Comments (23)
These structures are used when medusa emulates code (not fully implemented). At this time, it's just a placeholder to support simple access like SEH installation (fs:[0]). I'd like to fully implement it to support SEH, LastError, and so on.
from medusa.
1)How to get the path to the file analyzed by medusa from ldr_pe?
from medusa.
This info is not available since you may want to analyze a data from memory or, if you save a database, don't want to keep the original file (since it's already contained in the db file). The object BinaryStream offers an abstraction to avoid to keep this information.
However if you explain why you need this feature, I could probably provide a workaround.
from medusa.
I need the file path for the analysis of the pdb file(pdb files is located next to the exe)
2)How load external files?(pdb files,and other) should I use https://github.com/wisk/medusa/blob/master/inc/medusa/binary_stream.hpp#L236 and analyse them?
from medusa.
-
Could you use another folder to store this file? If I remember correctly, the path to the PDB is stored in the executable by the compiler (Visual Studio) into the executable. In the case you download it (like official Windows binaries) from a symbol server, you can store it anywhere you want.
I think it would be more convenient to look for the environment variable _NT_SYMBOL_PATH to decide where to store or/and load PDB file. For instance, Windows users can simply download the symbol package (http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx) and use them if it's possible. -
You can use anything you want (FILE, std::fstream, ...), however I strongly encourage you to use BinaryStream since it supports swap to handle endianness and it's be portable for UNIX/Windows.
from medusa.
I do parser pdb files and microsoft symbols loader for linux too ;)
from medusa.
Which is really awesome! I can't wait to see the result. :)
If you don't want to rely on environment variable _NT_SYMBOL_PATH I think we can define a path to a resources folder on the medusa.ini (see UserConfiguration) like ~/.medusa/resources.
I really think it'd be better to regroup PDB files on the same location.
from medusa.
Does it make sense to write tests for medusa?(e.g., Tests architecture)
from medusa.
Yes, and that's a good idea.
Of course, some features cannot be tested (e.g. GUI), but it'd be better to have unit test in Medusa.
Is CTest ok for you? Do you prefer something else?
from medusa.
Yes,but CTest only run tests.Will you use https://code.google.com/p/googlemock/ and google tests for tests?(How to write tests for core and modules?e.g. ldr/x86.)
from medusa.
Shame on me, I've never used one of these libraries before. What do you think about boost test (http://www.boost.org/doc/libs/1_56_0/libs/test/doc/html/index.html>)? Tell me which one is the best for medusa. :)
About the test itself, it's hard to tell: I guess we can test how loader modules parse some executable stored in the repository (corkami is a good source of windows for instance), and test architectures modules by disassembling raw instruction (e.g. Disasm("\x33\xc0") == "xor eax, eax").
https://code.google.com/p/corkami/downloads/detail?name=opcodes32pe-r79.zip&can=2&q= is a good start to test x86.
We should discuss about it on IRC, what do you think?
from medusa.
Hi .I experimented with the code in my fork. ivan-kulikov-dev/disasm_tool@gunmetal313:dev...addpluginsupport e.x. I want add new module,but core: Module: "./libplg_hello.so" is unknown (ignored) (The module is not even recognized)
from medusa.
Hi,
It seems medusa fails to find the exported function GetPlugin. Please, try to run objdump and make sure this function is exported:
objdump -T libplg_hello.so | grep GetPlugin
from medusa.
- processor: ['ARMv6T2', 'ARMv7']
format: 'SXTAB , , {,}'
semantic: []
mode: T1
attribute: [ 'could_jmp' ]
encoding: [ 1,1,1,1,1,0,1,0,0,1,0,0,_Rn_4,1,1,1,1,_Rd_4,1,(0),_rotate,_Rm_4 ]
your generator architecture of yaml files very cool :) ๐ But why do not you use "encoding" for x86 architecture?And how to use "encoding" for other architectures? )
from medusa.
Thanks :)
Encoding field is more suited for RISC architecture because basically an instruction is decoded using a mask (e.g. (insn & mask) == val
), whereas in CISC architecture I prefer to use a table, especially for x86, because it allows to rely on a dispatcher and thus handle tedious cases (e.g. op_size, ad_size, segment_prefix...).
from medusa.
encoding: [ 1,1,1,1,1,0,1,0,0,1,0,0,*Rn_4,1,1,1,1,*Rd_4,1,(0),*rotate,*Rm_4 ]
What difference between 0 and (0)?
from medusa.
According to the official documentation of ARM:
An instruction is UNPREDICTABLE if:
* it is declared as UNPREDICTABLE in an instruction description or in this chapter
* the pseudocode for that encoding does not indicate that a different special case applies, and a bit marked (0) or (1) in the encoding diagram of an instruction is not 0 or 1 respectively.
So I guess it means if (0) does not match with 0 (in the encoding) the instruction is unpredictable.
from medusa.
Medusa is not supported Ms dos exe files?
from medusa.
Not at this time, but I guess DOS file format won't be hard to handle.
from medusa.
I want try write dos support.This is normal?
target_link_libraries(ldr_dos Medusa)
target_link_libraries(ldr_dos ldr_pe) ??
Or all of the modules should be independent from each other?
from medusa.
Well, you could extend ldr_pe to handle DOS format (they rely on the same structure IMAGE_DOS_HEADER
after all), but I advise you to make a loader from scratch.
I don't think you can directly link a Medusa module with another one (i.e. target_link_libraries(ldr_dos ldr_pe)
), If you add a different loader, please link with the Medusa target_link_libraries(ldr_dos Medusa)
.
from medusa.
How are you use emulator?
from medusa.
Basically, you should rely on object Execution
to use Emulator
(let's say it'll be more easier).
If you want an example, take a look at https://github.com/wisk/medusa/blob/dev/src/ui/emulator/main.cpp
You can also use Emulator
in Python with pydusa
, I can provide you an example if you need it. :)
from medusa.
Related Issues (20)
- Pybind11 - unknown <unsigned int> in enumeration HOT 2
- Needed items for building into a package HOT 3
- Compilation Error on Ubuntu 16.04 with boost 1.58 and QT 5.5.1 HOT 4
- error: โformatโ is not a member of โboostโ HOT 1
- dev or master dont build due to -Werror HOT 2
- Problem building Docker HOT 2
- Build fails on Ubuntu 16.10 HOT 1
- Please sanitize the build system HOT 7
- Error when running cmake: extracting cvpixelbuffer archive failed HOT 6
- Build broken due to changes in PEGTL HOT 2
- Loading executable into qMedusa works but then nothing happens HOT 10
- Properties defined at build-time do not seem to be inherited by "modules" included via medusa.cmake HOT 1
- Error when linking libmedusa to libOGDF HOT 1
- Hash mismatch HOT 4
- gameboy cpu is an extended 8080, not z80 HOT 2
- Simple instruction to novices? HOT 2
- Show seems to be removed from database after switching to anime HOT 2
- Project status? HOT 5
- Z80 support
- Where to find sqlite3 cmake configuration? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from medusa.