Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sourcery refactored master branch #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Sourcery refactored master branch #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion __init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

try:
t.halt()
pass
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lines 11-11 refactored with the following changes:

except:
pass

Expand Down
21 changes: 10 additions & 11 deletions asm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,13 @@
from proc import *

def get_registers(thread):
registers = []
register_list = ["eax", "ebx", "ecx", "edx", "esi", "edi", "ebp", "esp", "eip"]
for reg in register_list:
registers.append((reg, thread.arch_register(reg)))
return registers
return [(reg, thread.arch_register(reg)) for reg in register_list]
Comment on lines -7 to +8
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function get_registers refactored with the following changes:


def print_registers(thread=None):
if thread is None:
thread = t

Comment on lines -16 to +13
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function print_registers refactored with the following changes:

was_running = False
# Halt the thread if needed
if thread.isrunning():
Expand All @@ -22,7 +19,7 @@ def print_registers(thread=None):
registers = get_registers(thread)
print ("Registers : ")
for (reg, val) in registers:
print("%s: %s" % (reg, val.ToHex()))
print(f"{reg}: {val.ToHex()}")
if was_running:
thread.go()

Expand Down Expand Up @@ -83,7 +80,7 @@ def v3_resume():

def pop():
ss = reg("ss")
ret = t.mem(ss.ToHex() + ":" + reg("esp").ToHex(), 4)
ret = t.mem(f"{ss.ToHex()}:" + reg("esp").ToHex(), 4)
Comment on lines -86 to +83
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function pop refactored with the following changes:

reg("esp", reg("esp") + 4)
return ret

Expand Down Expand Up @@ -166,16 +163,18 @@ def printStackContent():
table = ss[2]
idx = ss[3:15]
base = t.arch_register("ldtbas" if table else "gdtbas")
segment = GDTEntry(t.memblock(str(base.ToUInt32() + 8 * idx.ToUInt32()) + "L", 8, 1))
segment = GDTEntry(
t.memblock(f"{str(base.ToUInt32() + 8 * idx.ToUInt32())}L", 8, 1)
)
limit = segment.limit
print("ESP : %s" % esp.ToHex())
print(f"ESP : {esp.ToHex()}")
esp = esp & ~0xF
t.memdump(ss.ToHex() + ":" + esp.ToHex(), limit - esp, 1)
t.memdump(f"{ss.ToHex()}:{esp.ToHex()}", limit - esp, 1)
Comment on lines -169 to +172
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function printStackContent refactored with the following changes:


def peek(register, offset=0, size=4, value=None):
ds = reg("ds")
reg_value = reg(register)
return t.mem(ds.ToHex() + ":" + hex(reg_value + offset), size, value)
return t.mem(f"{ds.ToHex()}:{hex(reg_value + offset)}", size, value)
Comment on lines -178 to +177
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function peek refactored with the following changes:


def poke(register, offset=0, value=None, size=4):
return peek(register, offset, size, value)
Expand Down
43 changes: 20 additions & 23 deletions mem.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,14 +128,14 @@ def print_pages():
def linear_to_pages(addr):
addr_bits = ipc.BitData(32, addr)
directory = addr_bits[22:31].ToUInt32()
offset = addr_bits[0:21].ToUInt32()
offset = addr_bits[:21].ToUInt32()
pd = reg("cr3")
pde = t.memblock(phys(pd + directory*4), 4, 1)
pde = PDE(directory, pde)
if pde.present:
if pde.size == 0:
table = addr_bits[12:21].ToUInt32()
offset = addr_bits[0:11].ToUInt32()
offset = addr_bits[:11].ToUInt32()
Comment on lines -131 to +138
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function linear_to_pages refactored with the following changes:

pt = pde.base_addr << 12
pte = t.memblock(phys(pt + table*4), 4, 1)
pte = PTE(pde, table, pte)
Expand Down Expand Up @@ -172,19 +172,15 @@ def virt_to_phys(addr, selector="ds"):
def linear_to_phys(addr):
(pde, pte, offset) = linear_to_pages(addr)
if pte:
if pte.present:
return pte.base_addr.ToUInt32() << 12 | offset
return None
if pde.present:
return pde.base_addr.ToUInt32() << 12 | offset
return None
return pte.base_addr.ToUInt32() << 12 | offset if pte.present else None
return pde.base_addr.ToUInt32() << 12 | offset if pde.present else None
Comment on lines -175 to +176
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function linear_to_phys refactored with the following changes:


def dump_pages(filename):
save_to_file(filename, print_pages)

def memdump_ds(addr, size=0x10):
ds = reg("ds")
return t.memdump(ds.ToHex() + ":" + hex(addr), size, 1)
return t.memdump(f"{ds.ToHex()}:{hex(addr)}", size, 1)
Comment on lines -187 to +183
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function memdump_ds refactored with the following changes:


def memset(addr, value, size):
t.memblock(phys(addr), int(size), 4, value)
Expand All @@ -199,25 +195,26 @@ def phys(addr):

def malloc(size):
malloc_func = proc_get_address(t, "SYSLIB:MALLOC")
execute_asm(t,
"push %s" % hex(size),
# Need to call using register because asm uses near call and if I
# do a far call with 'cs:addr', it pushes cs to the stack so it always
# allocates 0x1bc bytes
"mov eax, %s" % hex(malloc_func).replace("L", ""),
"call eax")
execute_asm(
t,
f"push {hex(size)}",
f'mov eax, {hex(malloc_func).replace("L", "")}',
"call eax",
)
Comment on lines -202 to +203
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function malloc refactored with the following changes:

This removes the following comments ( why? ):

# allocates 0x1bc bytes
# do a far call with 'cs:addr', it pushes cs to the stack so it always
# Need to call using register because asm uses near call and if I

wait_until_infinite_loop(t, False)
return reg("eax")

def malign(alignment, size):
malign_func = proc_get_address(t, "SYSLIB:MALIGN")
execute_asm(t,
"push 0",
"push %s" % hex(size),
"push %s" % hex(alignment),
"push 0",
"mov eax, %s" % hex(malign_func).replace("L", ""),
"call eax")
execute_asm(
t,
"push 0",
f"push {hex(size)}",
f"push {hex(alignment)}",
"push 0",
f'mov eax, {hex(malign_func).replace("L", "")}',
"call eax",
)
Comment on lines -214 to +217
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function malign refactored with the following changes:

wait_until_infinite_loop(t, False)
return reg("eax")

Expand Down
9 changes: 4 additions & 5 deletions mmio.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ def save_mmios(pwd, mmios, prefix="MMIO_"):
# Sort by size
mmios.sort(lambda a, b: cmp(a[1], b[1]) if a[1] != b[1] else cmp(a[0], b[0]))
for (addr, size) in mmios:
print("Addr: %s, size: %s" % (hex(addr), hex(size)))
print(f"Addr: {hex(addr)}, size: {hex(size)}")
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function save_mmios refactored with the following changes:

path = os.path.join(pwd, prefix + hex(addr)[2:].replace("L", "") + ".bin")
if os.path.exists(path):
statinfo = os.stat(path)
Expand All @@ -110,8 +110,7 @@ def save_mmios(pwd, mmios, prefix="MMIO_"):
with open(path, "ab") as f:
while size > 0:
chunk = 4 * 1024
if chunk > size:
chunk = size
chunk = min(chunk, size)
f.write(memtostr(phys(addr), chunk))
addr += chunk
size -= chunk
Expand All @@ -124,7 +123,7 @@ def save_mmios(pwd, mmios, prefix="MMIO_"):
def bruteforce_sideband(pwd, group=0, start=0, end=0x100, size=0x8000, rs=1, fid=0):
for i in xrange(start, end):
channel = (group << 8) + i
print("Dumping Sideband : %s" % hex(channel))
print(f"Dumping Sideband : {hex(channel)}")
Comment on lines -127 to +126
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function bruteforce_sideband refactored with the following changes:

dump_sideband_channel(pwd, channel, size=size, rs=rs, fid=fid)

def bruteforce_sideband_port(pwd, port, start=0, end=0x100, size=0x1000):
Expand Down Expand Up @@ -153,7 +152,7 @@ def dump_sideband_channel(pwd, channel, size=0x8000, rs=1, fid=0):
sb_channel_port_addr = proc_get_address(t, "SB_CHANNEL")
sb_mmio, _ = setup_sideband_channel(channel, rs, fid)
t.memdump(phys(sb_mmio), 0x10, 1)
save_mmios(pwd, [(sb_mmio, size)], "SB_" + hex(channel) + "_")
save_mmios(pwd, [(sb_mmio, size)], f"SB_{hex(channel)}_")
Comment on lines -156 to +155
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function dump_sideband_channel refactored with the following changes:


try:
a = t.mem(phys(sb_channel_port_addr + 0x18), 4)
Expand Down
17 changes: 13 additions & 4 deletions pci.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,24 @@ def list_pci_devices(base_addr=0xE0000000, alt="", bars=True):
for func in range (8):
device = PCIDevice(bus, dev, func, t, base_addr)
vid = device.getVID()
if vid != 0xFFFFFFFF and vid != 0x0:
if vid not in [0xFFFFFFFF, 0x0]:
print("PCI %d.%d.%d : %s" % (bus, dev, func, vid.ToHex()))
mmio.save_mmios(pwd, [(device.getIOAddress(), 0x1000)], "PCI_" + alt + "%d.%d.%d_" % (bus, dev, func) )
mmio.save_mmios(
pwd,
[(device.getIOAddress(), 0x1000)],
f"PCI_{alt}" + "%d.%d.%d_" % (bus, dev, func),
)
if bars:
for offset in range(0x10, 0x28, 4):
bar = device.readWord(offset)
if bar != 0:
bar[0:7] = 0
mmio.save_mmios(pwd, [(bar, 0x1000)], "BAR_" + alt + "%d.%d.%d_" % (bus, dev, func))
bar[:7] = 0
mmio.save_mmios(
pwd,
[(bar, 0x1000)],
f"BAR_{alt}"
+ "%d.%d.%d_" % (bus, dev, func),
)
Comment on lines -33 to +50
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function list_pci_devices refactored with the following changes:

elif dev == 0 and func == 0:
break
else:
Expand Down
28 changes: 11 additions & 17 deletions segments.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
class Selector:
def __init__(self, bits):
self.bits = bits
self.rpl = bits[0:1]
self.rpl = bits[:1]
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function Selector.__init__ refactored with the following changes:

self.table = bits[2]
self.idx = bits[3:15]

Expand All @@ -20,7 +20,7 @@ def __init__(self, bits):
self.base_addr = bits[16:31]
self.base_addr.Append(bits[32:39])
self.base_addr.Append(bits[56:63])
self.limit = bits[0:15]
self.limit = bits[:15]
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function GDTEntry.__init__ refactored with the following changes:

self.limit.Append(bits[48:51])
self.access = bits[40:47]
self.flags = bits[52:55]
Expand Down Expand Up @@ -75,12 +75,12 @@ class IDTEntry:
def __init__(self, bits):
# https://wiki.osdev.org/Interrupt_Descriptor_Table
self.bits = bits
self.offset = bits[0:15]
self.offset = bits[:15]
self.offset.Append(bits[48:63])
self.selector = bits[16:31]
self.zero = bits[32:39]
self.type_attr = bits[40:47]
self.gate_type = self.type_attr[0:3]
self.gate_type = self.type_attr[:3]
Comment on lines -78 to +83
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function IDTEntry.__init__ refactored with the following changes:

self.s = self.type_attr[4]
self.privl = self.type_attr[5:6]
self.pr = self.type_attr[7]
Expand Down Expand Up @@ -115,14 +115,11 @@ def print_segment(name, base, limit):
entries = (limit.ToUInt32() + 1) // 8
print("%s (%s, %s) has %d entries" % (name, base, limit, entries))
for i in xrange(entries):
segment = t.memblock(str(base.ToUInt32() + 8 * i) + "L", 8, 1)
if name == "IDT":
entry = IDTEntry(segment)
else:
entry = GDTEntry(segment)
segment = t.memblock(f"{str(base.ToUInt32() + 8 * i)}L", 8, 1)
entry = IDTEntry(segment) if name == "IDT" else GDTEntry(segment)
if entry.pr:
print("**** %s Entry %d ****" % (name, i))
print("%s" % str(entry))
print(f"{str(entry)}")
Comment on lines -118 to +122
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function print_segment refactored with the following changes:


def print_segments():
gdtbas = t.arch_register("gdtbas")
Expand Down Expand Up @@ -153,12 +150,9 @@ def segment_addr_to_linear(selector, addr):
table = selector[2]
idx = selector[3:15].ToUInt32()
base = t.arch_register("ldtbas" if table else "gdtbas")
segment = t.memblock(str(base.ToUInt32() + 8 * idx) + "L", 8, 1)
segment = t.memblock(f"{str(base.ToUInt32() + 8 * idx)}L", 8, 1)
entry = GDTEntry(segment)
if addr < entry.limit:
return entry.base_addr + addr
else:
return None
return entry.base_addr + addr if addr < entry.limit else None
Comment on lines -156 to +155
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function segment_addr_to_linear refactored with the following changes:


def table_to_mmio(base, limit):
entries = (limit.ToUInt32() + 1) // 8
Expand Down Expand Up @@ -202,8 +196,8 @@ def dump_ldts():
limit = t.arch_register("ldtlim")
entries = (limit.ToUInt32() + 1) // 8
for i in xrange(entries):
segment = t.memblock(str(base.ToUInt32() + 8 * i) + "L", 8, 1)
segment = t.memblock(f"{str(base.ToUInt32() + 8 * i)}L", 8, 1)
entry = GDTEntry(segment)
if entry.pr:
t.memsave("LDT-" + i + ".bin", str(entry.base.ToUInt32()) + "L")
t.memsave(f"LDT-{i}.bin", f"{str(entry.base.ToUInt32())}L")

6 changes: 3 additions & 3 deletions utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def debug(str):
def genTaps(max, depth=0, max_depth=1, parent="SPT_TAP"):
res = ""
for i in xrange(0, max, 2):
name = "%s_%s" % (parent, i)
name = f"{parent}_{i}"
res += (' ' * depth + '<Tap Name="%s" IrLen="8" IdcodeIr="0x0C" VerifyProc="verify_idcode()" SerializeProc="common.tap.add_tap(0x11,%s,%s)" DeserializeProc="common.tap.remove_tap(0x11,%s,%s)" AdjustProc="common.tap.read_idcode_and_remove_if_zero()" InsertBeforeParent="false">\n' % (name, i, max, i, max))
if depth + 1 < max_depth:
res += genTaps(max, depth + 1, max_depth, name)
Expand All @@ -48,8 +48,8 @@ def displayValidIdcodes(prefix=""):
idcode = d.idcode()
proc_id = d.irdrscan(0x2, 32)
if proc_id != 0:
idcode += " (" + proc_id.ToHex() + ")"
print("%s : %s" % (d.name, idcode))
idcode += f" ({proc_id.ToHex()})"
print(f"{d.name} : {idcode}")

ipc = connect()
print(ipc.devicelist)
Expand Down
Loading