forked from eqv/indika
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
75 lines (62 loc) · 1.61 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package main
import (
"encoding/hex"
"fmt"
"github.com/ranmrdrakono/indika/blanket_emulator"
uc "github.com/unicorn-engine/unicorn/bindings/go/unicorn"
"strings"
)
var asm = strings.Join([]string{
"48c7c003000000", // mov rax, 3
//"0f05", // syscall
"bf03400000", // mov rdi, 0x4000
"ba04000000", // mov rdx, 4
"8b17", // mov rdx, [rdi]
"48ffc7", // inc rdi
"8b17", // mov rdx, [rdi]
"48ffc7", // inc rdi
"8b17", // mov rdx, [rdi]
}, "")
type fakeDisassembler struct{}
func (s *fakeDisassembler) GetBlocks(addr uint64, codepages map[uint64]([]byte)) map[blanket_emulator.BlockRange]bool {
res := make(map[blanket_emulator.BlockRange]bool)
for paddr, val := range codepages {
if paddr <= addr && paddr+uint64(len(val)) >= addr {
for byteaddr := addr; byteaddr < addr+uint64(len(val)); byteaddr += 1 {
res[blanket_emulator.BlockRange{From: byteaddr, To: byteaddr + 1}] = true
}
}
}
return res
}
func run() error {
code, err := hex.DecodeString(asm)
if err != nil {
return err
}
config := blanket_emulator.Config{
MaxTraceInstructionCount: 1000,
MaxTraceTime: 0,
MaxTracePages: 100,
Arch: uc.ARCH_X86,
Mode: uc.MODE_64,
Disassembler: &fakeDisassembler{},
}
mem := make(map[uint64]([]byte))
mem[0x1000] = code
em, err := blanket_emulator.NewEmulator(mem, config)
if err != nil {
return err
}
err = em.Run(0x1000)
if err != nil {
return err
}
fmt.Println("%v", em.GetHash(80))
return nil
}
func main() {
if err := run(); err != nil {
fmt.Println("%v", err)
}
}