1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
import sys
import pychrysalide
from pychrysalide.analysis.contents import FileContent
from pychrysalide.analysis import StudyProject
from pychrysalide.core import wait_for_all_global_works
if len(sys.argv) != 3:
print('Usage: %s <binary> <routine>' % sys.argv[0])
sys.exit(1)
# Load the provided binary
cnt = FileContent(sys.argv[1])
prj = StudyProject()
prj.discover(cnt)
wait_for_all_global_works()
if len(prj.contents) == 0:
print('Unable to load %s...' % sys.argv[1])
sys.exit(1)
binary = prj.contents[0]
routine = binary.format.find_symbol_by_label(sys.argv[2])
if routine is None:
print('%s not found!' % sys.argv[2])
sys.exit(1)
# Display links
types = [
'ILT_EXEC_FLOW',
'ILT_JUMP',
'ILT_CASE_JUMP',
'ILT_JUMP_IF_TRUE',
'ILT_JUMP_IF_FALSE',
'ILT_LOOP',
'ILT_CALL',
'ILT_CATCH_EXCEPTION',
'ILT_REF'
]
has_virt = binary.processor.virtual_space
for ins in binary.processor.instrs.restrict(routine.range):
if has_virt:
print('%x / %x - %s' % (ins.range.addr.phys, ins.range.addr.virt, ins.keyword))
else:
print('%x - %s' % (ins.range.addr.phys, ins.keyword))
for dst, tp in ins.destinations:
if has_virt:
print(' > %x / %x (%s)' % (dst.range.addr.phys, dst.range.addr.virt, types[tp]))
else:
print(' > %x (%s)' % (dst.range.addr.phys, types[tp]))
|
