commial
commented
7 years ago Hi @vinatgit,
Sorry for the delay, I'm not quite sure to fully understand the question.
If you use the Sandbox objects (as example/jitter/sandbox_pe_x86_32.py), Miasm will parse the import table and fill it with dummy addresses. At these addresses, breakpoints will be set. When these breakpoints are reached, a function named "{DLL name}_{Function name}" is seek and called.
For instance, this is how GetProcAddress is simulated in example/jitter/unpack_upx.py. Some functions are already implemented, have a look at miasm2/os_dep.
So, basically, when you'll run a binary with Sandbox, you'll get an error saying that a function "DLL_function" is missing. You just have to implement it, using for instance helpers such as "get_args_stdcall/systemv/cdecl", etc.
For further precision, you can read http://www.miasm.re/blog/2016/02/12/dynamic_shellcode_analysis.html.
Hi. Is there a way to handle standard library calls made by a binary? I cannot seem to disassemble the function directly from miasm.