search

Ledger-Donjon / rainbow

Makes Unicorn traces. Generic Side-Channel and Fault Injection simulator
GNU Lesser General Public License v3.0
172 stars 34 forks source link

elfloader: load shared library and relocate #40

Open aiooss-ledger opened 2 years ago

aiooss-ledger commented 2 years ago

Users can already load dynamic ELF using Rainbow elfloader, but no shared library are loaded.

Maybe with some tweaks to the elfloader, we could allow users to load shared library like this:

from rainbow.generics import rainbow_x64

emu = rainbow_x64()
emu.load("main", typ=".elf", verbose=True)
emu.load("/lib/x86_64-linux-gnu/libc.so.6", typ=".elf", base_addr=0x10000, verbose=True)
emu.function_calls = True
emu.start(emu.functions["main"], 0, count=100)

This would be a "low-effort" way to easily instrument dynamic binaries without implementing a dynamic loader in Python. This would reduce the amount of functions to stub to make dynamic binaries work.

erdnaxe commented 1 year ago

Patch proposition: https://github.com/Ledger-Donjon/rainbow/pull/53