preliminary x86_64 support

vdiscover/Event.py

@@ -50,18 +50,33 @@ def __init__(self, name, module):
   def __str__(self):
     return str(self.name)
 
-  def _detect_return_address(self):
-    addr = self.process.getreg("esp")
-    bytes = self.process.readBytes(addr, 4)
-    return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)
-    #return bytes2word(bytes)
+  #def _detect_return_address(self):
+  #  addr = self.process.getreg("esp")
+  #  bytes = self.process.readBytes(addr, 4)
+  #  return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)
+  #  #return bytes2word(bytes)
 
-  def _detect_parameter(self, ptype, offset):
+  def _detect_parameter_x86_64(self, ptype, index):
+
+    if index > 4:
+      return None   
+
+    reg = ["rdi","rsi","rdx","rcx","r8"][index]
+    val = self.process.getreg(reg)
+
+    #print "bs value", repr(bs), hex(bytes2word(bs))
+
+    return RefinePType(GetPtype(ptype),val, self.process, self.mm)
+
+
+
+
+  def _detect_parameter_x86(self, ptype, offset):
     addr = self.process.getStackPointer()+offset
     bs = self.process.readBytes(addr, 4)
 
-    if CPU_X86_64:
-      bs = bs + (4*'\00')
+    #if CPU_X86_64:
+    #  bs = bs + (4*'\00')
 
     #print "bs value", repr(bs), hex(bytes2word(bs))
 
@@ -79,9 +94,13 @@ def detect_parameters(self, process, mm):
     offset = 4
     #print self.mm
     #print self.name
-    for ctype in self.param_types:
+    for index,ctype in enumerate(self.param_types):
+
+      if CPU_X86_64:
+        (ptype, value) = self._detect_parameter_x86_64(ctype, index)
+      else:
+        (ptype, value) = self._detect_parameter_x86(ctype, offset)
 
-      (ptype, value) = self._detect_parameter(ctype, offset)
       self.param_values.append(value)
       self.param_ptypes.append(ptype)
       offset += ptype.getSize()

vdiscover/Process.py

@@ -69,9 +69,9 @@ def __init__(self, program, envs, timeout, included_mods = [], ignored_mods = []
         # Parse ELF
         self.elf = ELF(self.program, plt = False)
 
-        if self.elf.GetType() <> "ELF 32-bit":
-          print "Only ELF 32-bit are supported to be executed."
-          exit(-1)
+        #if self.elf.GetType() <> "ELF 32-bit":
+        #  print "Only ELF 32-bit are supported to be executed."
+        #  exit(-1)
 
         self.modules = dict()
 
@@ -86,10 +86,10 @@ def __init__(self, program, envs, timeout, included_mods = [], ignored_mods = []
     def setBreakpoints(self, elf):
       #print elf.GetFunctions()
       for func_name in elf.GetFunctions():
-        #print elf.GetModname(), hex(elf.FindFuncInPlt(func_name))
+        #print "func_name", elf.GetModname(), hex(elf.FindFuncInPlt(func_name))
 
         if func_name in specs:
-          #print elf.GetModname(), func_name, hex(elf.FindFuncInPlt(func_name))
+          #print "func_name in spec",elf.GetModname(), func_name, hex(elf.FindFuncInPlt(func_name))
           addr = elf.FindFuncInPlt(func_name)
           self.binfo[addr] = elf.GetModname(),func_name
           self.breakpoint(addr)