Add fake dll load

cea-sec · Nov 2, 2020 · ab14238 · ab14238
1 parent 86e3ad2
commit ab14238
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/miasm/analysis/sandbox.py b/miasm/analysis/sandbox.py
@@ -232,7 +232,10 @@ def init_loader(self, options):
             loader_start_address = int(options.loader_start_address, 0)
         else:
             loader_start_address = None
-        loader = LoaderWindows(self.jitter.vm, loader_start_address=loader_start_address)
+        loader = LoaderWindows(
+            self.jitter.vm, loader_start_address=loader_start_address,
+            fake_dll_load=options.fake_dll_load
+        )
         self.loader = loader
         winobjs.loader = loader
 
@@ -298,6 +301,12 @@ def update_parser(cls, parser):
         parser.add_argument(
             "-r", "--parse-resources", action="store_true", help="Load resources"
         )
+        parser.add_argument(
+            "-f",
+            "--fake-dll-load",
+            action="store_true",
+            help="Don't load dll real dll, create fake entries",
+        )
         parser.add_argument(
             "-i",
             "--dependencies",
@@ -365,7 +374,10 @@ def init_loader(self, options):
             loader_start_address = int(options.loader_start_address, 0)
         else:
             loader_start_address = None
-        loader = LoaderWindows(self.jitter.vm, apiset=apiset, loader_start_address=loader_start_address)
+        loader = LoaderWindows(
+            self.jitter.vm, apiset=apiset, loader_start_address=loader_start_address,
+            fake_dll_load=options.fake_dll_load
+        )
         self.loader = loader
         winobjs.loader = loader
 

diff --git a/miasm/jitter/loader/pe.py b/miasm/jitter/loader/pe.py
@@ -330,14 +330,15 @@ def vm2pe(myjit, fname, loader=None, e_orig=None,
 
 class LoaderWindows(Loader):
 
-    def __init__(self, vm, apiset=None, loader_start_address=None, *args, **kwargs):
+    def __init__(self, vm, apiset=None, loader_start_address=None, fake_dll_load=False, *args, **kwargs):
         super(LoaderWindows, self).__init__(vm, *args, **kwargs)
         self.library_path = ["win_dll", "./"]
         # dependency -> redirector
         self.created_redirected_imports = {}
         self.module_name_to_module = {}
         self.apiset = apiset
         self.loader_start_address = loader_start_address
+        self.fake_dll_load = fake_dll_load
 
     def lib_get_add_base(self, name):
         name = name.lower().strip(' ')
@@ -440,6 +441,9 @@ def find_module_path(self, module_name):
         Find the real path of module_name
         """
         module_name = module_name.lower()
+        if self.fake_dll_load:
+            self.fake_library_entry(module_name)
+            return None
         for path in self.library_path:
             fname = os.path.join(path, module_name)
             if os.access(fname, os.R_OK):