsName = ""
if eh.arch == unicorn.UC_ARCH_ARM and eh.isThumbMode(imp):
imp |= 1
logging.debug("checking xrefs for IMP %s" % eh.hexString(imp))
for x in idautils.XrefsTo(imp):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
# even though imp ptr is stored at offset 0x10 in struct, xref just goes to base of struct, we want the
# first field
for y in idautils.XrefsTo(eh.derefPtr(x.frm)):
if y.frm >= self.objcSelRefs[0] and y.frm < self.objcSelRefs[1]:
selref = y.frm
break
# determine return value's type
# check type string to see if id is returned
typeStr = eh.getIDBString(eh.derefPtr(x.frm + eh.size_pointer))
if len(typeStr) > 0 and typeStr[0] == "@":
# scan imp for ivar reference, grab its type
if eh.arch == unicorn.UC_ARCH_ARM and eh.isThumbMode(imp):
imp = imp & ~1
retClsName = self.getIvarTypeFromFunc(eh, imp)
return selref, retClsName
Example #2
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 6 votes |
|
def processMethod(self, eh, clsName, methodVa, classes, type_):
objc2ClassMethImpOffs = 2 * eh.size_pointer
isAmbiguous, isMsgRef, selRefVA = self.getRefPtr(eh, methodVa)
if selRefVA is None:
return
funcVA = eh.derefPtr(methodVa + objc2ClassMethImpOffs)
if eh.arch == unicorn.UC_ARCH_ARM:
# remove last bit in case of thumb mode address
funcVA = funcVA & ~1
# adjust pointer to beginning of message_ref struct to get xrefs
if isMsgRef:
selRefVA -= eh.size_pointer
# this shouldn't happen now
if selRefVA in map(lambda x: x[0], classes[clsName][type_]):
logging.debug("class name: %s - method type: %s - duplicate selref VA: %s, ignoring.." %
(clsName, type_, eh.hexString(selRefVA)))
else:
logging.debug("class name: %s - method type: %s - selref VA: %s - function VA: %s - ambiguous: %s" %
(clsName, type_, eh.hexString(selRefVA), eh.hexString(funcVA), isAmbiguous))
classes[clsName][type_].append((selRefVA, funcVA, isAmbiguous))
# collect imp and sel/msg ref pointers
Example #3
| Source File: unicorn_protocol.py From avatar2 with Apache License 2.0 | 5 votes |
|
def _fixup_thumb_pc(self, pc):
"""Fix the PC for emu_start to take ARM Thumb mode into account."""
# If the arch mode is UC_MODE_THUMB, force Thumb.
# Otherwise, check Thumb bit in CPSR.
if self._protocol.arch.unicorn_arch == unicorn.UC_ARCH_ARM and \
(self._protocol.arch.unicorn_mode == unicorn.UC_MODE_THUMB or
self._protocol.read_register(self._protocol.arch.sr_name) & 0x20):
pc |= 1
return pc
Example #4
| Source File: unicorn_trace.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def __init__(self):
Emulator.__init__(self, "ARM",
unicorn.UC_ARCH_ARM,
unicorn.UC_MODE_ARM,
"pc",
32,
["sp", "cpsr"])
self.syscall_regnames = map(lambda x: "x%d" % x, range(0, 8)) + ["x7",
"pc"]
self.stackbot = "fp"
self.stacktop = "sp"
self.syscall_reg = "x7"
Example #5
| Source File: main.py From frick with MIT License | 5 votes |
|
def __init__(self):
super(Arm, self).__init__()
self.unicorn_arch = unicorn.UC_ARCH_ARM
self.unicorn_mode = unicorn.UC_MODE_ARM
self.capstone_arch = capstone.CS_ARCH_ARM
self.capstone_mode = capstone.CS_MODE_ARM
Example #6
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
