0x00 前言
原文:https://miasm.re/blog/2016/01/27/re150.html
github:https://github.com/cea-sec/miasm
reverseMe:http://www.grehack.fr/data/grehack2015/re/Grehack%202015%20-%20Reverse%20-%20150.zip
主要是对以上文章的详细描述,但由于miasm经过了大的版本变化,原文章的脚本在当前版本有些问题,需要进行一定的改动。
0x01 介绍(直接复制官方的了)
What is Miasm?
Miasm is a free and open source (GPLv2) reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features:
- Opening / modifying / generating PE / ELF 32 / 64 LE / BE
- Assembling / Disassembling X86 / ARM / MIPS / SH4 / MSP430
- Representing assembly semantic using intermediate language
- Emulating using JIT (dynamic code analysis, unpacking, ...)
- Expression simplification for automatic de-obfuscation
- ...
See the official blog for more examples and demos.
0x02 利用沙箱模拟运行程序并生成流程图
import os
from miasm.analysis.sandbox import Sandbox_Linux_x86_32
parser = Sandbox_Linux_x86_32.parser(description='ELF sandbox')
parser.add_argument('filename', help='ELF Filename')
options = parser.parse_args()
sb = Sandbox_Linux_x86_32(options.filename, options, globals())
sb.run()
这段代码没什么好说的,就是用于执行一个我们命令行输入的ELF文件,保存为sandbox.py后使用python sandbox.py -b reverseMe来执行。
-> c_to:loc_804b1f0
loc_804b1f0
MOV EBX, 0x1
MOV EAX, 0x4
INT 0x80
-> c_next:loc_804b1fc
Traceback (most recent call last):
File "Sandbox.py", line 22, in <module>
sb.run()
File "/usr/local/lib/python2.7/dist-packages/miasm/analysis/sandbox.py", line 617, in run
super(Sandbox_Linux_x86_32, self).run(addr)
File "/usr/local/lib/python2.7/dist-packages/miasm/analysis/sandbox.py", line 133, in run
self.jitter.continue_run()
File "/usr/local/lib/python2.7/dist-packages/miasm/jitter/jitload.py", line 405, in continue_run
return next(self.run_iterator)
File &