Giter Site home page Giter Site logo

yaxpeax-eval's Introduction

yaxpeax-eval

crate

yaxpeax-eval is the repo providing yaxeval, a tool to execute machine code with preconditions and report state at exit.

currently, yaxeval works by spawning a thread and executing the provided machine code on the local physical processor. there is some boring glue for architecture-dependent state setting and reporting. this means that yaxeval supports, or is close to supporting, whatever physical processor you would run it on.

i am interested in using qemu-user as an alternate execution backend for cross-platform emulation. yaxeval should be able to use qemu-user just the same for setup and reporting by using qemu's gdbserver.

usage

if you just want to build and use it, cargo install yaxpeax-eval should get you started. otherwise, clone this repo and a cargo build will work as well. yaxeval <x86 machine code> is a good starting point:

yaxpeax-eval> ./target/release/yaxeval b878563412
loaded code...
  00007f774b497000: mov eax, 0x12345678
  00007f774b497005: ๐Ÿ (int 0x3)
running...
  rax:   0000000000000000
   to -> 0000000012345678
  rip:   00007f774b497000
   to -> 00007f774b497006

initial register state is generally zeroes, with exception of rip, which by default points to whatever address an unrestricted mmap could find.

inital register values, including rip, can be specified explicitly:

yaxpeax-eval> ./target/release/yaxeval --regs rax=4,rcx=5,rip=0x123456789a,eflags=0x246 03c133c9
loaded code...
  000000123456789a: add eax, ecx
  000000123456789c: xor ecx, ecx
  000000123456789e: ๐Ÿ (int 0x3)
running...
  rax:   0000000000000004
   to -> 0000000000000009
  rcx:   0000000000000005
   to -> 0000000000000000
  rip:   000000123456789a
   to -> 000000123456789f

and if the provided code disastrously crashes, yaxeval will try to say a bit about what occurred:

yaxpeax-eval> ./target/release/yaxeval --regs rax=4,rcx=5,rip=0x123456789a,eflags=0x246 0000
loaded code...
  000000123456789a: add byte [rax], al
  000000123456789c: ๐Ÿ (int 0x3)
running...
  eflags:        00000246
   to ->         00010246
sigsegv at unexpected address: 000000123456789a

aspirations

  • accept some config to map memory regions other than the implicitly-initialized code region
  • machine-friendly input/output formats
  • mode to single-step through provided code?

yaxpeax-eval's People

Contributors

iximeow avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.