lieanu/amoco_test.py

## amoco_test.py

import amoco
import amoco.system.raw
import amoco.system.core

def sym_exec_gadget_and_get_mapper(code, cpu):
    '''Taken from https://github.com/0vercl0k/stuffz/blob/master/look_for_gadgets_with_equations.py'''

    p = amoco.system.raw.RawExec(
        amoco.system.core.DataIO(code), cpu
    )

    try:
        blocks = list(amoco.lsweep(p).iterblocks())
    except:
        return None

    if len(blocks) == 0:
        return None

    mp = amoco.cas.mapper.mapper()
    for block in blocks:
        if block.instr[-1].mnemonic.lower() == 'call':
            p.cpu.i_RET(None, block.map)

        try:
            mp >>= block.map
        except Exception as e:
            pass

    return mp

if __name__ == "__main__":

    # pop rdi; ret --> "\x5f\xc3"
    print "-"*20, "AMD64", "-"*20
    print "Instr: ", "pop rdi; ret"
    import amoco.arch.x64.cpu_x64 as amd64_cpu
    cpu = amd64_cpu
    print sym_exec_gadget_and_get_mapper("\x5f\xc3", cpu)

    # pop eax; ret --> "\x58\xc3"
    print "-"*20, "I386", "-"*20
    print "Instr: ", "pop eax; ret"
    import amoco.arch.x86.cpu_x86 as i386_cpu
    cpu = i386_cpu
    print sym_exec_gadget_and_get_mapper("\x58\xc3", cpu)

    # pop rdi; ret --> "\x5f\xc3"
    print "-"*20, "AMD64 again", "-"*20
    print "Instr: ", "pop rdi; ret"
    import amoco.arch.x64.cpu_x64 as amd64_cpu
    cpu = amd64_cpu
    print sym_exec_gadget_and_get_mapper("\x5f\xc3", cpu)

	import amoco
	import amoco.system.raw
	import amoco.system.core

	def sym_exec_gadget_and_get_mapper(code, cpu):
	'''Taken from https://github.com/0vercl0k/stuffz/blob/master/look_for_gadgets_with_equations.py'''

	p = amoco.system.raw.RawExec(
	amoco.system.core.DataIO(code), cpu
	)

	try:
	blocks = list(amoco.lsweep(p).iterblocks())
	except:
	return None

	if len(blocks) == 0:
	return None

	mp = amoco.cas.mapper.mapper()
	for block in blocks:
	if block.instr[-1].mnemonic.lower() == 'call':
	p.cpu.i_RET(None, block.map)

	try:
	mp >>= block.map
	except Exception as e:
	pass

	return mp

	if __name__ == "__main__":

	# pop rdi; ret --> "\x5f\xc3"
	print "-"20, "AMD64", "-"20
	print "Instr: ", "pop rdi; ret"
	import amoco.arch.x64.cpu_x64 as amd64_cpu
	cpu = amd64_cpu
	print sym_exec_gadget_and_get_mapper("\x5f\xc3", cpu)

	# pop eax; ret --> "\x58\xc3"
	print "-"20, "I386", "-"20
	print "Instr: ", "pop eax; ret"
	import amoco.arch.x86.cpu_x86 as i386_cpu
	cpu = i386_cpu
	print sym_exec_gadget_and_get_mapper("\x58\xc3", cpu)

	# pop rdi; ret --> "\x5f\xc3"
	print "-"20, "AMD64 again", "-"20
	print "Instr: ", "pop rdi; ret"
	import amoco.arch.x64.cpu_x64 as amd64_cpu
	cpu = amd64_cpu
	print sym_exec_gadget_and_get_mapper("\x5f\xc3", cpu)