miasm2.analysis.sandbox.OS_Win Class Reference

Inheritance diagram for miasm2.analysis.sandbox.OS_Win:

Collaboration diagram for miasm2.analysis.sandbox.OS_Win:

Public Member Functions
def	__init__
def	update_parser

Public Attributes
	libs
	pe
	entry_point

Static Public Attributes
list	ALL_IMP_DLL

Detailed Description

Definition at line 152 of file sandbox.py.

Constructor & Destructor Documentation

def miasm2.analysis.sandbox.OS_Win.__init__	(		self,
			custom_methods,
			args,
			kwargs
	)

Definition at line 159 of file sandbox.py.

    def __init__(self, custom_methods, *args, **kwargs):
        from miasm2.jitter.loader.pe import vm_load_pe, vm_load_pe_libs, preload_pe, libimp_pe
        from miasm2.os_dep import win_api_x86_32
        methods = win_api_x86_32.__dict__
        methods.update(custom_methods)

        super(OS_Win, self).__init__(methods, *args, **kwargs)

        # Import manager
        libs = libimp_pe()
        self.libs = libs
        win_api_x86_32.winobjs.runtime_dll = libs

        # Load library
        if self.options.loadbasedll:
            all_pe = []

            # Load libs in memory
            all_pe = vm_load_pe_libs(self.jitter.vm, self.ALL_IMP_DLL, libs)

            # Patch libs imports
            for pe in all_pe.values():
                preload_pe(self.jitter.vm, pe, libs)

        # Load main pe
        with open(self.fname) as fstream:
            self.pe = vm_load_pe(self.jitter.vm, fstream.read())

        win_api_x86_32.winobjs.current_pe = self.pe

        # Fix pe imports
        preload_pe(self.jitter.vm, self.pe, libs)

        # Library calls handler
        self.jitter.add_lib_handler(libs, methods)

        # Manage SEH
        if self.options.use_seh:
            win_api_x86_32_seh.main_pe_name = self.fname
            win_api_x86_32_seh.main_pe = self.pe
            win_api_x86_32_seh.loaded_modules = self.ALL_IMP_DLL
            win_api_x86_32_seh.init_seh(self.jitter)
            win_api_x86_32_seh.set_win_fs_0(self.jitter)

        self.entry_point =  self.pe.rva2virt(self.pe.Opthdr.AddressOfEntryPoint)