README.md 1.8 KB
Newer Older
LE BON Camille's avatar
LE BON Camille committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Sorry
=====

Sorry is a framework for Dynamic Binary Analysis written in Rust and based on
the [ptrace](http://man7.org/linux/man-pages/man2/ptrace.2.html) system call.

Requirements
------------

Sorry uses some other crates :

+ [capstone](https://docs.rs/capstone/0.6.0/capstone/): `0.6`
+ [elf](https://docs.rs/elf/0.0.10/elf/): `0.0.10`
+ [log](https://docs.rs/log/0.4.6/log/): `0.4`
+ [nix](https://docs.rs/nix/0.13.0/nix/): `0.13`
+ [simplelog](https://docs.rs/simplelog/0.5.3/simplelog/): `0.5`

Example
-------

```rust
use nix::sys::signal::*;
use nix::sys::wait::*;

use sorry::*;
use sorry::buffer::Buffer;
LE BON Camille's avatar
LE BON Camille committed
27
use sorry::buffer::codecache::CodeCache;
LE BON Camille's avatar
LE BON Camille committed
28 29 30 31 32 33 34
use sorry::error::Error;

fn main() {
    let executable = "resources/no-pie".to_string();
    let args = vec![executable.clone()];

    let mut target = TargetProcess::new(executable, args);
LE BON Camille's avatar
LE BON Camille committed
35
    target.start().map( |_| () );
LE BON Camille's avatar
LE BON Camille committed
36

LE BON Camille's avatar
LE BON Camille committed
37
    target.get_controller()
LE BON Camille's avatar
LE BON Camille committed
38 39
        .set_breakpoint(0x401126, move |ctrl, _| ctrl.load_map_file() );

LE BON Camille's avatar
LE BON Camille committed
40 41 42
    target.get_controller().resume(false);
    target.wait(None);
    CodeCache::new(target.get_controller().clone(), 100);
LE BON Camille's avatar
LE BON Camille committed
43

LE BON Camille's avatar
LE BON Camille committed
44
    new_res.map( |mut cc| {
LE BON Camille's avatar
LE BON Camille committed
45 46 47 48 49 50 51 52 53
        // mov $42, %edi
        // mov $60, %rax
        // syscall
        let exit42 = &[
            0xbf, 0x2a, 0, 0, 0,
            0x48, 0xc7, 0xc0, 0x3c, 0, 0, 0,
            0x0f, 0x05
        ];

LE BON Camille's avatar
LE BON Camille committed
54
        cc.write(exit42, 0);
LE BON Camille's avatar
LE BON Camille committed
55

LE BON Camille's avatar
LE BON Camille committed
56
        target.controller_do( |ctrl| {
LE BON Camille's avatar
LE BON Camille committed
57 58 59 60 61 62 63 64 65 66 67 68 69
            let mut regs = ctrl.get_registers()?;
            regs.rax = cc.get_offset() as u64;

            ctrl.inject_abs_call(regs.rip)?;

            ctrl.set_registers(regs)?;
            ctrl.resume(false).or_else( |err| {
                let msg = format!("{:?}", err);
                Err(Error::CustomError(msg.to_string()))
            })?;
            Ok(())
        });

LE BON Camille's avatar
LE BON Camille committed
70
        target.wait(None);
LE BON Camille's avatar
LE BON Camille committed
71 72 73
    });
}
```