├── .flake8 ├── .isort.cfg ├── Auto_Dumper ├── GDBManager.py ├── ProcessManager.py ├── auto_dumper.py ├── procdump │ ├── Eula.txt │ ├── procdump.exe │ ├── procdump64.exe │ └── procdump64a.exe └── readme.md ├── CODEOWNERS ├── Forecast_Documentation ├── FAQs.md └── Step_by_Step.md ├── README.md ├── angr ├── .azure-pipelines │ ├── master.yml │ └── nightly.yml ├── .github │ └── ISSUE_TEMPLATE │ │ ├── bug_report.md │ │ ├── feature_request.md │ │ └── question.md ├── .gitignore ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── README.md ├── angr │ ├── __init__.py │ ├── analyses │ │ ├── __init__.py │ │ ├── analysis.py │ │ ├── backward_slice.py │ │ ├── binary_optimizer.py │ │ ├── bindiff.py │ │ ├── boyscout.py │ │ ├── callee_cleanup_finder.py │ │ ├── calling_convention.py │ │ ├── cdg.py │ │ ├── cfg │ │ │ ├── __init__.py │ │ │ ├── cfb.py │ │ │ ├── cfg.py │ │ │ ├── cfg_arch_options.py │ │ │ ├── cfg_base.py │ │ │ ├── cfg_emulated.py │ │ │ ├── cfg_fast.py │ │ │ ├── cfg_fast_soot.py │ │ │ ├── cfg_job_base.py │ │ │ ├── cfg_utils.py │ │ │ ├── indirect_jump_resolvers │ │ │ │ ├── __init__.py │ │ │ │ ├── amd64_elf_got.py │ │ │ │ ├── default_resolvers.py │ │ │ │ ├── jumptable.py │ │ │ │ ├── mips_elf_fast.py │ │ │ │ ├── resolver.py │ │ │ │ ├── x86_elf_pic_plt.py │ │ │ │ └── x86_pe_iat.py │ │ │ └── segment_list.py │ │ ├── code_location.py │ │ ├── code_tagging.py │ │ ├── complete_calling_conventions.py │ │ ├── congruency_check.py │ │ ├── datagraph_meta.py │ │ ├── ddg.py │ │ ├── decompiler │ │ │ ├── __init__.py │ │ │ ├── ailgraph_walker.py │ │ │ ├── clinic.py │ │ │ ├── condition_processor.py │ │ │ ├── decompilation_options.py │ │ │ ├── decompiler.py │ │ │ ├── empty_node_remover.py │ │ │ ├── graph_region.py │ │ │ ├── optimization_passes │ │ │ │ ├── __init__.py │ │ │ │ ├── base_ptr_save_simplifier.py │ │ │ │ ├── div_simplifier.py │ │ │ │ ├── eager_returns.py │ │ │ │ ├── engine_base.py │ │ │ │ ├── mod_simplifier.py │ │ │ │ ├── multi_simplifier.py │ │ │ │ ├── optimization_pass.py │ │ │ │ └── stack_canary_simplifier.py │ │ │ ├── region_identifier.py │ │ │ ├── region_simplifier.py │ │ │ ├── sequence_walker.py │ │ │ ├── structured_codegen.py │ │ │ ├── structurer.py │ │ │ ├── structurer_nodes.py │ │ │ └── utils.py │ │ ├── disassembly.py │ │ ├── disassembly_utils.py │ │ ├── dominance_frontier.py │ │ ├── example_flag_page │ │ ├── forward_analysis │ │ │ ├── __init__.py │ │ │ ├── forward_analysis.py │ │ │ ├── job_info.py │ │ │ └── visitors │ │ │ │ ├── __init__.py │ │ │ │ ├── call_graph.py │ │ │ │ ├── function_graph.py │ │ │ │ ├── graph.py │ │ │ │ ├── loop.py │ │ │ │ └── single_node_graph.py │ │ ├── girlscout.py │ │ ├── identifier │ │ │ ├── __init__.py │ │ │ ├── custom_callable.py │ │ │ ├── errors.py │ │ │ ├── func.py │ │ │ ├── functions │ │ │ │ ├── __init__.py │ │ │ │ ├── atoi.py │ │ │ │ ├── based_atoi.py │ │ │ │ ├── fdprintf.py │ │ │ │ ├── free.py │ │ │ │ ├── int2str.py │ │ │ │ ├── malloc.py │ │ │ │ ├── memcmp.py │ │ │ │ ├── memcpy.py │ │ │ │ ├── memset.py │ │ │ │ ├── printf.py │ │ │ │ ├── recv_until.py │ │ │ │ ├── skip_calloc.py │ │ │ │ ├── skip_realloc.py │ │ │ │ ├── skip_recv_n.py │ │ │ │ ├── snprintf.py │ │ │ │ ├── sprintf.py │ │ │ │ ├── strcasecmp.py │ │ │ │ ├── strcmp.py │ │ │ │ ├── strcpy.py │ │ │ │ ├── strlen.py │ │ │ │ ├── strncmp.py │ │ │ │ ├── strncpy.py │ │ │ │ └── strtol.py │ │ │ ├── identify.py │ │ │ └── runner.py │ │ ├── loop_analysis.py │ │ ├── loopfinder.py │ │ ├── propagator │ │ │ ├── __init__.py │ │ │ ├── engine_ail.py │ │ │ ├── engine_base.py │ │ │ ├── engine_vex.py │ │ │ ├── propagator.py │ │ │ ├── values.py │ │ │ └── vex_vars.py │ │ ├── reaching_definitions │ │ │ ├── __init__.py │ │ │ ├── atoms.py │ │ │ ├── constants.py │ │ │ ├── dataset.py │ │ │ ├── definition.py │ │ │ ├── dep_graph.py │ │ │ ├── engine_ail.py │ │ │ ├── engine_vex.py │ │ │ ├── external_codeloc.py │ │ │ ├── live_definitions.py │ │ │ ├── reaching_definitions.py │ │ │ ├── subject.py │ │ │ ├── undefined.py │ │ │ └── uses.py │ │ ├── reassembler.py │ │ ├── soot_class_hierarchy.py │ │ ├── stack_pointer_tracker.py │ │ ├── static_hooker.py │ │ ├── variable_recovery │ │ │ ├── __init__.py │ │ │ ├── annotations.py │ │ │ ├── variable_recovery.py │ │ │ ├── variable_recovery_base.py │ │ │ └── variable_recovery_fast.py │ │ ├── veritesting.py │ │ ├── vfg.py │ │ ├── vsa_ddg.py │ │ └── xrefs.py │ ├── angrdb │ │ ├── __init__.py │ │ ├── db.py │ │ ├── models.py │ │ └── serializers │ │ │ ├── __init__.py │ │ │ ├── cfg_model.py │ │ │ ├── comments.py │ │ │ ├── funcs.py │ │ │ ├── kb.py │ │ │ ├── labels.py │ │ │ ├── loader.py │ │ │ └── xrefs.py │ ├── annocfg.py │ ├── blade.py │ ├── block.py │ ├── callable.py │ ├── calling_conventions.py │ ├── codenode.py │ ├── concretization_strategies │ │ ├── __init__.py │ │ ├── any.py │ │ ├── controlled_data.py │ │ ├── eval.py │ │ ├── max.py │ │ ├── nonzero.py │ │ ├── nonzero_range.py │ │ ├── norepeats.py │ │ ├── norepeats_range.py │ │ ├── range.py │ │ ├── single.py │ │ └── solutions.py │ ├── distributed │ │ ├── __init__.py │ │ ├── server.py │ │ └── worker.py │ ├── engines │ │ ├── __init__.py │ │ ├── concrete.py │ │ ├── engine.py │ │ ├── failure.py │ │ ├── hook.py │ │ ├── light │ │ │ ├── __init__.py │ │ │ ├── data.py │ │ │ └── engine.py │ │ ├── procedure.py │ │ ├── soot │ │ │ ├── __init__.py │ │ │ ├── engine.py │ │ │ ├── exceptions.py │ │ │ ├── expressions │ │ │ │ ├── __init__.py │ │ │ │ ├── arrayref.py │ │ │ │ ├── base.py │ │ │ │ ├── binop.py │ │ │ │ ├── cast.py │ │ │ │ ├── condition.py │ │ │ │ ├── constants.py │ │ │ │ ├── instanceOf.py │ │ │ │ ├── instancefieldref.py │ │ │ │ ├── invoke.py │ │ │ │ ├── length.py │ │ │ │ ├── local.py │ │ │ │ ├── new.py │ │ │ │ ├── newArray.py │ │ │ │ ├── newMultiArray.py │ │ │ │ ├── paramref.py │ │ │ │ ├── phi.py │ │ │ │ ├── staticfieldref.py │ │ │ │ ├── thisref.py │ │ │ │ └── unsupported.py │ │ │ ├── field_dispatcher.py │ │ │ ├── method_dispatcher.py │ │ │ ├── statements │ │ │ │ ├── __init__.py │ │ │ │ ├── assign.py │ │ │ │ ├── base.py │ │ │ │ ├── goto.py │ │ │ │ ├── identity.py │ │ │ │ ├── if_.py │ │ │ │ ├── invoke.py │ │ │ │ ├── return_.py │ │ │ │ ├── switch.py │ │ │ │ └── throw.py │ │ │ └── values │ │ │ │ ├── __init__.py │ │ │ │ ├── arrayref.py │ │ │ │ ├── base.py │ │ │ │ ├── constants.py │ │ │ │ ├── instancefieldref.py │ │ │ │ ├── local.py │ │ │ │ ├── paramref.py │ │ │ │ ├── staticfieldref.py │ │ │ │ ├── strref.py │ │ │ │ └── thisref.py │ │ ├── successors.py │ │ ├── syscall.py │ │ ├── unicorn.py │ │ └── vex │ │ │ ├── __init__.py │ │ │ ├── claripy │ │ │ ├── __init__.py │ │ │ ├── ccall.py │ │ │ ├── datalayer.py │ │ │ └── irop.py │ │ │ ├── heavy │ │ │ ├── __init__.py │ │ │ ├── actions.py │ │ │ ├── dirty.py │ │ │ ├── heavy.py │ │ │ ├── inspect.py │ │ │ ├── resilience.py │ │ │ └── super_fastpath.py │ │ │ ├── lifter.py │ │ │ └── light │ │ │ ├── __init__.py │ │ │ ├── light.py │ │ │ ├── resilience.py │ │ │ └── slicing.py │ ├── errors.py │ ├── exploration_techniques │ │ ├── __init__.py │ │ ├── bucketizer.py │ │ ├── cacher.py │ │ ├── common.py │ │ ├── dfs.py │ │ ├── director.py │ │ ├── driller_core.py │ │ ├── explorer.py │ │ ├── lengthlimiter.py │ │ ├── loop_seer.py │ │ ├── manual_mergepoint.py │ │ ├── memory_watcher.py │ │ ├── oppologist.py │ │ ├── slicecutor.py │ │ ├── spiller.py │ │ ├── stochastic.py │ │ ├── symbion.py │ │ ├── tech_builder.py │ │ ├── threading.py │ │ ├── tracer.py │ │ ├── unique.py │ │ └── veritesting.py │ ├── factory.py │ ├── keyed_region.py │ ├── knowledge_base │ │ ├── __init__.py │ │ └── knowledge_base.py │ ├── knowledge_plugins │ │ ├── __init__.py │ │ ├── cfg │ │ │ ├── __init__.py │ │ │ ├── cfg_manager.py │ │ │ ├── cfg_model.py │ │ │ ├── cfg_node.py │ │ │ ├── indirect_jump.py │ │ │ └── memory_data.py │ │ ├── comments.py │ │ ├── data.py │ │ ├── functions │ │ │ ├── __init__.py │ │ │ ├── function.py │ │ │ ├── function_manager.py │ │ │ ├── function_parser.py │ │ │ └── soot_function.py │ │ ├── indirect_jumps.py │ │ ├── labels.py │ │ ├── patches.py │ │ ├── plugin.py │ │ ├── sync │ │ │ ├── __init__.py │ │ │ └── sync_manager.py │ │ ├── variables │ │ │ ├── __init__.py │ │ │ ├── variable_access.py │ │ │ └── variable_manager.py │ │ └── xrefs │ │ │ ├── __init__.py │ │ │ ├── xref.py │ │ │ ├── xref_manager.py │ │ │ └── xref_types.py │ ├── misc │ │ ├── __init__.py │ │ ├── autoimport.py │ │ ├── bug_report.py │ │ ├── hookset.py │ │ ├── loggers.py │ │ ├── plugins.py │ │ ├── range.py │ │ ├── testing.py │ │ ├── ux.py │ │ └── weakpatch.py │ ├── procedures │ │ ├── __init__.py │ │ ├── advapi32 │ │ │ └── __init__.py │ │ ├── cgc │ │ │ ├── __init__.py │ │ │ ├── _terminate.py │ │ │ ├── allocate.py │ │ │ ├── deallocate.py │ │ │ ├── fdwait.py │ │ │ ├── random.py │ │ │ ├── receive.py │ │ │ └── transmit.py │ │ ├── definitions │ │ │ ├── __init__.py │ │ │ ├── advapi32.py │ │ │ ├── cgc.py │ │ │ ├── glibc.py │ │ │ ├── kernel32.py │ │ │ ├── libstdcpp.py │ │ │ ├── linux_kernel.py │ │ │ ├── linux_loader.py │ │ │ ├── msvcr.py │ │ │ ├── ntdll.py │ │ │ ├── parse_syscalls_from_local_system.py │ │ │ └── user32.py │ │ ├── glibc │ │ │ ├── __ctype_b_loc.py │ │ │ ├── __ctype_tolower_loc.py │ │ │ ├── __ctype_toupper_loc.py │ │ │ ├── __errno_location.py │ │ │ ├── __init__.py │ │ │ ├── __libc_init.py │ │ │ ├── __libc_start_main.py │ │ │ ├── dynamic_loading.py │ │ │ ├── scanf.py │ │ │ └── sscanf.py │ │ ├── java │ │ │ ├── __init__.py │ │ │ └── unconstrained.py │ │ ├── java_io │ │ │ ├── __init__.py │ │ │ ├── read.py │ │ │ └── write.py │ │ ├── java_jni │ │ │ ├── __init__.py │ │ │ ├── array_operations.py │ │ │ ├── class_and_interface_operations.py │ │ │ ├── field_access.py │ │ │ ├── global_and_local_refs.py │ │ │ ├── method_calls.py │ │ │ ├── not_implemented.py │ │ │ ├── object_operations.py │ │ │ ├── string_operations.py │ │ │ └── version_information.py │ │ ├── java_lang │ │ │ ├── __init__.py │ │ │ ├── character.py │ │ │ ├── double.py │ │ │ ├── exit.py │ │ │ ├── getsimplename.py │ │ │ ├── integer.py │ │ │ ├── load_library.py │ │ │ ├── math.py │ │ │ ├── string.py │ │ │ ├── stringbuilder.py │ │ │ └── system.py │ │ ├── java_util │ │ │ ├── __init__.py │ │ │ ├── collection.py │ │ │ ├── iterator.py │ │ │ ├── list.py │ │ │ ├── map.py │ │ │ ├── random.py │ │ │ └── scanner_nextline.py │ │ ├── libc │ │ │ ├── __init__.py │ │ │ ├── abort.py │ │ │ ├── access.py │ │ │ ├── atoi.py │ │ │ ├── calloc.py │ │ │ ├── closelog.py │ │ │ ├── exit.py │ │ │ ├── fclose.py │ │ │ ├── feof.py │ │ │ ├── fflush.py │ │ │ ├── fgetc.py │ │ │ ├── fgets.py │ │ │ ├── fopen.py │ │ │ ├── fprintf.py │ │ │ ├── fputc.py │ │ │ ├── fputs.py │ │ │ ├── fread.py │ │ │ ├── free.py │ │ │ ├── fscanf.py │ │ │ ├── fseek.py │ │ │ ├── ftell.py │ │ │ ├── fwrite.py │ │ │ ├── getchar.py │ │ │ ├── getegid.py │ │ │ ├── geteuid.py │ │ │ ├── getgid.py │ │ │ ├── getuid.py │ │ │ ├── malloc.py │ │ │ ├── memcmp.py │ │ │ ├── memcpy.py │ │ │ ├── memset.py │ │ │ ├── openlog.py │ │ │ ├── perror.py │ │ │ ├── printf.py │ │ │ ├── putc.py │ │ │ ├── putchar.py │ │ │ ├── puts.py │ │ │ ├── rand.py │ │ │ ├── realloc.py │ │ │ ├── rewind.py │ │ │ ├── scanf.py │ │ │ ├── setvbuf.py │ │ │ ├── snprintf.py │ │ │ ├── sprintf.py │ │ │ ├── srand.py │ │ │ ├── sscanf.py │ │ │ ├── strcat.py │ │ │ ├── strchr.py │ │ │ ├── strcmp.py │ │ │ ├── strcpy.py │ │ │ ├── strlen.py │ │ │ ├── strncmp.py │ │ │ ├── strncpy.py │ │ │ ├── strstr.py │ │ │ ├── strtol.py │ │ │ ├── system.py │ │ │ ├── tmpnam.py │ │ │ ├── tolower.py │ │ │ ├── toupper.py │ │ │ ├── ungetc.py │ │ │ ├── vsnprintf.py │ │ │ └── wchar.py │ │ ├── libstdcpp │ │ │ ├── __init__.py │ │ │ ├── std____throw_length_error.py │ │ │ ├── std____throw_logic_error.py │ │ │ └── std__terminate.py │ │ ├── linux_kernel │ │ │ ├── __init__.py │ │ │ ├── arch_prctl.py │ │ │ ├── arm_user_helpers.py │ │ │ ├── brk.py │ │ │ ├── cwd.py │ │ │ ├── fstat.py │ │ │ ├── futex.py │ │ │ ├── getpid.py │ │ │ ├── getrlimit.py │ │ │ ├── gettid.py │ │ │ ├── iovec.py │ │ │ ├── lseek.py │ │ │ ├── mmap.py │ │ │ ├── mprotect.py │ │ │ ├── munmap.py │ │ │ ├── set_tid_address.py │ │ │ ├── sigaction.py │ │ │ ├── sigprocmask.py │ │ │ ├── stat.py │ │ │ ├── sysinfo.py │ │ │ ├── tgkill.py │ │ │ ├── time.py │ │ │ ├── uid.py │ │ │ ├── uname.py │ │ │ ├── unlink.py │ │ │ └── vsyscall.py │ │ ├── linux_loader │ │ │ ├── __init__.py │ │ │ ├── __tls_get_addr.py │ │ │ ├── _dl_initial_error_catch_tsd.py │ │ │ ├── _dl_rtld_lock.py │ │ │ └── sim_loader.py │ │ ├── msvcr │ │ │ ├── __getmainargs.py │ │ │ ├── __init__.py │ │ │ ├── _initterm.py │ │ │ └── fmode.py │ │ ├── ntdll │ │ │ ├── __init__.py │ │ │ └── exceptions.py │ │ ├── posix │ │ │ ├── __init__.py │ │ │ ├── accept.py │ │ │ ├── bind.py │ │ │ ├── bzero.py │ │ │ ├── close.py │ │ │ ├── closedir.py │ │ │ ├── dup.py │ │ │ ├── fcntl.py │ │ │ ├── fdopen.py │ │ │ ├── fileno.py │ │ │ ├── fork.py │ │ │ ├── gethostbyname.py │ │ │ ├── getpass.py │ │ │ ├── getsockopt.py │ │ │ ├── htonl.py │ │ │ ├── htons.py │ │ │ ├── inet_ntoa.py │ │ │ ├── listen.py │ │ │ ├── mmap.py │ │ │ ├── open.py │ │ │ ├── opendir.py │ │ │ ├── pread64.py │ │ │ ├── pthread.py │ │ │ ├── pwrite64.py │ │ │ ├── read.py │ │ │ ├── readdir.py │ │ │ ├── recv.py │ │ │ ├── recvfrom.py │ │ │ ├── select.py │ │ │ ├── send.py │ │ │ ├── setsockopt.py │ │ │ ├── sigaction.py │ │ │ ├── sim_time.py │ │ │ ├── sleep.py │ │ │ ├── socket.py │ │ │ ├── strcasecmp.py │ │ │ ├── strdup.py │ │ │ ├── strtok_r.py │ │ │ ├── syslog.py │ │ │ ├── unlink.py │ │ │ ├── usleep.py │ │ │ └── write.py │ │ ├── procedure_dict.py │ │ ├── stubs │ │ │ ├── CallReturn.py │ │ │ ├── NoReturnUnconstrained.py │ │ │ ├── Nop.py │ │ │ ├── PathTerminator.py │ │ │ ├── Redirect.py │ │ │ ├── ReturnChar.py │ │ │ ├── ReturnUnconstrained.py │ │ │ ├── UnresolvableCallTarget.py │ │ │ ├── UnresolvableJumpTarget.py │ │ │ ├── UserHook.py │ │ │ ├── __init__.py │ │ │ ├── b64_decode.py │ │ │ ├── caller.py │ │ │ ├── crazy_scanf.py │ │ │ ├── format_parser.py │ │ │ └── syscall_stub.py │ │ ├── testing │ │ │ ├── __init__.py │ │ │ ├── manyargs.py │ │ │ └── retreg.py │ │ ├── tracer │ │ │ ├── __init__.py │ │ │ ├── random.py │ │ │ ├── receive.py │ │ │ └── transmit.py │ │ ├── uclibc │ │ │ ├── __init__.py │ │ │ └── __uClibc_main.py │ │ ├── win32 │ │ │ ├── EncodePointer.py │ │ │ ├── ExitProcess.py │ │ │ ├── GetCommandLine.py │ │ │ ├── GetCurrentProcessId.py │ │ │ ├── GetCurrentThreadId.py │ │ │ ├── GetLastInputInfo.py │ │ │ ├── GetModuleHandle.py │ │ │ ├── GetProcessAffinityMask.py │ │ │ ├── InterlockedExchange.py │ │ │ ├── IsProcessorFeaturePresent.py │ │ │ ├── VirtualAlloc.py │ │ │ ├── VirtualProtect.py │ │ │ ├── __init__.py │ │ │ ├── critical_section.py │ │ │ ├── dynamic_loading.py │ │ │ ├── file_handles.py │ │ │ ├── gethostbyname.py │ │ │ ├── heap.py │ │ │ ├── is_bad_ptr.py │ │ │ ├── local_storage.py │ │ │ ├── mutex.py │ │ │ ├── sim_time.py │ │ │ └── system_paths.py │ │ └── win_user32 │ │ │ ├── __init__.py │ │ │ ├── chars.py │ │ │ ├── keyboard.py │ │ │ └── messagebox.py │ ├── project.py │ ├── protos │ │ ├── __init__.py │ │ ├── cfg.proto │ │ ├── cfg_pb2.py │ │ ├── function.proto │ │ ├── function_pb2.py │ │ ├── primitives.proto │ │ ├── primitives_pb2.py │ │ ├── xrefs.proto │ │ └── xrefs_pb2.py │ ├── serializable.py │ ├── service.py │ ├── sim_manager.py │ ├── sim_options.py │ ├── sim_procedure.py │ ├── sim_state.py │ ├── sim_state_options.py │ ├── sim_type.py │ ├── sim_variable.py │ ├── simos │ │ ├── __init__.py │ │ ├── cgc.py │ │ ├── javavm.py │ │ ├── linux.py │ │ ├── simos.py │ │ ├── userland.py │ │ └── windows.py │ ├── slicer.py │ ├── state_hierarchy.py │ ├── state_plugins │ │ ├── __init__.py │ │ ├── abstract_memory.py │ │ ├── callstack.py │ │ ├── cgc.py │ │ ├── concrete.py │ │ ├── fast_memory.py │ │ ├── filesystem.py │ │ ├── gdb.py │ │ ├── globals.py │ │ ├── heap │ │ │ ├── __init__.py │ │ │ ├── heap_base.py │ │ │ ├── heap_brk.py │ │ │ ├── heap_freelist.py │ │ │ ├── heap_libc.py │ │ │ ├── heap_ptmalloc.py │ │ │ └── utils.py │ │ ├── history.py │ │ ├── inspect.py │ │ ├── javavm_classloader.py │ │ ├── javavm_memory.py │ │ ├── jni_references.py │ │ ├── keyvalue_memory.py │ │ ├── libc.py │ │ ├── light_registers.py │ │ ├── log.py │ │ ├── loop_data.py │ │ ├── plugin.py │ │ ├── posix.py │ │ ├── preconstrainer.py │ │ ├── scratch.py │ │ ├── sim_action.py │ │ ├── sim_action_object.py │ │ ├── sim_event.py │ │ ├── solver.py │ │ ├── symbolic_memory.py │ │ ├── symbolizer.py │ │ ├── trace_additions.py │ │ ├── uc_manager.py │ │ ├── unicorn_engine.py │ │ └── view.py │ ├── storage │ │ ├── __init__.py │ │ ├── file.py │ │ ├── kvstore.py │ │ ├── memory.py │ │ ├── memory_object.py │ │ ├── paged_memory.py │ │ └── pcap.py │ ├── tablespecs.py │ ├── type_backend.py │ ├── utils │ │ ├── __init__.py │ │ ├── constants.py │ │ ├── enums_conv.py │ │ ├── graph.py │ │ ├── library.py │ │ └── timing.py │ └── vaults.py ├── native │ ├── Makefile │ ├── Makefile-win │ ├── angr_native.def │ ├── log.c │ ├── log.h │ └── sim_unicorn.cpp ├── setup.py └── tests │ ├── README.md │ ├── broken_find_avoid_conflict.py │ ├── broken_girlscout.py │ ├── broken_loop.py │ ├── broken_never.py │ ├── broken_orwc.py │ ├── broken_pickle.py │ ├── broken_simcc.py │ ├── broken_sleak.py │ ├── broken_switch.py │ ├── broken_variableseekr.py │ ├── common.py │ ├── manual_explosion.py │ ├── manual_performance.py │ ├── manual_real_firmware.py │ ├── perf_concrete_execution.py │ ├── perf_unicorn.py │ ├── reachingdefinitions_results │ └── x86_64 │ │ ├── all_definitions.pickle │ │ ├── all_visited_blocks.pickle │ │ ├── fauxware_definitions.pickle │ │ ├── fauxware_visited_blocks.pickle │ │ ├── loop_definitions.pickle │ │ └── loop_visited_blocks.pickle │ ├── test_0div.py │ ├── test_accuracy.py │ ├── test_actions.py │ ├── test_adc.py │ ├── test_argc.py │ ├── test_argc_sym.py │ ├── test_argv.py │ ├── test_baseptr_save_simplifier.py │ ├── test_bindiff.py │ ├── test_block_cache.py │ ├── test_boyscout.py │ ├── test_cacher.py │ ├── test_callable.py │ ├── test_calling_convention_analysis.py │ ├── test_callstack.py │ ├── test_cc.py │ ├── test_cdg.py │ ├── test_cfg_clflush.py │ ├── test_cfg_get_any_node.py │ ├── test_cfg_manager.py │ ├── test_cfg_thumb_firmware.py │ ├── test_cfg_vex_postprocessor.py │ ├── test_cfgemulated.py │ ├── test_cfgfast.py │ ├── test_cfgfast_soot.py │ ├── test_checkbyte.py │ ├── test_clinic.py │ ├── test_codetagging.py │ ├── test_constantpropagation.py │ ├── test_ctype_locale.py │ ├── test_db.py │ ├── test_ddg.py │ ├── test_ddg_global_var_dependencies.py │ ├── test_ddg_memvar_addresses.py │ ├── test_decompiler.py │ ├── test_dep_graph.py │ ├── test_director.py │ ├── test_driller_core.py │ ├── test_echo.py │ ├── test_fauxware.py │ ├── test_file_struct_funcs.py │ ├── test_files.py │ ├── test_function.py │ ├── test_function_manager.py │ ├── test_gdb_plugin.py │ ├── test_hook.py │ ├── test_hookset.py │ ├── test_iat_resolver.py │ ├── test_identifier.py │ ├── test_inspect.py │ ├── test_java.py │ ├── test_jumptables.py │ ├── test_kb_plugins.py │ ├── test_keystone.py │ ├── test_lifter.py │ ├── test_loop_seer.py │ ├── test_lseek.py │ ├── test_mem_funcs.py │ ├── test_memory.py │ ├── test_memory_watcher.py │ ├── test_memview.py │ ├── test_mmap.py │ ├── test_multi_open_file.py │ ├── test_oppologist.py │ ├── test_ops.py │ ├── test_permissions.py │ ├── test_pickle.py │ ├── test_posix.py │ ├── test_project_resolve_simproc.py │ ├── test_prototypes.py │ ├── test_ptmalloc.py │ ├── test_pwrite_pread.py │ ├── test_rcr.py │ ├── test_reachingdefinitions.py │ ├── test_reassembler.py │ ├── test_regionidentifier.py │ ├── test_regression_memcmp_definite_size.py │ ├── test_rol.py │ ├── test_scanf.py │ ├── test_self_modifying_code.py │ ├── test_serialization.py │ ├── test_signed_div.py │ ├── test_sim_procedure.py │ ├── test_sim_time.py │ ├── test_simple_api.py │ ├── test_simulation_manager.py │ ├── test_slicing.py │ ├── test_spiller.py │ ├── test_sprintf.py │ ├── test_sscanf.py │ ├── test_stack_alignment.py │ ├── test_stack_pointer_tracker.py │ ├── test_state.py │ ├── test_state_customization.py │ ├── test_static_hooker.py │ ├── test_stochastic.py │ ├── test_str_funcs.py │ ├── test_strcasecmp.py │ ├── test_string.py │ ├── test_strtol.py │ ├── test_structurer.py │ ├── test_subject.py │ ├── test_symbolic.py │ ├── test_symbolization.py │ ├── test_syscall_override.py │ ├── test_tech_builder.py │ ├── test_tracer.py │ ├── test_types.py │ ├── test_unicorn.py │ ├── test_unique.py │ ├── test_unlink.py │ ├── test_unsupported.py │ ├── test_variable_registration.py │ ├── test_variablerecovery.py │ ├── test_vault.py │ ├── test_veritesting.py │ ├── test_vex.py │ ├── test_vfg.py │ ├── test_windows_args.py │ ├── test_windows_stack_cookie.py │ └── test_xrefs.py ├── cle ├── .azure-pipelines │ ├── master.yml │ └── nightly.yml ├── LICENSE ├── MANIFEST.in ├── README.md ├── README_MACHO.md ├── cle │ ├── __init__.py │ ├── address_translator.py │ ├── backends │ │ ├── __init__.py │ │ ├── binja.py │ │ ├── blob.py │ │ ├── cgc │ │ │ ├── __init__.py │ │ │ ├── backedcgc.py │ │ │ └── cgc.py │ │ ├── elf │ │ │ ├── __init__.py │ │ │ ├── elf.py │ │ │ ├── elfcore.py │ │ │ ├── hashtable.py │ │ │ ├── metaelf.py │ │ │ ├── regions.py │ │ │ ├── relocation │ │ │ │ ├── __init__.py │ │ │ │ ├── amd64.py │ │ │ │ ├── arm.py │ │ │ │ ├── arm64.py │ │ │ │ ├── arm_cortex_m.py │ │ │ │ ├── armel.py │ │ │ │ ├── armhf.py │ │ │ │ ├── elfreloc.py │ │ │ │ ├── generic.py │ │ │ │ ├── i386.py │ │ │ │ ├── mips.py │ │ │ │ ├── mips64.py │ │ │ │ ├── pcc64.py │ │ │ │ ├── ppc.py │ │ │ │ └── s390x.py │ │ │ ├── symbol.py │ │ │ └── symbol_type.py │ │ ├── externs │ │ │ ├── __init__.py │ │ │ └── simdata │ │ │ │ ├── __init__.py │ │ │ │ ├── common.py │ │ │ │ ├── glibc_startup.py │ │ │ │ └── io_file.py │ │ ├── ihex.py │ │ ├── java │ │ │ ├── __init__.py │ │ │ ├── apk.py │ │ │ ├── jar.py │ │ │ └── soot.py │ │ ├── macho │ │ │ ├── README.md │ │ │ ├── __init__.py │ │ │ ├── binding.py │ │ │ ├── macho.py │ │ │ ├── section.py │ │ │ ├── segment.py │ │ │ └── symbol.py │ │ ├── minidump │ │ │ └── __init__.py │ │ ├── named_region.py │ │ ├── pe │ │ │ ├── __init__.py │ │ │ ├── pe.py │ │ │ ├── regions.py │ │ │ ├── relocation │ │ │ │ ├── __init__.py │ │ │ │ ├── amd64.py │ │ │ │ ├── arm.py │ │ │ │ ├── generic.py │ │ │ │ ├── i386.py │ │ │ │ ├── mips.py │ │ │ │ ├── pereloc.py │ │ │ │ └── riscv.py │ │ │ └── symbol.py │ │ ├── region.py │ │ ├── regions.py │ │ ├── relocation.py │ │ ├── static_archive.py │ │ ├── symbol.py │ │ ├── tls │ │ │ ├── __init__.py │ │ │ ├── elf_tls.py │ │ │ ├── elfcore_tls.py │ │ │ ├── minidump_tls.py │ │ │ └── pe_tls.py │ │ └── xbe.py │ ├── errors.py │ ├── gdb.py │ ├── loader.py │ ├── memory.py │ ├── patched_stream.py │ └── utils.py ├── setup.py └── tests │ ├── test_address_translator.py │ ├── test_arm_firmware.py │ ├── test_blob.py │ ├── test_clemory.py │ ├── test_compiler_detection.py │ ├── test_gdb.py │ ├── test_got.py │ ├── test_hex.py │ ├── test_macho.py │ ├── test_macho_bindinghelper.py │ ├── test_minidump.py │ ├── test_namedregion.py │ ├── test_overlap.py │ ├── test_patched_stream.py │ ├── test_pe.py │ ├── test_plt.py │ ├── test_ppc64_initial_rtoc.py │ ├── test_ppc_relocations.py │ ├── test_preload.py │ ├── test_regions.py │ ├── test_relocated.py │ ├── test_runpath.py │ ├── test_simdata.py │ ├── test_stream.py │ └── test_xbe.py ├── forsee ├── explorer.py ├── function_resolvers │ ├── __init__.py │ ├── elf_resolver.py │ ├── pe_resolver.py │ └── resolver_base.py ├── plugin_manager.py ├── plugins │ ├── __init__.py │ ├── anti_analysis_detection.py │ ├── call_analysis.py │ ├── cc_domain_detection.py │ ├── code_injection_detection.py │ ├── disassembly.py │ ├── dropper.py │ ├── external_cnc.py │ ├── extract_string.py │ ├── file_exfiltration_detection.py │ ├── flag_finder.py │ ├── key_spying.py │ ├── persistence.py │ ├── plugin_base.py │ ├── procedure_analysis.py │ └── screen_spying.py ├── project │ ├── __init__.py │ ├── binary.py │ ├── forsee_project.py │ ├── minidump.py │ └── segmented.py └── techniques │ ├── __init__.py │ ├── degree_of_concreteness.py │ ├── loop_limiter.py │ └── procedure_handler │ ├── __init__.py │ ├── procedure_handler.py │ └── special_sim_procedures.py ├── pytest.ini ├── run_forsee.py ├── sample_dumps ├── linux_toy_malware │ ├── final_malware_capture │ │ ├── gen-input-got-attack │ │ ├── gen-input-got-attack.c │ │ ├── got-attack │ │ ├── got-attack.c │ │ ├── got_attack_1 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x10000-0x11000-r-xpphy.dmp │ │ │ ├── 0x20000-0x21000-rw-p.dmp │ │ │ ├── 0x20000-0x21000-rw-pphy.dmp │ │ │ ├── 0x21000-0x42000-rw-p.dmp │ │ │ ├── 0x21000-0x42000-rw-pphy.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xp.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xpphy.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--p.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--pphy.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-p.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-pphy.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-p.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-pphy.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xp.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xpphy.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-p.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-pphy.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xp.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xpphy.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--p.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--pphy.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-p.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-pphy.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-p.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-pphy.dmp │ │ │ └── registers.txt │ │ ├── got_attack_2 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x10000-0x11000-r-xpphy.dmp │ │ │ ├── 0x20000-0x21000-rw-p.dmp │ │ │ ├── 0x20000-0x21000-rw-pphy.dmp │ │ │ ├── 0x21000-0x42000-rw-p.dmp │ │ │ ├── 0x21000-0x42000-rw-pphy.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xp.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xpphy.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--p.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--pphy.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-p.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-pphy.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-p.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-pphy.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xp.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xpphy.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-p.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-pphy.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xp.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xpphy.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--p.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--pphy.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-p.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-pphy.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-p.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-pphy.dmp │ │ │ └── registers.txt │ │ ├── memcap.log │ │ ├── memorycapture │ │ ├── timebomb │ │ ├── timebomb.c │ │ ├── timebomb_1 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x10000-0x11000-r-xpphy.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x20000-0x21000-r--pphy.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x21000-0x22000-rw-pphy.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xp.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xpphy.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--p.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--pphy.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-p.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-pphy.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-p.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-pphy.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xp.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xpphy.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-p.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-pphy.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xp.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xpphy.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--p.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--pphy.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-p.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-pphy.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-p.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-pphy.dmp │ │ │ └── registers.txt │ │ └── timebomb_2 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x10000-0x11000-r-xpphy.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x20000-0x21000-r--pphy.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x21000-0x22000-rw-pphy.dmp │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ ├── 0x22000-0x43000-rw-pphy.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xp.dmp │ │ │ ├── 0xb6e92000-0xb6fb9000-r-xpphy.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--p.dmp │ │ │ ├── 0xb6fc8000-0xb6fca000-r--pphy.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-p.dmp │ │ │ ├── 0xb6fca000-0xb6fcb000-rw-pphy.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-p.dmp │ │ │ ├── 0xb6fcb000-0xb6fce000-rw-pphy.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xp.dmp │ │ │ ├── 0xb6fce000-0xb6fef000-r-xpphy.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-p.dmp │ │ │ ├── 0xb6ffb000-0xb6ffd000-rw-pphy.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xp.dmp │ │ │ ├── 0xb6ffd000-0xb6ffe000-r-xpphy.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--p.dmp │ │ │ ├── 0xb6ffe000-0xb6fff000-r--pphy.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-p.dmp │ │ │ ├── 0xb6fff000-0xb7000000-rw-pphy.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-p.dmp │ │ │ ├── 0xbefdf000-0xbf000000-rw-pphy.dmp │ │ │ └── registers.txt │ ├── hw_dumps │ │ ├── heartrate │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ ├── 0xb6e6d000-0xb6f94000-r-xp.dmp │ │ │ ├── 0xb6fa3000-0xb6fa5000-r--p.dmp │ │ │ ├── 0xb6fa5000-0xb6fa6000-rw-p.dmp │ │ │ ├── 0xb6fa6000-0xb6fa9000-rw-p.dmp │ │ │ ├── 0xb6fa9000-0xb6fca000-r-xp.dmp │ │ │ ├── 0xb6fd7000-0xb6fd9000-rw-p.dmp │ │ │ ├── 0xb6fd9000-0xb6fda000-r--p.dmp │ │ │ ├── 0xb6fda000-0xb6fdb000-rw-p.dmp │ │ │ ├── 0xbebb6000-0xbebd7000-rw-p.dmp │ │ │ ├── 0xbecb8000-0xbecb9000-r-xp.dmp │ │ │ ├── heartrate │ │ │ ├── heartrate.c │ │ │ └── memcap.log │ │ ├── malware_sequential │ │ │ ├── beginning │ │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ │ ├── 0xb6e8a000-0xb6fb1000-r-xp.dmp │ │ │ │ ├── 0xb6fc0000-0xb6fc2000-r--p.dmp │ │ │ │ ├── 0xb6fc2000-0xb6fc3000-rw-p.dmp │ │ │ │ ├── 0xb6fc3000-0xb6fc6000-rw-p.dmp │ │ │ │ ├── 0xb6fc6000-0xb6fe7000-r-xp.dmp │ │ │ │ ├── 0xb6ff4000-0xb6ff6000-rw-p.dmp │ │ │ │ ├── 0xb6ff6000-0xb6ff7000-r--p.dmp │ │ │ │ ├── 0xb6ff7000-0xb6ff8000-rw-p.dmp │ │ │ │ ├── 0xbef2e000-0xbef4f000-rw-p.dmp │ │ │ │ ├── 0xbef96000-0xbef97000-r-xp.dmp │ │ │ │ ├── memcap.log │ │ │ │ ├── mysamplemalware_beginning │ │ │ │ └── mysamplemalware_beginning.c │ │ │ ├── interesting │ │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ │ ├── 0xb6df0000-0xb6f17000-r-xp.dmp │ │ │ │ ├── 0xb6f26000-0xb6f28000-r--p.dmp │ │ │ │ ├── 0xb6f28000-0xb6f29000-rw-p.dmp │ │ │ │ ├── 0xb6f29000-0xb6f2c000-rw-p.dmp │ │ │ │ ├── 0xb6f2c000-0xb6f4d000-r-xp.dmp │ │ │ │ ├── 0xb6f5a000-0xb6f5c000-rw-p.dmp │ │ │ │ ├── 0xb6f5c000-0xb6f5d000-r--p.dmp │ │ │ │ ├── 0xb6f5d000-0xb6f5e000-rw-p.dmp │ │ │ │ ├── 0xbef39000-0xbef5a000-rw-p.dmp │ │ │ │ ├── 0xbef91000-0xbef92000-r-xp.dmp │ │ │ │ ├── memcap.log │ │ │ │ ├── mysamplemalware_interesting │ │ │ │ └── mysamplemalware_interesting.c │ │ │ └── standard │ │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ │ ├── 0xb6df0000-0xb6f17000-r-xp.dmp │ │ │ │ ├── 0xb6e6e000-0xb6f95000-r-xp.dmp │ │ │ │ ├── 0xb6f26000-0xb6f28000-r--p.dmp │ │ │ │ ├── 0xb6f28000-0xb6f29000-rw-p.dmp │ │ │ │ ├── 0xb6f29000-0xb6f2c000-rw-p.dmp │ │ │ │ ├── 0xb6f2c000-0xb6f4d000-r-xp.dmp │ │ │ │ ├── 0xb6f5a000-0xb6f5c000-rw-p.dmp │ │ │ │ ├── 0xb6f5c000-0xb6f5d000-r--p.dmp │ │ │ │ ├── 0xb6f5d000-0xb6f5e000-rw-p.dmp │ │ │ │ ├── 0xb6fa4000-0xb6fa6000-r--p.dmp │ │ │ │ ├── 0xb6fa6000-0xb6fa7000-rw-p.dmp │ │ │ │ ├── 0xb6fa7000-0xb6faa000-rw-p.dmp │ │ │ │ ├── 0xb6faa000-0xb6fcb000-r-xp.dmp │ │ │ │ ├── 0xb6fd8000-0xb6fda000-rw-p.dmp │ │ │ │ ├── 0xb6fda000-0xb6fdb000-r--p.dmp │ │ │ │ ├── 0xb6fdb000-0xb6fdc000-rw-p.dmp │ │ │ │ ├── 0xbeaf4000-0xbeb15000-rw-p.dmp │ │ │ │ ├── 0xbeb08000-0xbeb29000-rw-p.dmp │ │ │ │ ├── 0xbebd4000-0xbebd5000-r-xp.dmp │ │ │ │ ├── 0xbed43000-0xbed44000-r-xp.dmp │ │ │ │ ├── memcap.log │ │ │ │ ├── mysamplemalware_standard │ │ │ │ └── mysamplemalware_standard.c │ │ └── mysamplemalware │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ ├── 0xb6e7b000-0xb6fa2000-r-xp.dmp │ │ │ ├── 0xb6fb1000-0xb6fb3000-r--p.dmp │ │ │ ├── 0xb6fb3000-0xb6fb4000-rw-p.dmp │ │ │ ├── 0xb6fb4000-0xb6fb7000-rw-p.dmp │ │ │ ├── 0xb6fb7000-0xb6fd8000-r-xp.dmp │ │ │ ├── 0xb6fe5000-0xb6fe7000-rw-p.dmp │ │ │ ├── 0xb6fe7000-0xb6fe8000-r--p.dmp │ │ │ ├── 0xb6fe8000-0xb6fe9000-rw-p.dmp │ │ │ ├── 0xbefae000-0xbefcf000-rw-p.dmp │ │ │ ├── 0xbefd9000-0xbefda000-r-xp.dmp │ │ │ ├── memcap.log │ │ │ ├── mysamplemalware │ │ │ └── mysamplemalware.c │ ├── new_capture │ │ ├── 1 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0xb6e13000-0xb6f3a000-r-xp.dmp │ │ │ ├── 0xb6f49000-0xb6f4b000-r--p.dmp │ │ │ ├── 0xb6f4b000-0xb6f4c000-rw-p.dmp │ │ │ ├── 0xb6f4c000-0xb6f4f000-rw-p.dmp │ │ │ ├── 0xb6f4f000-0xb6f70000-r-xp.dmp │ │ │ ├── 0xb6f7d000-0xb6f7f000-rw-p.dmp │ │ │ ├── 0xb6f7f000-0xb6f80000-r--p.dmp │ │ │ ├── 0xb6f80000-0xb6f81000-rw-p.dmp │ │ │ ├── 0xbed54000-0xbed75000-rw-p.dmp │ │ │ ├── 0xbef38000-0xbef39000-r-xp.dmp │ │ │ └── memcap.log │ │ ├── 2 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ ├── 0xb6e13000-0xb6f3a000-r-xp.dmp │ │ │ ├── 0xb6f49000-0xb6f4b000-r--p.dmp │ │ │ ├── 0xb6f4b000-0xb6f4c000-rw-p.dmp │ │ │ ├── 0xb6f4c000-0xb6f4f000-rw-p.dmp │ │ │ ├── 0xb6f4f000-0xb6f70000-r-xp.dmp │ │ │ ├── 0xb6f7d000-0xb6f7f000-rw-p.dmp │ │ │ ├── 0xb6f7f000-0xb6f80000-r--p.dmp │ │ │ ├── 0xb6f80000-0xb6f81000-rw-p.dmp │ │ │ ├── 0xbed54000-0xbed75000-rw-p.dmp │ │ │ ├── 0xbef38000-0xbef39000-r-xp.dmp │ │ │ └── memcap.log │ │ ├── 3 │ │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ │ ├── 0x20000-0x21000-r--p.dmp │ │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ │ ├── 0xb6e13000-0xb6f3a000-r-xp.dmp │ │ │ ├── 0xb6f49000-0xb6f4b000-r--p.dmp │ │ │ ├── 0xb6f4b000-0xb6f4c000-rw-p.dmp │ │ │ ├── 0xb6f4c000-0xb6f4f000-rw-p.dmp │ │ │ ├── 0xb6f4f000-0xb6f70000-r-xp.dmp │ │ │ ├── 0xb6f7d000-0xb6f7f000-rw-p.dmp │ │ │ ├── 0xb6f7f000-0xb6f80000-r--p.dmp │ │ │ ├── 0xb6f80000-0xb6f81000-rw-p.dmp │ │ │ ├── 0xbed54000-0xbed75000-rw-p.dmp │ │ │ ├── 0xbef38000-0xbef39000-r-xp.dmp │ │ │ └── memcap.log │ │ ├── memcap.log │ │ ├── mysamplemalware │ │ └── mysamplemalware.c │ └── qemu_dumps │ │ ├── heartrate │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ ├── 0x20000-0x21000-r--p.dmp │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ ├── 0xb6dfb000-0xb6f22000-r-xp.dmp │ │ ├── 0xb6f31000-0xb6f33000-r--p.dmp │ │ ├── 0xb6f33000-0xb6f34000-rw-p.dmp │ │ ├── 0xb6f34000-0xb6f37000-rw-p.dmp │ │ ├── 0xb6f37000-0xb6f58000-r-xp.dmp │ │ ├── 0xb6f65000-0xb6f67000-rw-p.dmp │ │ ├── 0xb6f67000-0xb6f68000-r--p.dmp │ │ ├── 0xb6f68000-0xb6f69000-rw-p.dmp │ │ ├── 0xbeb6d000-0xbeb8e000-rw-p.dmp │ │ ├── 0xbee1f000-0xbee20000-r-xp.dmp │ │ ├── heartrate │ │ ├── heartrate.c │ │ └── memcap.log │ │ ├── mysamplemalware │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ ├── 0x20000-0x21000-r--p.dmp │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ ├── 0xb6e2e000-0xb6f55000-r-xp.dmp │ │ ├── 0xb6f64000-0xb6f66000-r--p.dmp │ │ ├── 0xb6f66000-0xb6f67000-rw-p.dmp │ │ ├── 0xb6f67000-0xb6f6a000-rw-p.dmp │ │ ├── 0xb6f6a000-0xb6f8b000-r-xp.dmp │ │ ├── 0xb6f98000-0xb6f9a000-rw-p.dmp │ │ ├── 0xb6f9a000-0xb6f9b000-r--p.dmp │ │ ├── 0xb6f9b000-0xb6f9c000-rw-p.dmp │ │ ├── 0xbedb8000-0xbedd9000-rw-p.dmp │ │ ├── 0xbef4d000-0xbef4e000-r-xp.dmp │ │ ├── memcap.log │ │ ├── mysamplemalware │ │ └── mysamplemalware.c │ │ └── old_heartrate │ │ ├── 0x10000-0x11000-r-xp.dmp │ │ ├── 0x20000-0x21000-r--p.dmp │ │ ├── 0x21000-0x22000-rw-p.dmp │ │ ├── 0x22000-0x43000-rw-p.dmp │ │ ├── 0xb6e58000-0xb6f7f000-r-xp.dmp │ │ ├── 0xb6f8e000-0xb6f90000-r--p.dmp │ │ ├── 0xb6f90000-0xb6f91000-rw-p.dmp │ │ ├── 0xb6f91000-0xb6f94000-rw-p.dmp │ │ ├── 0xb6f94000-0xb6fb5000-r-xp.dmp │ │ ├── 0xb6fc2000-0xb6fc4000-rw-p.dmp │ │ ├── 0xb6fc4000-0xb6fc5000-r--p.dmp │ │ ├── 0xb6fc5000-0xb6fc6000-rw-p.dmp │ │ ├── 0xbeabd000-0xbeade000-rw-p.dmp │ │ ├── 0xbebf2000-0xbebf3000-r-xp.dmp │ │ └── memcap.log └── windows_dynamic_loading │ ├── Dump │ ├── GetProcAddress.dmp │ ├── LoadLibrary.dmp │ └── Main.dmp │ ├── LoadLibA.c │ ├── test2.exe │ └── webc2-greencat-2_32.7z ├── scripts ├── .idea │ ├── inspectionProfiles │ │ └── profiles_settings.xml │ ├── misc.xml │ ├── modules.xml │ ├── scripts.iml │ ├── vcs.xml │ └── workspace.xml ├── evaluate_obfuscation.py ├── run_minidump.py └── run_single_obfuscation_eval.py ├── setup.py ├── simprocedures ├── .flake8 ├── .gitignore ├── .isort.cfg ├── .pre-commit-config.yaml ├── CODEOWNERS ├── README.md ├── pytest.ini ├── setup.py ├── simprocedures │ ├── __init__.py │ ├── libc │ │ ├── __init__.py │ │ └── strtoul.py │ ├── models │ │ ├── __init__.py │ │ ├── data_types.py │ │ ├── function_model.py │ │ ├── model_handler.py │ │ └── procedure_model.py │ └── win32 │ │ ├── __init__.py │ │ ├── critical_section.py │ │ ├── debugapi.py │ │ ├── get_current_package_id.py │ │ ├── get_module_handle.py │ │ ├── interlocked_increment.py │ │ ├── is_processor_feature_present.py │ │ ├── ntohs.py │ │ ├── process.py │ │ ├── socket.py │ │ ├── strncpy.py │ │ └── wininet.py └── tests │ └── test_function_model.py └── tests ├── programs ├── simple_loop └── simple_loop.c ├── test_degree_concreteness.py └── test_loop_limiter.py /.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length = 88 3 | extend-ignore = E203, E501 4 | per-file-ignores = 5 | */__init__.py: F401 6 | -------------------------------------------------------------------------------- /.isort.cfg: -------------------------------------------------------------------------------- 1 | [settings] 2 | line_length = 88 3 | multi_line_output = 3 4 | include_trailing_comma = True 5 | known_third_party = angr,archinfo,claripy,networkx,pytest,pyvex,setuptools,simprocedures 6 | -------------------------------------------------------------------------------- /Auto_Dumper/procdump/procdump.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/Auto_Dumper/procdump/procdump.exe -------------------------------------------------------------------------------- /Auto_Dumper/procdump/procdump64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/Auto_Dumper/procdump/procdump64.exe -------------------------------------------------------------------------------- /Auto_Dumper/procdump/procdump64a.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/Auto_Dumper/procdump/procdump64a.exe -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @mpruett3 2 | -------------------------------------------------------------------------------- /angr/.azure-pipelines/master.yml: -------------------------------------------------------------------------------- 1 | name: $(BuildDefinitionName)-$(SourceBranchName)-$(BuildID) 2 | 3 | resources: 4 | repositories: 5 | - repository: ci-settings 6 | type: github 7 | name: angr/ci-settings 8 | endpoint: angr 9 | 10 | stages: 11 | - template: resources/master.yml@ci-settings 12 | -------------------------------------------------------------------------------- /angr/.azure-pipelines/nightly.yml: -------------------------------------------------------------------------------- 1 | name: $(BuildDefinitionName)-$(Date:yyyyMMdd)-$(BuildID) 2 | trigger: none 3 | pr: none 4 | schedules: 5 | - cron: "0 0 * * *" 6 | displayName: Daily midnight build 7 | branches: 8 | include: 9 | - master 10 | 11 | resources: 12 | repositories: 13 | - repository: ci-settings 14 | type: github 15 | name: angr/ci-settings 16 | endpoint: angr 17 | 18 | stages: 19 | - template: resources/nightly.yml@ci-settings 20 | -------------------------------------------------------------------------------- /angr/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.o 3 | *.so 4 | *.a 5 | .gdb_history 6 | *.i64 7 | *.idb 8 | *.id0 9 | *.id1 10 | *.id2 11 | *.nam 12 | *.til 13 | *.swp 14 | *.dll 15 | *.obj 16 | *.lib 17 | *.exp 18 | *.pdb 19 | *.ilk 20 | angr/tests/*.png 21 | screenlog.0 22 | angr/tests/screenlog.0 23 | angr/screenlog.0 24 | .idea 25 | *.egg-info 26 | /build 27 | /tags 28 | MANIFEST 29 | dist 30 | .eggs 31 | .vscode/ 32 | 33 | -------------------------------------------------------------------------------- /angr/Dockerfile: -------------------------------------------------------------------------------- 1 | from ubuntu:trusty 2 | maintainer audrey@rhelmot.io 3 | 4 | run apt-get update && \ 5 | apt-get install -y virtualenvwrapper python2.7-dev build-essential libxml2-dev libxslt1-dev git libffi-dev cmake libreadline-dev libtool debootstrap debian-archive-keyring libglib2.0-dev libpixman-1-dev 6 | 7 | run useradd -s /bin/bash -m angr 8 | 9 | run su - angr -c "git clone https://github.com/angr/angr-dev && cd angr-dev && ./setup.sh -e angr" 10 | run su - angr -c "echo 'workon angr' >> /home/angr/.bashrc" 11 | cmd su - angr 12 | -------------------------------------------------------------------------------- /angr/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include LICENSE 2 | include README.md 3 | recursive-include native *.c *.cpp *.h *.def Makefile Makefile-win 4 | -------------------------------------------------------------------------------- /angr/angr/analyses/cfg/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | # analyses 3 | from .cfg_fast import CFGFast 4 | from .cfg_emulated import CFGEmulated 5 | from .cfg import CFG 6 | from .cfb import CFBlanket 7 | from .cfg_fast_soot import CFGFastSoot 8 | 9 | # things to make your life easier 10 | from .cfg_arch_options import CFGArchOptions 11 | from .cfg_utils import CFGUtils 12 | from .cfg_base import CFGBase 13 | from ...knowledge_plugins.cfg import CFGNode 14 | -------------------------------------------------------------------------------- /angr/angr/analyses/cfg/indirect_jump_resolvers/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .mips_elf_fast import MipsElfFastResolver 3 | from .x86_elf_pic_plt import X86ElfPicPltResolver 4 | from .jumptable import JumpTableResolver 5 | from .x86_pe_iat import X86PeIatResolver 6 | from .amd64_elf_got import AMD64ElfGotResolver 7 | -------------------------------------------------------------------------------- /angr/angr/analyses/decompiler/__init__.py: -------------------------------------------------------------------------------- 1 | from .region_identifier import RegionIdentifier 2 | from .structurer import Structurer 3 | from .structured_codegen import StructuredCodeGenerator 4 | from .clinic import Clinic 5 | from .region_simplifier import RegionSimplifier 6 | from .decompiler import Decompiler 7 | from .decompilation_options import options, options_by_category 8 | from . import optimization_passes 9 | -------------------------------------------------------------------------------- /angr/angr/analyses/example_flag_page: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/analyses/example_flag_page -------------------------------------------------------------------------------- /angr/angr/analyses/forward_analysis/__init__.py: -------------------------------------------------------------------------------- 1 | from .forward_analysis import ForwardAnalysis 2 | from .visitors import CallGraphVisitor, FunctionGraphVisitor, LoopVisitor, SingleNodeGraphVisitor 3 | -------------------------------------------------------------------------------- /angr/angr/analyses/forward_analysis/visitors/__init__.py: -------------------------------------------------------------------------------- 1 | from .call_graph import CallGraphVisitor 2 | from .function_graph import FunctionGraphVisitor 3 | from .loop import LoopVisitor 4 | from .single_node_graph import SingleNodeGraphVisitor 5 | -------------------------------------------------------------------------------- /angr/angr/analyses/identifier/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .identify import Identifier 3 | -------------------------------------------------------------------------------- /angr/angr/analyses/identifier/errors.py: -------------------------------------------------------------------------------- 1 | 2 | from ...errors import AngrAnalysisError 3 | 4 | 5 | class IdentifierException(AngrAnalysisError): 6 | pass 7 | 8 | 9 | class FunctionNotInitialized(AngrAnalysisError): 10 | pass 11 | -------------------------------------------------------------------------------- /angr/angr/analyses/propagator/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .propagator import PropagatorAnalysis 3 | -------------------------------------------------------------------------------- /angr/angr/analyses/reaching_definitions/__init__.py: -------------------------------------------------------------------------------- 1 | from .reaching_definitions import ReachingDefinitionsAnalysis 2 | from .live_definitions import LiveDefinitions 3 | from .constants import OP_AFTER, OP_BEFORE 4 | from .. import register_analysis 5 | 6 | 7 | register_analysis(ReachingDefinitionsAnalysis, 'ReachingDefinitions') 8 | -------------------------------------------------------------------------------- /angr/angr/analyses/reaching_definitions/constants.py: -------------------------------------------------------------------------------- 1 | DEBUG = False 2 | 3 | # 4 | # Observation point types 5 | # 6 | OP_BEFORE = 0 7 | OP_AFTER = 1 8 | -------------------------------------------------------------------------------- /angr/angr/analyses/reaching_definitions/external_codeloc.py: -------------------------------------------------------------------------------- 1 | 2 | from ..code_location import CodeLocation 3 | 4 | 5 | class ExternalCodeLocation(CodeLocation): 6 | def __init__(self): 7 | super(ExternalCodeLocation, self).__init__(0, 0) 8 | 9 | def __repr__(self): 10 | return "[External]" 11 | -------------------------------------------------------------------------------- /angr/angr/analyses/variable_recovery/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | from .variable_recovery import VariableRecovery 4 | from .variable_recovery_fast import VariableRecoveryFast 5 | -------------------------------------------------------------------------------- /angr/angr/angrdb/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | try: 3 | import sqlalchemy 4 | except ImportError: 5 | sqlalchemy = None 6 | raise ImportError("AngrDB relies on SQLAlchemy. Please install SQLAlchemy first by running:\n" 7 | "\tpip install sqlalchemy") 8 | 9 | from .db import AngrDB 10 | -------------------------------------------------------------------------------- /angr/angr/angrdb/serializers/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .loader import LoaderSerializer 3 | from .kb import KnowledgeBaseSerializer 4 | -------------------------------------------------------------------------------- /angr/angr/concretization_strategies/any.py: -------------------------------------------------------------------------------- 1 | from . import SimConcretizationStrategy 2 | 3 | class SimConcretizationStrategyAny(SimConcretizationStrategy): 4 | """ 5 | Concretization strategy that returns any single solution. 6 | """ 7 | 8 | def _concretize(self, memory, addr): 9 | if self._exact: 10 | return [ self._any(memory, addr) ] 11 | else: 12 | mn,mx = self._range(memory, addr) 13 | if mn == mx: 14 | return [ mn ] 15 | -------------------------------------------------------------------------------- /angr/angr/concretization_strategies/max.py: -------------------------------------------------------------------------------- 1 | from . import SimConcretizationStrategy 2 | 3 | class SimConcretizationStrategyMax(SimConcretizationStrategy): 4 | """ 5 | Concretization strategy that returns the maximum address. 6 | """ 7 | 8 | def _concretize(self, memory, addr): 9 | return [ self._max(memory, addr) ] 10 | -------------------------------------------------------------------------------- /angr/angr/concretization_strategies/nonzero.py: -------------------------------------------------------------------------------- 1 | from . import SimConcretizationStrategy 2 | 3 | class SimConcretizationStrategyNonzero(SimConcretizationStrategy): 4 | """ 5 | Concretization strategy that returns any non-zero solution. 6 | """ 7 | 8 | def _concretize(self, memory, addr): 9 | return [ self._any(memory, addr, extra_constraints=[addr != 0]) ] 10 | -------------------------------------------------------------------------------- /angr/angr/concretization_strategies/single.py: -------------------------------------------------------------------------------- 1 | from . import SimConcretizationStrategy 2 | 3 | class SimConcretizationStrategySingle(SimConcretizationStrategy): 4 | """ 5 | Concretization strategy that ensures a single solution for an address. 6 | """ 7 | 8 | def _concretize(self, memory, addr): 9 | addrs = self._eval(memory, addr, 2) 10 | if len(addrs) == 1: 11 | return addrs 12 | -------------------------------------------------------------------------------- /angr/angr/distributed/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | # angr.distributed provides a simple implementation for conducting long-running symbolic-execution-based tasks. 3 | 4 | from .server import Server 5 | -------------------------------------------------------------------------------- /angr/angr/engines/light/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .data import ArithmeticExpression, SpOffset, RegisterOffset 3 | from .engine import SimEngineLight, SimEngineLightVEXMixin, SimEngineLightAILMixin, SimEngineLightVEX, SimEngineLightAIL 4 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .engine import SootMixin 3 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/exceptions.py: -------------------------------------------------------------------------------- 1 | 2 | class BlockTerminationNotice(Exception): 3 | pass 4 | 5 | class IncorrectLocationException(Exception): 6 | pass 7 | 8 | class SootMethodNotLoadedException(Exception): 9 | pass 10 | 11 | class SootFieldNotLoadedException(Exception): 12 | pass 13 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/instanceOf.py: -------------------------------------------------------------------------------- 1 | 2 | import logging 3 | 4 | from .base import SimSootExpr 5 | 6 | l = logging.getLogger(name=__name__) 7 | 8 | 9 | class SimSootExpr_InstanceOf(SimSootExpr): 10 | def _execute(self): 11 | obj = self._translate_value(self.expr.value) 12 | self.expr = self.state.solver.StringV(obj.type) == self.state.solver.StringV(self.expr.check_type) 13 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/instancefieldref.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_InstanceFieldRef(SimSootExpr): 6 | def _execute(self): 7 | field_ref = self._translate_value(self.expr) 8 | self.expr = self.state.memory.load(field_ref, none_if_missing=True) 9 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/length.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_Length(SimSootExpr): 6 | def _execute(self): 7 | operand = self._translate_expr(self.expr.value) 8 | self.expr = operand.expr.size 9 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/local.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_Local(SimSootExpr): 6 | def _execute(self): 7 | local = self._translate_value(self.expr) 8 | self.expr = self.state.memory.load(local, none_if_missing=True) 9 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/paramref.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_ParamRef(SimSootExpr): 6 | def _execute(self): 7 | paramref = self._translate_value(self.expr) 8 | self.expr = self.state.memory.load(paramref, none_if_missing=True) 9 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/staticfieldref.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_StaticFieldRef(SimSootExpr): 6 | def _execute(self): 7 | field_ref = self._translate_value(self.expr) 8 | self.expr = self.state.memory.load(field_ref, none_if_missing=True) 9 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/thisref.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_ThisRef(SimSootExpr): 6 | def _execute(self): 7 | self.expr = self._translate_value(self.expr) 8 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/expressions/unsupported.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootExpr 3 | 4 | 5 | class SimSootExpr_Unsupported(SimSootExpr): 6 | def _execute(self): 7 | pass 8 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/statements/goto.py: -------------------------------------------------------------------------------- 1 | 2 | import logging 3 | 4 | from .base import SimSootStmt 5 | 6 | l = logging.getLogger('angr.engines.soot.statements.goto') 7 | 8 | 9 | class SimSootStmt_Goto(SimSootStmt): 10 | def _execute(self): 11 | jmp_target = self._get_bb_addr_from_instr(instr=self.stmt.target) 12 | self._add_jmp_target(target=jmp_target, 13 | condition=self.state.solver.true) 14 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/statements/identity.py: -------------------------------------------------------------------------------- 1 | 2 | import logging 3 | 4 | from .base import SimSootStmt 5 | 6 | l = logging.getLogger('angr.engines.soot.statements.identity') 7 | 8 | 9 | class SimSootStmt_Identity(SimSootStmt): 10 | def _execute(self): 11 | dst = self._translate_value(self.stmt.left_op) 12 | src_expr = self._translate_expr(self.stmt.right_op) 13 | src_val = src_expr.expr 14 | l.debug("Identity %s := %s", dst, src_val) 15 | self.state.memory.store(dst, src_val) 16 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/statements/invoke.py: -------------------------------------------------------------------------------- 1 | 2 | import logging 3 | 4 | from .base import SimSootStmt 5 | 6 | l = logging.getLogger('angr.engines.soot.statements.invoke') 7 | 8 | 9 | class SimSootStmt_Invoke(SimSootStmt): 10 | def _execute(self): 11 | invoke_expr = self._translate_expr(self.stmt.invoke_expr) 12 | self._add_invoke_target(invoke_expr) 13 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/statements/throw.py: -------------------------------------------------------------------------------- 1 | 2 | import logging 3 | 4 | from .base import SimSootStmt 5 | from archinfo.arch_soot import SootAddressTerminator 6 | 7 | l = logging.getLogger(name=__name__) 8 | 9 | 10 | class SimSootStmt_Throw(SimSootStmt): 11 | def _execute(self): 12 | # TODO: implement simprocedure to throw exception 13 | self._add_jmp_target(target=SootAddressTerminator(), 14 | condition=self.state.solver.true) 15 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/values/base.py: -------------------------------------------------------------------------------- 1 | 2 | class SimSootValue: 3 | 4 | @classmethod 5 | def from_sootvalue(cls, soot_value, state): 6 | raise NotImplementedError() 7 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/values/constants.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootValue 3 | 4 | class SimSootValue_IntConstant(SimSootValue): 5 | 6 | __slots__ = [ 'value', 'type' ] 7 | 8 | def __init__(self, value, type_): 9 | super(SimSootValue_IntConstant, self).__init__() 10 | self.value = value 11 | self.type = type_ 12 | 13 | def __repr__(self): 14 | return self.value 15 | 16 | @classmethod 17 | def from_sootvalue(cls, soot_value, state): 18 | return cls(soot_value.value, soot_value.type) 19 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/values/local.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootValue 3 | 4 | 5 | class SimSootValue_Local(SimSootValue): 6 | 7 | __slots__ = [ 'id', 'type' ] 8 | 9 | def __init__(self, name, type_): 10 | super(SimSootValue_Local, self).__init__() 11 | self.id = name 12 | self.type = type_ 13 | 14 | def __repr__(self): 15 | return self.id 16 | 17 | @classmethod 18 | def from_sootvalue(cls, soot_value, state): 19 | return cls(soot_value.name, soot_value.type) 20 | -------------------------------------------------------------------------------- /angr/angr/engines/soot/values/paramref.py: -------------------------------------------------------------------------------- 1 | 2 | from .base import SimSootValue 3 | 4 | 5 | class SimSootValue_ParamRef(SimSootValue): 6 | 7 | __slots__ = [ 'id', 'index', 'type' ] 8 | 9 | def __init__(self, index, type_): 10 | self.id = "param_%d" % index 11 | self.index = index 12 | self.type = type_ 13 | 14 | def __repr__(self): 15 | return self.id 16 | 17 | @classmethod 18 | def from_sootvalue(cls, soot_value, state): 19 | return cls(soot_value.index, soot_value.type) 20 | -------------------------------------------------------------------------------- /angr/angr/engines/vex/__init__.py: -------------------------------------------------------------------------------- 1 | from .claripy import * 2 | from .light import * 3 | from .heavy import * 4 | from .lifter import VEXLifter 5 | -------------------------------------------------------------------------------- /angr/angr/engines/vex/claripy/__init__.py: -------------------------------------------------------------------------------- 1 | from .datalayer import ClaripyDataMixin 2 | -------------------------------------------------------------------------------- /angr/angr/engines/vex/heavy/__init__.py: -------------------------------------------------------------------------------- 1 | from .heavy import HeavyVEXMixin 2 | from .inspect import SimInspectMixin 3 | from .actions import TrackActionsMixin 4 | from .resilience import HeavyResilienceMixin 5 | from .super_fastpath import SuperFastpathMixin -------------------------------------------------------------------------------- /angr/angr/engines/vex/light/__init__.py: -------------------------------------------------------------------------------- 1 | from .light import VEXMixin 2 | from .resilience import VEXResilienceMixin 3 | from .slicing import VEXSlicingMixin 4 | -------------------------------------------------------------------------------- /angr/angr/knowledge_base/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .knowledge_base import KnowledgeBase 3 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .functions import FunctionManager, Function 3 | from .variables import VariableManager 4 | from .comments import Comments 5 | from .data import Data 6 | from .indirect_jumps import IndirectJumps 7 | from .labels import Labels 8 | from .cfg import CFGManager 9 | from .xrefs import XRefManager 10 | from .plugin import KnowledgeBasePlugin 11 | from .sync import SynchronizationManager 12 | from .patches import PatchManager 13 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/cfg/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .memory_data import MemoryDataSort, MemoryData 3 | from .cfg_node import CFGNode, CFGENode 4 | from .indirect_jump import IndirectJump 5 | from .cfg_model import CFGModel 6 | from .cfg_manager import CFGManager 7 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/comments.py: -------------------------------------------------------------------------------- 1 | from .plugin import KnowledgeBasePlugin 2 | 3 | 4 | class Comments(KnowledgeBasePlugin, dict): 5 | 6 | def __init__(self, kb): 7 | super(Comments, self).__init__() 8 | self._kb = kb 9 | 10 | def copy(self): 11 | o = Comments(self._kb) 12 | o.update({k: v for k, v in self.items()}) 13 | 14 | 15 | KnowledgeBasePlugin.register_default('comments', Comments) 16 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/data.py: -------------------------------------------------------------------------------- 1 | from .plugin import KnowledgeBasePlugin 2 | 3 | 4 | class Data(KnowledgeBasePlugin): 5 | 6 | def __init__(self, kb): 7 | super(Data, self).__init__() 8 | self._kb = kb 9 | 10 | def copy(self): 11 | raise NotImplementedError 12 | 13 | 14 | KnowledgeBasePlugin.register_default('data', Data) 15 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/functions/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .function import Function 3 | from .function_manager import FunctionManager 4 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/plugin.py: -------------------------------------------------------------------------------- 1 | default_plugins = {} 2 | 3 | 4 | class KnowledgeBasePlugin: 5 | 6 | def copy(self): 7 | raise NotImplementedError 8 | 9 | @staticmethod 10 | def register_default(name, cls): 11 | if name in default_plugins: 12 | raise Exception("%s is already set as the default for %s" % (default_plugins[name], name)) 13 | default_plugins[name] = cls 14 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/sync/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .sync_manager import SynchronizationManager 3 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/variables/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .variable_manager import VariableManager, VariableType 3 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/variables/variable_access.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | class VariableAccess: 4 | def __init__(self, variable, access_type, location): 5 | self.variable = variable 6 | self.access_type = access_type 7 | self.location = location 8 | 9 | def __repr__(self): 10 | return "%s %s @ %s" % (self.access_type, self.variable, self.location) 11 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/xrefs/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .xref_types import XRefType 3 | from .xref import XRef 4 | from .xref_manager import XRefManager 5 | -------------------------------------------------------------------------------- /angr/angr/knowledge_plugins/xrefs/xref_types.py: -------------------------------------------------------------------------------- 1 | 2 | class XRefType: 3 | Offset = 0 4 | Read = 1 5 | Write = 2 6 | 7 | @staticmethod 8 | def to_string(ty): 9 | s = { 10 | XRefType.Offset: "offset", 11 | XRefType.Read: "read", 12 | XRefType.Write: "write", 13 | } 14 | return s.get(ty, "unknown") 15 | -------------------------------------------------------------------------------- /angr/angr/misc/__init__.py: -------------------------------------------------------------------------------- 1 | from . import ux 2 | from . import autoimport 3 | from . import weakpatch 4 | from .loggers import Loggers 5 | from .range import IRange 6 | from .plugins import PluginHub, PluginPreset 7 | from .hookset import HookSet 8 | -------------------------------------------------------------------------------- /angr/angr/misc/testing.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | def detect_test_env(): 4 | i = 0 5 | while True: 6 | i += 1 7 | try: 8 | frame_module = sys._getframe(i).f_globals.get('__name__') 9 | except ValueError: 10 | return False 11 | 12 | if frame_module == '__main__' or frame_module == '__console__': 13 | return False 14 | elif frame_module is not None and (frame_module.startswith('nose.') or frame_module.startswith('nose2.')): 15 | return True 16 | 17 | is_testing = detect_test_env() 18 | -------------------------------------------------------------------------------- /angr/angr/procedures/__init__.py: -------------------------------------------------------------------------------- 1 | from .procedure_dict import SIM_PROCEDURES, SimProcedures 2 | from .definitions import SIM_LIBRARIES 3 | -------------------------------------------------------------------------------- /angr/angr/procedures/advapi32/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/advapi32/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/cgc/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement system calls for the cgc DECREE platform 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/cgc/_terminate.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class _terminate(angr.SimProcedure): #pylint:disable=redefined-builtin 4 | #pylint:disable=arguments-differ 5 | 6 | NO_RET = True 7 | 8 | def run(self, exit_code): #pylint:disable=unused-argument 9 | return 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/definitions/cgc.py: -------------------------------------------------------------------------------- 1 | from . import SimSyscallLibrary 2 | from .. import SIM_PROCEDURES as P 3 | 4 | lib = SimSyscallLibrary() 5 | lib.set_library_names('cgcabi') 6 | lib.add_all_from_dict(P['cgc']) 7 | lib.add_number_mapping_from_dict('cgcabi', { 8 | 1: '_terminate', 9 | 2: 'transmit', 10 | 3: 'receive', 11 | 4: 'fdwait', 12 | 5: 'allocate', 13 | 6: 'deallocate', 14 | 7: 'random', 15 | }) 16 | 17 | lib_tracer = SimSyscallLibrary() 18 | lib_tracer.set_library_names('cgcabi_tracer') 19 | lib_tracer.add_all_from_dict(P['tracer']) 20 | -------------------------------------------------------------------------------- /angr/angr/procedures/definitions/libstdcpp.py: -------------------------------------------------------------------------------- 1 | 2 | from .. import SIM_PROCEDURES as P 3 | from . import SimCppLibrary 4 | 5 | 6 | libstdcpp = SimCppLibrary() 7 | 8 | libstdcpp.set_library_names('libstdc++.so', 'libstdc++.so.6') 9 | libstdcpp.add_all_from_dict(P["libstdcpp"]) 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/definitions/linux_loader.py: -------------------------------------------------------------------------------- 1 | from . import SimLibrary 2 | from .. import SIM_PROCEDURES as P 3 | 4 | lib = SimLibrary() 5 | lib.set_library_names('ld.so', 'ld-linux.so', 'ld.so.2', 'ld-linux.so.2', 'ld-linux-x86-64.so.2') 6 | lib.add_all_from_dict(P['linux_loader']) 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/definitions/ntdll.py: -------------------------------------------------------------------------------- 1 | from . import SimLibrary 2 | from .. import SIM_PROCEDURES as P 3 | from ...calling_conventions import SimCCStdcall 4 | 5 | lib = SimLibrary() 6 | lib.set_library_names('ntdll.dll') 7 | lib.add_all_from_dict(P['ntdll']) 8 | lib.set_default_cc('X86', SimCCStdcall) 9 | 10 | lib.add('RtlEncodePointer', P['win32']['EncodePointer']) 11 | lib.add('RtlDecodePointer', P['win32']['EncodePointer']) 12 | lib.add('RtlAllocateHeap', P['win32']['HeapAlloc']) 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/definitions/user32.py: -------------------------------------------------------------------------------- 1 | from . import SimLibrary 2 | from .. import SIM_PROCEDURES as P 3 | from ...calling_conventions import SimCCStdcall, SimCCCdecl 4 | 5 | lib = SimLibrary() 6 | lib.set_library_names('user32.dll') 7 | lib.add_all_from_dict(P['win_user32']) 8 | lib.set_default_cc('X86', SimCCStdcall) 9 | 10 | import archinfo 11 | lib.add('wsprintfA', P['libc']['sprintf'], cc=SimCCCdecl(archinfo.ArchX86())) 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/glibc/__errno_location.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # __errno_location 5 | ###################################### 6 | 7 | class __errno_location(angr.SimProcedure): 8 | def run(self): #pylint:disable=arguments-differ 9 | return self.state.libc.errno_location 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/glibc/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement internal functions for the GNU libc that commonly appears on linux systems 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/glibc/scanf.py: -------------------------------------------------------------------------------- 1 | 2 | from ..libc.scanf import scanf 3 | from ..libc.fscanf import fscanf 4 | 5 | class __isoc99_scanf(scanf): 6 | pass 7 | 8 | class __isoc99_fscanf(fscanf): 9 | pass 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/glibc/sscanf.py: -------------------------------------------------------------------------------- 1 | from ..libc.sscanf import sscanf 2 | 3 | class __isoc99_sscanf(sscanf): 4 | pass 5 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_io/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/java_io/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/java_io/read.py: -------------------------------------------------------------------------------- 1 | 2 | from ..java import JavaSimProcedure 3 | 4 | 5 | class Read(JavaSimProcedure): 6 | # TODO consider the fd 7 | 8 | __provides__ = ( 9 | ("java.io.InputStream", "read()"), 10 | ) 11 | 12 | def run(self, this, *args): # pylint: disable=arguments-differ,unused-argument 13 | data, _, _ = self.state.posix.stdin.read(None, 1) 14 | return data.zero_extend(32-8) 15 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_jni/version_information.py: -------------------------------------------------------------------------------- 1 | 2 | from . import JNISimProcedure 3 | 4 | # pylint: disable=arguments-differ,unused-argument 5 | 6 | class GetVersion(JNISimProcedure): 7 | 8 | return_ty = 'int' 9 | 10 | def run(self, ptr_env): 11 | # return JNI version 1.8 12 | return 0x00010008 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_lang/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/java_lang/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/java_lang/exit.py: -------------------------------------------------------------------------------- 1 | 2 | from ..java import JavaSimProcedure 3 | 4 | # pylint: disable=arguments-differ,unused-argument 5 | 6 | 7 | class Exit(JavaSimProcedure): 8 | 9 | NO_RET = True 10 | 11 | __provides__ = ( 12 | ("java.lang.System", "exit(int)"), 13 | ) 14 | 15 | def run(self, exit_code): 16 | self.exit(exit_code) 17 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_lang/load_library.py: -------------------------------------------------------------------------------- 1 | 2 | from ..java import JavaSimProcedure 3 | 4 | 5 | class LoadLibrary(JavaSimProcedure): 6 | 7 | __provides__ = ( 8 | ("java.lang.System", "loadLibrary(java.lang.String)"), 9 | ) 10 | 11 | def run(self, lib): # pylint: disable=arguments-differ,unused-argument 12 | pass 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_lang/math.py: -------------------------------------------------------------------------------- 1 | import claripy 2 | import logging 3 | 4 | from ..java import JavaSimProcedure 5 | 6 | log = logging.getLogger(name=__name__) 7 | 8 | 9 | class Random(JavaSimProcedure): 10 | __provides__ = ( 11 | ('java.lang.Math', 'random'), 12 | ) 13 | 14 | def run(self): 15 | log.debug('Called SimProcedure java.lang.Math.random with args') 16 | return claripy.FPS('rand_int', claripy.FSORT_DOUBLE) 17 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_lang/system.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import claripy 3 | 4 | from ..java import JavaSimProcedure 5 | 6 | log = logging.getLogger(name=__name__) 7 | 8 | 9 | class SystemCurrentTimeMillis(JavaSimProcedure): 10 | 11 | __provides__ = ( 12 | ('java.lang.System', 'currentTimeMillis()'), 13 | ) 14 | 15 | def run(self): 16 | log.debug('Called SimProcedure java.lang.System.currentTimeMillis with args') 17 | 18 | from time import time 19 | return claripy.BVV(int(time() * 1000), 64) 20 | 21 | -------------------------------------------------------------------------------- /angr/angr/procedures/java_util/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/java_util/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/java_util/random.py: -------------------------------------------------------------------------------- 1 | 2 | from ..java import JavaSimProcedure 3 | 4 | 5 | class NextInt(JavaSimProcedure): 6 | 7 | __provides__ = ( 8 | ("java.util.Random", "nextInt(int)"), 9 | ) 10 | 11 | def run(self, obj, bound): # pylint: disable=arguments-differ,unused-argument 12 | rand = self.state.solver.BVS('rand', 32) 13 | self.state.solver.add(rand.UGE(0)) 14 | self.state.solver.add(rand.ULT(bound)) 15 | return rand 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement functions described in the C standard library specification 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/abort.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # abort 5 | ###################################### 6 | 7 | class abort(angr.SimProcedure): 8 | NO_RET = True 9 | 10 | def run(self): 11 | self.exit(1) 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/access.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # access 5 | ###################################### 6 | 7 | 8 | class access(angr.SimProcedure): 9 | #pylint:disable=arguments-differ 10 | 11 | def run(self, path, mode): 12 | 13 | ret = self.state.solver.BVS('access', self.arch.bits) 14 | self.state.add_constraints(self.state.solver.Or(ret == 0, ret == -1)) 15 | return ret 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/atoi.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | import logging 4 | l = logging.getLogger(name=__name__) 5 | 6 | 7 | class atoi(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | def run(self, s): 10 | strtol = angr.SIM_PROCEDURES['libc']['strtol'] 11 | return strtol.strtol_inner(s, self.state, self.state.memory, 10, True)[1] 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/calloc.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # calloc 5 | ###################################### 6 | 7 | class calloc(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | def run(self, sim_nmemb, sim_size): 10 | return self.state.heap._calloc(sim_nmemb, sim_size) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/closelog.py: -------------------------------------------------------------------------------- 1 | 2 | import angr 3 | 4 | ###################################### 5 | # openlog 6 | ###################################### 7 | 8 | class closelog(angr.SimProcedure): 9 | #pylint:disable=arguments-differ 10 | 11 | def run(self): 12 | # A stub for closelog that does not do anything yet. 13 | return 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/exit.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # exit 5 | ###################################### 6 | 7 | class exit(angr.SimProcedure): #pylint:disable=redefined-builtin 8 | #pylint:disable=arguments-differ 9 | 10 | NO_RET = True 11 | def run(self, exit_code): 12 | self.exit(exit_code) 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/fflush.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | import logging 4 | l = logging.getLogger(name=__name__) 5 | 6 | class fflush(angr.SimProcedure): 7 | #pylint:disable=arguments-differ,unused-argument 8 | 9 | def run(self, fd): 10 | return self.state.solver.BVV(0, self.state.arch.bits) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/free.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # free 5 | ###################################### 6 | class free(angr.SimProcedure): 7 | #pylint:disable=arguments-differ,unused-argument 8 | 9 | def run(self, ptr): 10 | self.state.heap._free(ptr) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/getchar.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # getchar 5 | ###################################### 6 | 7 | class getchar(angr.SimProcedure): 8 | # pylint: disable=arguments-differ 9 | def run(self): 10 | fgetc = angr.SIM_PROCEDURES['libc']['fgetc'] 11 | stdin = self.state.posix.get_fd(0) 12 | data = self.inline_call(fgetc, 0, simfd=stdin).ret_expr 13 | return data 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/getegid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # getegid 5 | ###################################### 6 | 7 | class getegid(angr.SimProcedure): 8 | # pylint: disable=arguments-differ 9 | def run(self): 10 | return 1000 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/geteuid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # geteuid 5 | ###################################### 6 | 7 | class geteuid(angr.SimProcedure): 8 | # pylint: disable=arguments-differ 9 | def run(self): 10 | return 1000 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/getgid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # getgid 5 | ###################################### 6 | 7 | class getgid(angr.SimProcedure): 8 | # pylint: disable=arguments-differ 9 | def run(self): 10 | return 1000 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/getuid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # getuid 5 | ###################################### 6 | 7 | class getuid(angr.SimProcedure): 8 | # pylint: disable=arguments-differ 9 | def run(self): 10 | return 1000 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/malloc.py: -------------------------------------------------------------------------------- 1 | import angr 2 | import itertools 3 | 4 | ###################################### 5 | # malloc 6 | ###################################### 7 | 8 | malloc_mem_counter = itertools.count() 9 | 10 | class malloc(angr.SimProcedure): 11 | #pylint:disable=arguments-differ 12 | def run(self, sim_size): 13 | return self.state.heap._malloc(sim_size) 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/openlog.py: -------------------------------------------------------------------------------- 1 | 2 | import angr 3 | 4 | ###################################### 5 | # openlog 6 | ###################################### 7 | 8 | class openlog(angr.SimProcedure): 9 | #pylint:disable=arguments-differ 10 | 11 | def run(self, ident, option, facility): 12 | # A stub for openlog that does not do anything yet. 13 | return 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/perror.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # perror 5 | ###################################### 6 | 7 | class perror(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, string): 11 | write = angr.SIM_PROCEDURES['posix']['write'] 12 | strlen = angr.SIM_PROCEDURES['libc']['strlen'] 13 | 14 | length = self.inline_call(strlen, string).ret_expr 15 | self.inline_call(write, 2, string, length) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/putc.py: -------------------------------------------------------------------------------- 1 | from .fputc import fputc as putc 2 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/putchar.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # putchar 5 | ###################################### 6 | 7 | class putchar(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, string): 11 | stdout = self.state.posix.get_fd(1) 12 | if stdout is None: 13 | return -1 14 | stdout.write_data(string[7:0]) 15 | return string & 0xff 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/rand.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class rand(angr.SimProcedure): 4 | def run(self): 5 | rval = self.state.solver.BVS('rand', 31, key=('api', 'rand')) 6 | return rval.zero_extend(self.state.arch.bits - 31) 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/realloc.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # realloc 5 | ###################################### 6 | 7 | class realloc(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | def run(self, ptr, size): 10 | return self.state.heap._realloc(ptr, size) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/rewind.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # rewind 5 | ###################################### 6 | 7 | class rewind(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, file_ptr): 11 | fseek = angr.SIM_PROCEDURES['libc']['fseek'] 12 | self.inline_call(fseek, file_ptr, 0, 0) 13 | 14 | return None 15 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/setvbuf.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class setvbuf(angr.SimProcedure): 4 | def run(self, stream, buf, type_, size): 5 | return 0 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/srand.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class srand(angr.SimProcedure): 4 | def run(self, seed): 5 | self.ret() 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/sscanf.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from angr.procedures.stubs.format_parser import FormatParser 4 | 5 | l = logging.getLogger(name=__name__) 6 | 7 | class sscanf(FormatParser): 8 | #pylint:disable=arguments-differ,unused-argument 9 | def run(self, data, fmt): 10 | fmt_str = self._parse(1) 11 | items = fmt_str.interpret(2, self.arg, addr=data) 12 | return items 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/strcat.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class strcat(angr.SimProcedure): 4 | # pylint: disable=arguments-differ 5 | def run(self, dst, src): 6 | strlen = angr.SIM_PROCEDURES['libc']['strlen'] 7 | strncpy = angr.SIM_PROCEDURES['libc']['strncpy'] 8 | src_len = self.inline_call(strlen, src).ret_expr 9 | dst_len = self.inline_call(strlen, dst).ret_expr 10 | 11 | self.inline_call(strncpy, dst + dst_len, src, src_len+1, src_len=src_len) 12 | return dst 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/strcpy.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class strcpy(angr.SimProcedure): 4 | #pylint:disable=arguments-differ 5 | 6 | def run(self, dst, src): 7 | strlen = angr.SIM_PROCEDURES['libc']['strlen'] 8 | strncpy = angr.SIM_PROCEDURES['libc']['strncpy'] 9 | src_len = self.inline_call(strlen, src) 10 | 11 | ret_expr = self.inline_call(strncpy, dst, src, src_len.ret_expr+1, src_len=src_len.ret_expr).ret_expr 12 | return ret_expr 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/system.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | import logging 4 | l = logging.getLogger(name=__name__) 5 | 6 | class system(angr.SimProcedure): 7 | #pylint:disable=arguments-differ,unused-argument 8 | def run(self, cmd): 9 | retcode = self.state.solver.Unconstrained('system_returncode', 8, key=('api', 'system')) 10 | return retcode.zero_extend(self.state.arch.bits - 8) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/tolower.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class tolower(angr.SimProcedure): 4 | # pylint: disable=arguments-differ 5 | def run(self, c): 6 | return self.state.solver.If( 7 | self.state.solver.And(c >= 65, c <= 90), # A - Z 8 | c + 32, c) 9 | -------------------------------------------------------------------------------- /angr/angr/procedures/libc/toupper.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class toupper(angr.SimProcedure): 4 | # pylint: disable=arguments-differ 5 | def run(self, c): 6 | return self.state.solver.If( 7 | self.state.solver.And(c >= 97, c <= 122), # a - z 8 | c - 32, c) 9 | -------------------------------------------------------------------------------- /angr/angr/procedures/libstdcpp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/libstdcpp/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/libstdcpp/std____throw_length_error.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # std::throw_length_error 5 | ###################################### 6 | 7 | class std____throw_logic_error(angr.SimProcedure): #pylint:disable=redefined-builtin 8 | #pylint:disable=arguments-differ 9 | 10 | NO_RET = True 11 | ALT_NAMES = ('std::__throw_length_error(char const*)', ) 12 | 13 | def run(self): 14 | # FIXME: we need the concept of C++ exceptions to implement this right 15 | self.exit(1) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libstdcpp/std____throw_logic_error.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # std::throw_logic_error 5 | ###################################### 6 | 7 | class std____throw_logic_error(angr.SimProcedure): #pylint:disable=redefined-builtin 8 | #pylint:disable=arguments-differ 9 | 10 | NO_RET = True 11 | ALT_NAMES = ('std::__throw_logic_error(char const*)', ) 12 | 13 | def run(self): 14 | # FIXME: we need the concept of C++ exceptions to implement this right 15 | self.exit(1) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/libstdcpp/std__terminate.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # std::terminate 5 | ###################################### 6 | 7 | class std__terminate(angr.SimProcedure): #pylint:disable=redefined-builtin 8 | #pylint:disable=arguments-differ 9 | 10 | NO_RET = True 11 | ALT_NAMES = ('std::terminate()', ) 12 | 13 | def run(self): 14 | # FIXME: Call terminate handlers 15 | self.exit(1) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement linux system calls or other misc functionality provided by the linux kernel 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/arm_user_helpers.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class _kernel_user_helper_get_tls(angr.SimProcedure): 4 | # pylint: disable=arguments-differ 5 | def run(self): 6 | self.state.regs.r0 = self.project.loader.tls.threads[0].user_thread_pointer 7 | return 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/brk.py: -------------------------------------------------------------------------------- 1 | import angr 2 | import logging 3 | 4 | l = logging.getLogger(name=__name__) 5 | 6 | class brk(angr.SimProcedure): 7 | """ 8 | This implements the brk system call. 9 | """ 10 | 11 | #pylint:disable=arguments-differ 12 | 13 | def run(self, new_brk): 14 | r = self.state.posix.set_brk(new_brk) 15 | l.debug('brk(%s) = %s', new_brk, r) 16 | return r 17 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/getpid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | #pylint:disable=arguments-differ 4 | 5 | class getpid(angr.SimProcedure): 6 | def run(self): 7 | return self.state.posix.pid 8 | 9 | 10 | class getppid(angr.SimProcedure): 11 | def run(self): 12 | return self.state.posix.ppid 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/gettid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class gettid(angr.SimProcedure): 4 | #pylint:disable=arguments-differ 5 | 6 | def run(self): 7 | return self.state.posix.pid 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/munmap.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class munmap(angr.SimProcedure): 4 | 5 | def run(self, addr, length): #pylint:disable=arguments-differ,unused-argument 6 | # TODO: actually do something 7 | return self.state.solver.BVV(0, self.state.arch.bits) 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/set_tid_address.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # set_tid_address 5 | ###################################### 6 | 7 | #pylint:disable=redefined-builtin,arguments-differ 8 | class set_tid_address(angr.SimProcedure): 9 | def run(self, tidptr): 10 | return 0 # Assume it's single-threaded, so only tid 0 exists 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/sigaction.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class sigaction(angr.SimProcedure): 4 | def run(self, addr, length): #pylint:disable=arguments-differ,unused-argument 5 | # TODO: actually do something 6 | return self.state.solver.BVV(0, self.state.arch.bits) 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/tgkill.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class tgkill(angr.SimProcedure): 4 | 5 | def run(self, addr, length): #pylint:disable=arguments-differ,unused-argument 6 | # TODO: actually do something 7 | return self.state.solver.BVV(0, self.state.arch.bits) 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_kernel/uid.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class getuid(angr.SimProcedure): 4 | def run(self): 5 | return self.state.posix.uid 6 | 7 | class getgid(angr.SimProcedure): 8 | def run(self): 9 | return self.state.posix.gid 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_loader/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These function implement functions or other functionalities provided by the linux userspace dynamic loader 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class _dl_initial_error_catch_tsd(angr.SimProcedure): 4 | def run(self, static_addr=0): 5 | return static_addr 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/linux_loader/_dl_rtld_lock.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | 4 | class _dl_rtld_lock_recursive(angr.SimProcedure): 5 | # pylint: disable=arguments-differ, unused-argument 6 | def run(self, lock): 7 | # For future reference: 8 | # ++((pthread_mutex_t *)(lock))->__data.__count; 9 | return 10 | 11 | class _dl_rtld_unlock_recursive(angr.SimProcedure): 12 | def run(self): 13 | return 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/msvcr/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These functions implement those found in the various versions of msvcr.dll 3 | (Microsoft Visual C/C++ Runtime) 4 | """ 5 | -------------------------------------------------------------------------------- /angr/angr/procedures/ntdll/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/ntdll/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/posix/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement functions described in POSIX.1 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/bind.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # bind (but not really) 5 | ###################################### 6 | import logging 7 | l = logging.getLogger(name=__name__) 8 | 9 | class bind(angr.SimProcedure): 10 | #pylint:disable=arguments-differ 11 | 12 | def run(self, fd, addr_ptr, addr_len): #pylint:disable=unused-argument 13 | return self.state.solver.Unconstrained('bind', self.state.arch.bits, key=('api', 'bind')) 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/bzero.py: -------------------------------------------------------------------------------- 1 | from ..libc import memset 2 | 3 | class bzero(memset.memset): 4 | def run(self, addr, size): 5 | return super().run(addr, self.state.solver.BVV(0, self.arch.byte_width), size) 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/close.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # close 5 | ###################################### 6 | 7 | class close(angr.SimProcedure): 8 | def run(self, fd): # pylint:disable=arguments-differ 9 | if self.state.posix.close(fd): 10 | return 0 11 | else: 12 | return -1 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/closedir.py: -------------------------------------------------------------------------------- 1 | from .close import close 2 | 3 | # :/ 4 | class closedir(close): 5 | pass 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/fcntl.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # fcntl 5 | ###################################### 6 | 7 | class fcntl(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, fd, cmd): 11 | # this is a stupid stub that does not do anything besides returning an unconstrained variable. 12 | return self.state.solver.BVS('fcntl_retval', self.state.arch.bits) 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/fork.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class fork(angr.SimProcedure): 4 | def run(self): 5 | return self.state.solver.If(self.state.solver.BoolS('fork_parent'), 6 | self.state.solver.BVV(1338, self.state.arch.bits), 7 | self.state.solver.BVV(0, self.state.arch.bits)) 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/getsockopt.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # getsockopt 5 | ###################################### 6 | 7 | class getsockopt(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, sockfd, level, optname, optval, optlen): 11 | 12 | # TODO: ... 13 | 14 | return 0 15 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/htonl.py: -------------------------------------------------------------------------------- 1 | import angr 2 | ###################################### 3 | # htonl 4 | ###################################### 5 | 6 | class htonl(angr.SimProcedure): 7 | #pylint:disable=arguments-differ 8 | 9 | def run(self, to_convert): 10 | if self.state.arch.memory_endness == "Iend_LE": 11 | return to_convert[31:0].reversed.zero_extend(len(to_convert) - 32) 12 | else: 13 | return to_convert 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/htons.py: -------------------------------------------------------------------------------- 1 | import angr 2 | ###################################### 3 | # htons (yes, really) 4 | ###################################### 5 | 6 | class htons(angr.SimProcedure): 7 | #pylint:disable=arguments-differ 8 | 9 | def run(self, to_convert): 10 | if self.state.arch.memory_endness == "Iend_LE": 11 | return to_convert[15:0].reversed.zero_extend(len(to_convert) - 16) 12 | else: 13 | return to_convert 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/inet_ntoa.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class inet_ntoa(angr.SimProcedure): 4 | #pylint:disable=arguments-differ,unused-argument 5 | 6 | def run(self, addr_in): 7 | # arg types: struct....... :( 8 | #TODO: return an IP address string 9 | ret_expr = self.state.solver.Unconstrained("inet_ntoa_ret", self.state.arch.bits) 10 | return ret_expr 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/listen.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # listen (but not really) 5 | ###################################### 6 | import logging 7 | l = logging.getLogger(name=__name__) 8 | 9 | class listen(angr.SimProcedure): 10 | #pylint:disable=arguments-differ 11 | 12 | def run(self, sockfd, backlog): #pylint:disable=unused-argument 13 | return self.state.solver.Unconstrained('listen', self.state.arch.bits, key=('api', 'listen')) 14 | 15 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/opendir.py: -------------------------------------------------------------------------------- 1 | import angr 2 | from .open import open 3 | 4 | class opendir(angr.SimProcedure): 5 | def run(self, fname): 6 | p_open = self.inline_call(open, fname, 0o200000, 0) # O_DIRECTORY 7 | # using the same hack we used to use for fopen etc... using the fd as a pointer 8 | return p_open.ret_expr 9 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/read.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # read 5 | ###################################### 6 | 7 | class read(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, fd, dst, length): 11 | simfd = self.state.posix.get_fd(fd) 12 | if simfd is None: 13 | return -1 14 | 15 | return simfd.read(dst, length) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/recv.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # recv 5 | ###################################### 6 | 7 | class recv(angr.SimProcedure): 8 | #pylint:disable=arguments-differ,unused-argument 9 | 10 | def run(self, fd, dst, length, flags): 11 | simfd = self.state.posix.get_fd(fd) 12 | if simfd is None: 13 | return -1 14 | 15 | return simfd.read(dst, length) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/recvfrom.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # recvfrom 5 | ###################################### 6 | 7 | class recvfrom(angr.SimProcedure): 8 | # pylint:disable=arguments-differ,unused-argument 9 | 10 | def run(self, fd, dst, length, flags, src_addr, addrlen): 11 | simfd = self.state.posix.get_fd(fd) 12 | if simfd is None: 13 | return -1 14 | 15 | return simfd.read(dst, length) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/setsockopt.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # setsockopt 5 | ###################################### 6 | 7 | class setsockopt(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, sockfd, level, optname, optval, optmain): 11 | return 0 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/sleep.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class sleep(angr.SimProcedure): 4 | #pylint:disable=arguments-differ,unused-argument 5 | def run(self, seconds): 6 | return 0 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/syslog.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from ..stubs.format_parser import FormatParser 4 | 5 | l = logging.getLogger(name=__name__) 6 | l.setLevel('INFO') 7 | 8 | class syslog(FormatParser): 9 | def run(self, priority): 10 | fmt = self._parse(1) 11 | formatted = fmt.replace(2, self.arg) 12 | if not formatted.symbolic: 13 | formatted = self.state.solver.eval(formatted, cast_to=bytes) 14 | l.info("Syslog priority %s: %s", priority, formatted) -------------------------------------------------------------------------------- /angr/angr/procedures/posix/unlink.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # unlink 5 | ###################################### 6 | 7 | class unlink(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, path): 11 | # TODO: do this the other way around 12 | unlink_sys = angr.SIM_PROCEDURES['linux_kernel']['unlink'] 13 | return self.inline_call(unlink_sys, path).ret_expr 14 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/usleep.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class usleep(angr.SimProcedure): 4 | #pylint:disable=arguments-differ,unused-argument 5 | def run(self, n): 6 | return 0 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/posix/write.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # write 5 | ###################################### 6 | 7 | class write(angr.SimProcedure): 8 | #pylint:disable=arguments-differ 9 | 10 | def run(self, fd, src, length): 11 | simfd = self.state.posix.get_fd(fd) 12 | if simfd is None: 13 | return -1 14 | 15 | return simfd.write(src, length) 16 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/CallReturn.py: -------------------------------------------------------------------------------- 1 | import angr 2 | import logging 3 | 4 | l = logging.getLogger(name=__name__) 5 | 6 | class CallReturn(angr.SimProcedure): 7 | NO_RET = True 8 | 9 | def run(self): 10 | l.info("A factory.call_state-created path returned!") 11 | return 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/Nop.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Doing nothing 5 | ###################################### 6 | 7 | 8 | class Nop(angr.SimProcedure): 9 | def run(self): 10 | pass 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/PathTerminator.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Path terminator 5 | ###################################### 6 | 7 | 8 | class PathTerminator(angr.SimProcedure): 9 | NO_RET = True 10 | 11 | def run(self): 12 | return 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/ReturnChar.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Returns a valid char 5 | ###################################### 6 | 7 | class ReturnChar(angr.SimProcedure): 8 | def run(self): 9 | s_var = self.state.solver.Unconstrained("char_ret", self.state.arch.bits, key=('api', '?', self.display_name)) 10 | self.state.add_constraints(self.state.solver.And(self.state.solver.ULE(s_var, 126), self.state.solver.UGE(s_var, 9))) 11 | return s_var 12 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/UnresolvableCallTarget.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Unresolvable Call Target 5 | ###################################### 6 | 7 | 8 | class UnresolvableCallTarget(angr.SimProcedure): 9 | NO_RET = False 10 | 11 | def run(self):#pylint: disable=arguments-differ 12 | return 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/UnresolvableJumpTarget.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Unresolvable Jump Target 5 | ###################################### 6 | 7 | 8 | class UnresolvableJumpTarget(angr.SimProcedure): 9 | NO_RET = True 10 | 11 | def run(self):#pylint: disable=arguments-differ 12 | return 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures are various misc stubs useful in analysis 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/stubs/caller.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | ###################################### 4 | # Caller 5 | ###################################### 6 | 7 | 8 | class Caller(angr.SimProcedure): 9 | """ 10 | Caller stub. Creates a Ijk_Call exit to the specified function 11 | """ 12 | 13 | def run(self, target_addr=None, target_cc=None): 14 | self.call(target_addr, [ ], 'after_call', cc=target_cc) 15 | 16 | def after_call(self, target_addr=None, target_cc=None): 17 | pass 18 | -------------------------------------------------------------------------------- /angr/angr/procedures/testing/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures are used in the angr test suite. I'm like 90% sure they're unused at this point. 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/testing/manyargs.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class manyargs(angr.SimProcedure): 4 | NO_RET = True 5 | 6 | def run(self): 7 | pass 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/testing/retreg.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class retreg(angr.SimProcedure): 4 | def run(self, reg=None): 5 | r = self.state.registers.load(reg) 6 | #print self.state.options 7 | return r 8 | -------------------------------------------------------------------------------- /angr/angr/procedures/tracer/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement system calls for the cgc DECREE platform, in a 3 | specific way for tracing. 4 | """ 5 | -------------------------------------------------------------------------------- /angr/angr/procedures/uclibc/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement internal functions in the uClibc libc implementation 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/uclibc/__uClibc_main.py: -------------------------------------------------------------------------------- 1 | 2 | from ..glibc.__libc_start_main import __libc_start_main as fucker 3 | 4 | ###################################### 5 | # __uClibc_main 6 | ###################################### 7 | class __uClibc_main(fucker): 8 | ADDS_EXITS = True 9 | NO_RET = True 10 | 11 | # This is called "fucker" cause otherwise the double underscores cause 12 | # python to name-mangle and everything gets fucked. 13 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/EncodePointer.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class EncodePointer(angr.SimProcedure): 4 | def run(self, ptr): 5 | return ptr 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/ExitProcess.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class ExitProcess(angr.SimProcedure): 4 | NO_RET = True 5 | def run(self, exit_status): 6 | self.exit(exit_status) 7 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/GetCommandLine.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class GetCommandLineA(angr.SimProcedure): 4 | def run(self): 5 | return self.project.simos.acmdln_ptr 6 | 7 | class GetCommandLineW(angr.SimProcedure): 8 | def run(self): 9 | return self.project.simos.wcmdln_ptr 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/GetCurrentProcessId.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class GetCurrentProcessId(angr.SimProcedure): 4 | def run(self): 5 | return 0x1337BEE2 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/GetCurrentThreadId.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class GetCurrentThreadId(angr.SimProcedure): 4 | def run(self): 5 | return 0xbad76ead 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/IsProcessorFeaturePresent.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class IsProcessorFeaturePresent(angr.SimProcedure): 4 | def run(self, feature): # pylint: disable=unused-argument,no-self-use,arguments-differ 5 | return 0 # we're dumb as shit!!!! 6 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | These procedures implement functions from the win32 api, notably kernel32.dll 3 | """ 4 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/critical_section.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class InitializeCriticalSectionAndSpinCount(angr.SimProcedure): 4 | def run(self, lpCriticalSection, dwSpinCount): 5 | return 1 6 | 7 | class InitializeCriticalSectionEx(angr.SimProcedure): 8 | def run(self, lpCriticalSection, dwSpinCount, Flags): 9 | return 1 10 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/gethostbyname.py: -------------------------------------------------------------------------------- 1 | import angr 2 | import logging 3 | 4 | l = logging.getLogger('angr.procedures.win32.gethostbyname') 5 | 6 | class gethostbyname(angr.SimProcedure): 7 | 8 | def run(self, _): #pylint:disable=arguments-differ 9 | ret_expr = self.state.solver.BVS('gethostbyname_retval', 32, key=('api', 'gethostbyname_retval')) 10 | return ret_expr 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/win32/mutex.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class CreateMutexA(angr.SimProcedure): 4 | def run(self, lpMutexAttributes, bInitialOwner, lpName): 5 | return 1 6 | 7 | class CreateMutexEx(CreateMutexA): 8 | pass -------------------------------------------------------------------------------- /angr/angr/procedures/win_user32/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/angr/procedures/win_user32/__init__.py -------------------------------------------------------------------------------- /angr/angr/procedures/win_user32/chars.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | # these are NOT suitable for multibyte characters 4 | class CharNextA(angr.SimProcedure): 5 | def run(self, ptr): 6 | return self.state.solver.If(self.state.mem[ptr].uint8_t.resolved == 0, ptr, ptr + 1) 7 | 8 | class CharPrevA(angr.SimProcedure): 9 | def run(self, start, ptr): 10 | return self.state.solver.If(start == ptr, start, ptr - 1) 11 | -------------------------------------------------------------------------------- /angr/angr/procedures/win_user32/keyboard.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | class GetKeyboardType(angr.SimProcedure): 4 | def run(self, param): 5 | # return the values present at time of author's testing 6 | if self.state.solver.is_true(param == 0): 7 | return 4 8 | if self.state.solver.is_true(param == 1): 9 | return 0 10 | if self.state.solver.is_true(param == 2): 11 | return 12 12 | return 0 13 | -------------------------------------------------------------------------------- /angr/angr/protos/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from . import primitives_pb2 3 | from . import function_pb2 4 | -------------------------------------------------------------------------------- /angr/angr/protos/xrefs.proto: -------------------------------------------------------------------------------- 1 | 2 | syntax = "proto3"; 3 | 4 | import "protos/primitives.proto"; 5 | 6 | package angr.protos; 7 | 8 | 9 | message XRefs { 10 | repeated CodeReference xrefs = 1; 11 | } 12 | -------------------------------------------------------------------------------- /angr/angr/state_plugins/heap/__init__.py: -------------------------------------------------------------------------------- 1 | #pylint:disable=wildcard-import 2 | from .heap_base import * 3 | from .heap_brk import * 4 | from .heap_libc import * 5 | from .heap_ptmalloc import * 6 | -------------------------------------------------------------------------------- /angr/angr/storage/__init__.py: -------------------------------------------------------------------------------- 1 | from .file import SimFile 2 | from .memory import SimMemory 3 | from .memory_object import SimMemoryObject 4 | from .paged_memory import SimPagedMemory 5 | from .kvstore import SimKVStore 6 | -------------------------------------------------------------------------------- /angr/angr/utils/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | from .timing import timethis 3 | from . import graph 4 | from . import constants 5 | from . import enums_conv 6 | -------------------------------------------------------------------------------- /angr/angr/utils/constants.py: -------------------------------------------------------------------------------- 1 | 2 | DEFAULT_STATEMENT = -2 3 | 4 | 5 | def is_alignment_mask(n): 6 | return n in {0xffffffffffffffe0, 0xfffffffffffffff0, 0xfffffff0, 0xfffffffc} 7 | -------------------------------------------------------------------------------- /angr/native/Makefile-win: -------------------------------------------------------------------------------- 1 | CC=cl 2 | INCFLAGS=/I "$(PYVEX_INCLUDE_PATH)" /I "$(UNICORN_INCLUDE_PATH)" 3 | CFLAGS=/EHsc /LD /O2 $(INCFLAGS) /Zi 4 | LDFLAGS=/link "$(UNICORN_LIB_FILE)" "$(PYVEX_LIB_FILE)" /DEF:angr_native.def /DEBUG 5 | 6 | angr_native.dll: sim_unicorn.cpp angr_native.def 7 | $(CC) $(CFLAGS) sim_unicorn.cpp $(LDFLAGS) /OUT:angr_native.dll -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/all_definitions.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/all_definitions.pickle -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/all_visited_blocks.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/all_visited_blocks.pickle -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/fauxware_definitions.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/fauxware_definitions.pickle -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/fauxware_visited_blocks.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/fauxware_visited_blocks.pickle -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/loop_definitions.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/loop_definitions.pickle -------------------------------------------------------------------------------- /angr/tests/reachingdefinitions_results/x86_64/loop_visited_blocks.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/angr/tests/reachingdefinitions_results/x86_64/loop_visited_blocks.pickle -------------------------------------------------------------------------------- /angr/tests/test_cfg_vex_postprocessor.py: -------------------------------------------------------------------------------- 1 | 2 | import os 3 | 4 | import angr 5 | 6 | test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '..', 'binaries', 'tests') 7 | 8 | 9 | def test_issue_1172(): 10 | 11 | path = os.path.join(test_location, "x86_64", "cfg_issue_1172") 12 | p = angr.Project(path, auto_load_libs=False) 13 | 14 | # it should not crash 15 | _ = p.analyses.CFG() 16 | 17 | 18 | if __name__ == "__main__": 19 | test_issue_1172() 20 | -------------------------------------------------------------------------------- /angr/tests/test_clinic.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | import angr 4 | import angr.analyses.decompiler 5 | 6 | 7 | def test_smoketest(): 8 | binary_path = os.path.join(os.path.dirname(os.path.realpath(str(__file__))), '..', '..', 'binaries', 'tests', 'x86_64', 'all') 9 | proj = angr.Project(binary_path, auto_load_libs=False, load_debug_info=True) 10 | 11 | cfg = proj.analyses.CFG(normalize=True) 12 | main_func = cfg.kb.functions['main'] 13 | 14 | proj.analyses.Clinic(main_func) 15 | 16 | 17 | if __name__ == "__main__": 18 | test_smoketest() 19 | -------------------------------------------------------------------------------- /angr/tests/test_rcr.py: -------------------------------------------------------------------------------- 1 | import nose 2 | import os 3 | import claripy 4 | import angr 5 | 6 | def test_rcr(): 7 | p = angr.Project(os.path.join(os.path.dirname(__file__), '..', '..', 'binaries', 'tests', 'i386', 'rcr_test')) 8 | result = p.factory.successors(p.factory.entry_state()).successors[0] 9 | nose.tools.assert_true(claripy.is_true(result.regs.cl == 8)) 10 | 11 | if __name__ == '__main__': 12 | test_rcr() 13 | -------------------------------------------------------------------------------- /cle/.azure-pipelines/master.yml: -------------------------------------------------------------------------------- 1 | name: $(BuildDefinitionName)-$(SourceBranchName)-$(BuildID) 2 | 3 | resources: 4 | repositories: 5 | - repository: ci-settings 6 | type: github 7 | name: angr/ci-settings 8 | endpoint: angr 9 | 10 | stages: 11 | - template: resources/master.yml@ci-settings 12 | -------------------------------------------------------------------------------- /cle/.azure-pipelines/nightly.yml: -------------------------------------------------------------------------------- 1 | name: $(BuildDefinitionName)-$(Date:yyyyMMdd)-$(BuildID) 2 | trigger: none 3 | pr: none 4 | schedules: 5 | - cron: "0 0 * * *" 6 | displayName: Daily midnight build 7 | branches: 8 | include: 9 | - master 10 | 11 | resources: 12 | repositories: 13 | - repository: ci-settings 14 | type: github 15 | name: angr/ci-settings 16 | endpoint: angr 17 | 18 | stages: 19 | - template: resources/nightly.yml@ci-settings 20 | -------------------------------------------------------------------------------- /cle/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include LICENSE 2 | include README.md 3 | -------------------------------------------------------------------------------- /cle/cle/backends/cgc/__init__.py: -------------------------------------------------------------------------------- 1 | from .cgc import CGC 2 | from .backedcgc import BackedCGC 3 | -------------------------------------------------------------------------------- /cle/cle/backends/elf/__init__.py: -------------------------------------------------------------------------------- 1 | from .elf import ELF 2 | from .metaelf import MetaELF 3 | from .elfcore import ELFCore 4 | -------------------------------------------------------------------------------- /cle/cle/backends/elf/relocation/arm_cortex_m.py: -------------------------------------------------------------------------------- 1 | from .arm import * # pylint: disable=wildcard-import,unused-wildcard-import 2 | 3 | arch = 'ARMCortexM' 4 | -------------------------------------------------------------------------------- /cle/cle/backends/elf/relocation/armel.py: -------------------------------------------------------------------------------- 1 | from .arm import * # pylint: disable=wildcard-import,unused-wildcard-import 2 | 3 | arch = 'ARMEL' 4 | -------------------------------------------------------------------------------- /cle/cle/backends/elf/relocation/armhf.py: -------------------------------------------------------------------------------- 1 | from .arm import * # pylint: disable=wildcard-import,unused-wildcard-import 2 | 3 | arch = 'ARMHF' 4 | -------------------------------------------------------------------------------- /cle/cle/backends/elf/relocation/mips64.py: -------------------------------------------------------------------------------- 1 | from . import generic 2 | 3 | arch = 'MIPS64' 4 | 5 | class R_MIPS_64(generic.GenericAbsoluteAddendReloc): 6 | pass 7 | 8 | class R_MIPS_REL32(generic.GenericRelativeReloc): 9 | pass 10 | 11 | class R_MIPS_COPY(generic.GenericCopyReloc): 12 | pass 13 | 14 | class R_MIPS_TLS_DTPMOD64(generic.GenericTLSModIdReloc): 15 | pass 16 | 17 | class R_MIPS_TLS_DTPREL64(generic.GenericTLSDoffsetReloc): 18 | pass 19 | 20 | class R_MIPS_TLS_TPREL64(generic.GenericTLSOffsetReloc): 21 | pass 22 | -------------------------------------------------------------------------------- /cle/cle/backends/java/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/cle/cle/backends/java/__init__.py -------------------------------------------------------------------------------- /cle/cle/backends/macho/__init__.py: -------------------------------------------------------------------------------- 1 | from .macho import MachO 2 | -------------------------------------------------------------------------------- /cle/cle/backends/pe/__init__.py: -------------------------------------------------------------------------------- 1 | from .pe import PE 2 | -------------------------------------------------------------------------------- /cle/cle/backends/pe/relocation/amd64.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from . import generic 3 | 4 | l = logging.getLogger(name=__name__) 5 | 6 | arch = 'AMD64' 7 | 8 | class IMAGE_REL_BASED_HIGHADJ(generic.IMAGE_REL_BASED_HIGHADJ): 9 | pass 10 | 11 | class IMAGE_REL_BASED_DIR64(generic.IMAGE_REL_BASED_DIR64): 12 | pass 13 | 14 | class IMAGE_REL_BASED_HIGHLOW(generic.IMAGE_REL_BASED_HIGHLOW): 15 | pass 16 | 17 | class IMAGE_REL_BASED_HIGH(generic.IMAGE_REL_BASED_HIGH): 18 | pass 19 | 20 | class IMAGE_REL_BASED_LOW(generic.IMAGE_REL_BASED_LOW): 21 | pass 22 | -------------------------------------------------------------------------------- /cle/cle/backends/pe/relocation/i386.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from . import generic 3 | 4 | l = logging.getLogger(name=__name__) 5 | 6 | arch = 'X86' 7 | 8 | class IMAGE_REL_BASED_HIGHADJ(generic.IMAGE_REL_BASED_HIGHADJ): 9 | pass 10 | 11 | class IMAGE_REL_BASED_DIR64(generic.IMAGE_REL_BASED_DIR64): 12 | pass 13 | 14 | class IMAGE_REL_BASED_HIGHLOW(generic.IMAGE_REL_BASED_HIGHLOW): 15 | pass 16 | 17 | class IMAGE_REL_BASED_HIGH(generic.IMAGE_REL_BASED_HIGH): 18 | pass 19 | 20 | class IMAGE_REL_BASED_LOW(generic.IMAGE_REL_BASED_LOW): 21 | pass 22 | -------------------------------------------------------------------------------- /forsee/project/__init__.py: -------------------------------------------------------------------------------- 1 | from .binary import ForseeProjectBinary 2 | from .forsee_project import ForseeProject 3 | from .minidump import ForseeProjectMinidump 4 | from .segmented import ForseeProjectArm 5 | -------------------------------------------------------------------------------- /forsee/techniques/__init__.py: -------------------------------------------------------------------------------- 1 | from .degree_of_concreteness import DegreeOfConcreteness 2 | from .loop_limiter import LoopLimiter 3 | from .procedure_handler import ProcedureHandler 4 | -------------------------------------------------------------------------------- /forsee/techniques/procedure_handler/__init__.py: -------------------------------------------------------------------------------- 1 | from forsee.techniques.procedure_handler.procedure_handler import ProcedureHandler 2 | -------------------------------------------------------------------------------- /pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | addopts = -p no:warnings 3 | -------------------------------------------------------------------------------- /run_forsee.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | import forsee 4 | from forsee.explorer import Explorer 5 | from forsee.project import ForseeProjectMinidump 6 | 7 | log = logging.getLogger(__name__) 8 | 9 | 10 | def main(): 11 | logging.getLogger(forsee.__name__).setLevel(logging.DEBUG) 12 | log.setLevel(logging.DEBUG) 13 | 14 | proj = ForseeProjectMinidump("sample_dumps/windows_dynamic_loading/Dump/Main.dmp") 15 | explorer = Explorer(proj) 16 | explorer.run() 17 | 18 | 19 | if __name__ == "__main__": 20 | main() 21 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/gen-input-got-attack: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/gen-input-got-attack -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/gen-input-got-attack.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char **argv) 5 | { 6 | uint32_t system_addr = 0xb6ec8994; 7 | uint32_t junk = 0xFEE1DEAD; 8 | uint32_t puts_got_addr = 0x20694;//0x2064c; 9 | char buf[28] = "/mnt/SD/binaries/timebomb\n\0"; 10 | 11 | fwrite(&system_addr, 4, 1, stdout); 12 | fwrite(&junk, 4, 1, stdout); 13 | fwrite(&puts_got_addr, 4, 1, stdout); 14 | fwrite(buf, 27, 1, stdout); 15 | 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got-attack: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got-attack -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x10000-0x11000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x10000-0x11000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x20000-0x21000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x20000-0x21000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x20000-0x21000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x20000-0x21000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x21000-0x42000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x21000-0x42000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x21000-0x42000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0x21000-0x42000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6e92000-0xb6fb9000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6e92000-0xb6fb9000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6e92000-0xb6fb9000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6e92000-0xb6fb9000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fc8000-0xb6fca000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fc8000-0xb6fca000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fc8000-0xb6fca000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fc8000-0xb6fca000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fca000-0xb6fcb000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fca000-0xb6fcb000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fca000-0xb6fcb000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fca000-0xb6fcb000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fcb000-0xb6fce000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fcb000-0xb6fce000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fcb000-0xb6fce000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fcb000-0xb6fce000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fce000-0xb6fef000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fce000-0xb6fef000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fce000-0xb6fef000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fce000-0xb6fef000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffb000-0xb6ffd000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffb000-0xb6ffd000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffb000-0xb6ffd000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffb000-0xb6ffd000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffd000-0xb6ffe000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffd000-0xb6ffe000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffd000-0xb6ffe000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffd000-0xb6ffe000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffe000-0xb6fff000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffe000-0xb6fff000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffe000-0xb6fff000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6ffe000-0xb6fff000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fff000-0xb7000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fff000-0xb7000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fff000-0xb7000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xb6fff000-0xb7000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xbefdf000-0xbf000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xbefdf000-0xbf000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xbefdf000-0xbf000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/0xbefdf000-0xbf000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_1/registers.txt: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=befff848 4 | r1=befff848 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=befff848 9 | r6=7fffffff 10 | r7=a2 11 | r8=0 12 | r9=0 13 | r10=b6ffefac 14 | fp=befffc84 15 | ip=b6f2bb60 16 | sp=befff838 17 | lr=b6f2bbc0 18 | pc=b6f2bcbc 19 | orig_r0=befff848 20 | cpsr=600d0010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x10000-0x11000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x10000-0x11000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x20000-0x21000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x20000-0x21000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x20000-0x21000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x20000-0x21000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x21000-0x42000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x21000-0x42000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x21000-0x42000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0x21000-0x42000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6e92000-0xb6fb9000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6e92000-0xb6fb9000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6e92000-0xb6fb9000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6e92000-0xb6fb9000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fc8000-0xb6fca000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fc8000-0xb6fca000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fc8000-0xb6fca000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fc8000-0xb6fca000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fca000-0xb6fcb000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fca000-0xb6fcb000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fca000-0xb6fcb000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fca000-0xb6fcb000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fcb000-0xb6fce000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fcb000-0xb6fce000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fcb000-0xb6fce000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fcb000-0xb6fce000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fce000-0xb6fef000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fce000-0xb6fef000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fce000-0xb6fef000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fce000-0xb6fef000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffb000-0xb6ffd000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffb000-0xb6ffd000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffb000-0xb6ffd000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffb000-0xb6ffd000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffd000-0xb6ffe000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffd000-0xb6ffe000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffd000-0xb6ffe000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffd000-0xb6ffe000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffe000-0xb6fff000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffe000-0xb6fff000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffe000-0xb6fff000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6ffe000-0xb6fff000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fff000-0xb7000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fff000-0xb7000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fff000-0xb7000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xb6fff000-0xb7000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xbefdf000-0xbf000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xbefdf000-0xbf000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xbefdf000-0xbf000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/0xbefdf000-0xbf000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/got_attack_2/registers.txt: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=531 4 | r1=befff72c 5 | r2=0 6 | r3=0 7 | r4=531 8 | r5=b6fca000 9 | r6=befff72c 10 | r7=72 11 | r8=befff73c 12 | r9=0 13 | r10=b6ffefac 14 | fp=befffc84 15 | ip=b6fcb638 16 | sp=befff700 17 | lr=b6ec8540 18 | pc=b6f2b954 19 | orig_r0=531 20 | cpsr=600d0010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x10000-0x11000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x10000-0x11000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x20000-0x21000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x20000-0x21000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x21000-0x22000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0x21000-0x22000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6e92000-0xb6fb9000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6e92000-0xb6fb9000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6e92000-0xb6fb9000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6e92000-0xb6fb9000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fc8000-0xb6fca000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fc8000-0xb6fca000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fc8000-0xb6fca000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fc8000-0xb6fca000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fca000-0xb6fcb000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fca000-0xb6fcb000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fca000-0xb6fcb000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fca000-0xb6fcb000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fcb000-0xb6fce000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fcb000-0xb6fce000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fcb000-0xb6fce000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fcb000-0xb6fce000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fce000-0xb6fef000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fce000-0xb6fef000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fce000-0xb6fef000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fce000-0xb6fef000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffb000-0xb6ffd000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffb000-0xb6ffd000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffb000-0xb6ffd000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffb000-0xb6ffd000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffd000-0xb6ffe000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffd000-0xb6ffe000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffd000-0xb6ffe000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffd000-0xb6ffe000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffe000-0xb6fff000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffe000-0xb6fff000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffe000-0xb6fff000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6ffe000-0xb6fff000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fff000-0xb7000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fff000-0xb7000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fff000-0xb7000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xb6fff000-0xb7000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xbefdf000-0xbf000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xbefdf000-0xbf000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xbefdf000-0xbf000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/0xbefdf000-0xbf000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_1/registers.txt: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=befffbf8 4 | r1=befffbf8 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=befffbf8 9 | r6=7fffffff 10 | r7=a2 11 | r8=0 12 | r9=0 13 | r10=b6ffefac 14 | fp=befffc84 15 | ip=b6f2bb60 16 | sp=befffbe8 17 | lr=b6f2bbc0 18 | pc=b6f2bcbc 19 | orig_r0=befffbf8 20 | cpsr=600d0010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x10000-0x11000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x10000-0x11000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x20000-0x21000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x20000-0x21000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x21000-0x22000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x21000-0x22000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x22000-0x43000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0x22000-0x43000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6e92000-0xb6fb9000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6e92000-0xb6fb9000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6e92000-0xb6fb9000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6e92000-0xb6fb9000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fc8000-0xb6fca000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fc8000-0xb6fca000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fc8000-0xb6fca000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fc8000-0xb6fca000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fca000-0xb6fcb000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fca000-0xb6fcb000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fca000-0xb6fcb000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fca000-0xb6fcb000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fcb000-0xb6fce000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fcb000-0xb6fce000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fcb000-0xb6fce000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fcb000-0xb6fce000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fce000-0xb6fef000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fce000-0xb6fef000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fce000-0xb6fef000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fce000-0xb6fef000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffb000-0xb6ffd000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffb000-0xb6ffd000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffb000-0xb6ffd000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffb000-0xb6ffd000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffd000-0xb6ffe000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffd000-0xb6ffe000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffd000-0xb6ffe000-r-xpphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffd000-0xb6ffe000-r-xpphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffe000-0xb6fff000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffe000-0xb6fff000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffe000-0xb6fff000-r--pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6ffe000-0xb6fff000-r--pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fff000-0xb7000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fff000-0xb7000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fff000-0xb7000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xb6fff000-0xb7000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xbefdf000-0xbf000000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xbefdf000-0xbf000000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xbefdf000-0xbf000000-rw-pphy.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/0xbefdf000-0xbf000000-rw-pphy.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/final_malware_capture/timebomb_2/registers.txt: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=befffbf8 4 | r1=befffbf8 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=befffbf8 9 | r6=7fffffff 10 | r7=a2 11 | r8=2 12 | r9=0 13 | r10=b6ffefac 14 | fp=befffc84 15 | ip=21010 16 | sp=befffbe8 17 | lr=b6f2bbc0 18 | pc=b6f2bcbc 19 | orig_r0=befffbf8 20 | cpsr=60030010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6e6d000-0xb6f94000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6e6d000-0xb6f94000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa3000-0xb6fa5000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa3000-0xb6fa5000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa5000-0xb6fa6000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa5000-0xb6fa6000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa6000-0xb6fa9000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa6000-0xb6fa9000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa9000-0xb6fca000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fa9000-0xb6fca000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fd7000-0xb6fd9000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fd7000-0xb6fd9000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fd9000-0xb6fda000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fd9000-0xb6fda000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fda000-0xb6fdb000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xb6fda000-0xb6fdb000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xbebb6000-0xbebd7000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xbebb6000-0xbebd7000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xbecb8000-0xbecb9000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/0xbecb8000-0xbecb9000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/heartrate/heartrate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/heartrate/heartrate -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6e8a000-0xb6fb1000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6e8a000-0xb6fb1000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc0000-0xb6fc2000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc0000-0xb6fc2000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc2000-0xb6fc3000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc2000-0xb6fc3000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc3000-0xb6fc6000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc3000-0xb6fc6000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc6000-0xb6fe7000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6fc6000-0xb6fe7000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff4000-0xb6ff6000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff4000-0xb6ff6000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff6000-0xb6ff7000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff6000-0xb6ff7000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff7000-0xb6ff8000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xb6ff7000-0xb6ff8000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xbef2e000-0xbef4f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xbef2e000-0xbef4f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xbef96000-0xbef97000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/0xbef96000-0xbef97000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/mysamplemalware_beginning: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/beginning/mysamplemalware_beginning -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6df0000-0xb6f17000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6df0000-0xb6f17000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f26000-0xb6f28000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f26000-0xb6f28000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f28000-0xb6f29000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f28000-0xb6f29000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f29000-0xb6f2c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f29000-0xb6f2c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f2c000-0xb6f4d000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f2c000-0xb6f4d000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5a000-0xb6f5c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5a000-0xb6f5c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5c000-0xb6f5d000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5c000-0xb6f5d000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5d000-0xb6f5e000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xb6f5d000-0xb6f5e000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xbef39000-0xbef5a000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xbef39000-0xbef5a000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xbef91000-0xbef92000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/0xbef91000-0xbef92000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/mysamplemalware_interesting: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/interesting/mysamplemalware_interesting -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6df0000-0xb6f17000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6df0000-0xb6f17000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6e6e000-0xb6f95000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6e6e000-0xb6f95000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f26000-0xb6f28000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f26000-0xb6f28000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f28000-0xb6f29000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f28000-0xb6f29000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f29000-0xb6f2c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f29000-0xb6f2c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f2c000-0xb6f4d000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f2c000-0xb6f4d000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5a000-0xb6f5c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5a000-0xb6f5c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5c000-0xb6f5d000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5c000-0xb6f5d000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5d000-0xb6f5e000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6f5d000-0xb6f5e000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa4000-0xb6fa6000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa4000-0xb6fa6000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa6000-0xb6fa7000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa6000-0xb6fa7000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa7000-0xb6faa000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fa7000-0xb6faa000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6faa000-0xb6fcb000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6faa000-0xb6fcb000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fd8000-0xb6fda000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fd8000-0xb6fda000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fda000-0xb6fdb000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fda000-0xb6fdb000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fdb000-0xb6fdc000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xb6fdb000-0xb6fdc000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbeaf4000-0xbeb15000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbeaf4000-0xbeb15000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbeb08000-0xbeb29000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbeb08000-0xbeb29000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbebd4000-0xbebd5000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbebd4000-0xbebd5000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbed43000-0xbed44000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/0xbed43000-0xbed44000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/mysamplemalware_standard: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/malware_sequential/standard/mysamplemalware_standard -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6e7b000-0xb6fa2000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6e7b000-0xb6fa2000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb1000-0xb6fb3000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb1000-0xb6fb3000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb3000-0xb6fb4000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb3000-0xb6fb4000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb4000-0xb6fb7000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb4000-0xb6fb7000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb7000-0xb6fd8000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fb7000-0xb6fd8000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe5000-0xb6fe7000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe5000-0xb6fe7000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe7000-0xb6fe8000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe7000-0xb6fe8000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe8000-0xb6fe9000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xb6fe8000-0xb6fe9000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xbefae000-0xbefcf000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xbefae000-0xbefcf000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xbefd9000-0xbefda000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/0xbefd9000-0xbefda000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/mysamplemalware: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/hw_dumps/mysamplemalware/mysamplemalware -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6e13000-0xb6f3a000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6e13000-0xb6f3a000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f49000-0xb6f4b000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f49000-0xb6f4b000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f4b000-0xb6f4c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f4b000-0xb6f4c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f4c000-0xb6f4f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f4c000-0xb6f4f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f4f000-0xb6f70000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f4f000-0xb6f70000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f7d000-0xb6f7f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f7d000-0xb6f7f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f7f000-0xb6f80000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f7f000-0xb6f80000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xb6f80000-0xb6f81000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xb6f80000-0xb6f81000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xbed54000-0xbed75000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xbed54000-0xbed75000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/0xbef38000-0xbef39000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/1/0xbef38000-0xbef39000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/1/memcap.log: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=bed74320 4 | r1=bed74320 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=bed74320 9 | r6=7fffffff 10 | r7=a2 11 | r8=0 12 | r9=0 13 | r10=b6f7ffac 14 | fp=0 15 | ip=b6eacb60 16 | sp=bed74310 17 | lr=b6eacbc0 18 | pc=b6eaccbc 19 | orig_r0=bed74320 20 | cpsr=60060010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6e13000-0xb6f3a000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6e13000-0xb6f3a000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f49000-0xb6f4b000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f49000-0xb6f4b000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f4b000-0xb6f4c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f4b000-0xb6f4c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f4c000-0xb6f4f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f4c000-0xb6f4f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f4f000-0xb6f70000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f4f000-0xb6f70000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f7d000-0xb6f7f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f7d000-0xb6f7f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f7f000-0xb6f80000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f7f000-0xb6f80000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xb6f80000-0xb6f81000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xb6f80000-0xb6f81000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xbed54000-0xbed75000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xbed54000-0xbed75000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/0xbef38000-0xbef39000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/2/0xbef38000-0xbef39000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/2/memcap.log: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=bed732e8 4 | r1=bed732e8 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=bed732e8 9 | r6=7fffffff 10 | r7=a2 11 | r8=0 12 | r9=e0633002 13 | r10=e0823003 14 | fp=bed7433c 15 | ip=21020 16 | sp=bed732d8 17 | lr=b6eacbc0 18 | pc=b6eaccbc 19 | orig_r0=bed732e8 20 | cpsr=60060010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6e13000-0xb6f3a000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6e13000-0xb6f3a000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f49000-0xb6f4b000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f49000-0xb6f4b000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f4b000-0xb6f4c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f4b000-0xb6f4c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f4c000-0xb6f4f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f4c000-0xb6f4f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f4f000-0xb6f70000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f4f000-0xb6f70000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f7d000-0xb6f7f000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f7d000-0xb6f7f000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f7f000-0xb6f80000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f7f000-0xb6f80000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xb6f80000-0xb6f81000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xb6f80000-0xb6f81000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xbed54000-0xbed75000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xbed54000-0xbed75000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/0xbef38000-0xbef39000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/3/0xbef38000-0xbef39000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/3/memcap.log: -------------------------------------------------------------------------------- 1 | #Registers 2 | 3 | r0=bed74320 4 | r1=bed74320 5 | r2=10 6 | r3=0 7 | r4=0 8 | r5=bed74320 9 | r6=7fffffff 10 | r7=a2 11 | r8=3 12 | r9=10c34 13 | r10=22150 14 | fp=bed74360 15 | ip=21020 16 | sp=bed74310 17 | lr=b6eacbc0 18 | pc=b6eaccbc 19 | orig_r0=bed74320 20 | cpsr=60060010 21 | mf=10 (mode bits) 22 | nf=0 (negative flag) 23 | zf=1 (zero flag) 24 | cf=1 (carry flag) 25 | vf=0 (overflow flag) 26 | if=0 (interrupt flags) 27 | ff=0 (interrupt flags) 28 | tf=0 (thumb mode) 29 | -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/new_capture/mysamplemalware: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/new_capture/mysamplemalware -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6dfb000-0xb6f22000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6dfb000-0xb6f22000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f31000-0xb6f33000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f31000-0xb6f33000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f33000-0xb6f34000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f33000-0xb6f34000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f34000-0xb6f37000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f34000-0xb6f37000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f37000-0xb6f58000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f37000-0xb6f58000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f65000-0xb6f67000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f65000-0xb6f67000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f67000-0xb6f68000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f67000-0xb6f68000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f68000-0xb6f69000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xb6f68000-0xb6f69000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xbeb6d000-0xbeb8e000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xbeb6d000-0xbeb8e000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xbee1f000-0xbee20000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/0xbee1f000-0xbee20000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/heartrate/heartrate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/heartrate/heartrate -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6e2e000-0xb6f55000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6e2e000-0xb6f55000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f64000-0xb6f66000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f64000-0xb6f66000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f66000-0xb6f67000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f66000-0xb6f67000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f67000-0xb6f6a000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f67000-0xb6f6a000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f6a000-0xb6f8b000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f6a000-0xb6f8b000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f98000-0xb6f9a000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f98000-0xb6f9a000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f9a000-0xb6f9b000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f9a000-0xb6f9b000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f9b000-0xb6f9c000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xb6f9b000-0xb6f9c000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xbedb8000-0xbedd9000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xbedb8000-0xbedd9000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xbef4d000-0xbef4e000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/0xbef4d000-0xbef4e000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/mysamplemalware: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/mysamplemalware/mysamplemalware -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x10000-0x11000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x10000-0x11000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x20000-0x21000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x20000-0x21000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x21000-0x22000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x21000-0x22000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x22000-0x43000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0x22000-0x43000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6e58000-0xb6f7f000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6e58000-0xb6f7f000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f8e000-0xb6f90000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f8e000-0xb6f90000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f90000-0xb6f91000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f90000-0xb6f91000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f91000-0xb6f94000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f91000-0xb6f94000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f94000-0xb6fb5000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6f94000-0xb6fb5000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc2000-0xb6fc4000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc2000-0xb6fc4000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc4000-0xb6fc5000-r--p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc4000-0xb6fc5000-r--p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc5000-0xb6fc6000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xb6fc5000-0xb6fc6000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xbeabd000-0xbeade000-rw-p.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xbeabd000-0xbeade000-rw-p.dmp -------------------------------------------------------------------------------- /sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xbebf2000-0xbebf3000-r-xp.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/linux_toy_malware/qemu_dumps/old_heartrate/0xbebf2000-0xbebf3000-r-xp.dmp -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/Dump/GetProcAddress.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/windows_dynamic_loading/Dump/GetProcAddress.dmp -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/Dump/LoadLibrary.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/windows_dynamic_loading/Dump/LoadLibrary.dmp -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/Dump/Main.dmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/windows_dynamic_loading/Dump/Main.dmp -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/LoadLibA.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | typedef DWORD(WINAPI *GetTickCount_t)(void); 4 | int main() { 5 | HMODULE hModule = LoadLibrary(TEXT("kernel32.dll")); 6 | printf("LoadLibrary Completed"); 7 | GetTickCount_t getTick = 8 | (GetTickCount_t)GetProcAddress(hModule, "GetTickCount"); 9 | printf("GetProcAddress Completed"); 10 | DWORD tick = getTick(); 11 | printf("Finished Call to getTick(), value is %lu", tick); 12 | 13 | FreeLibrary(hModule); 14 | } 15 | -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/test2.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/windows_dynamic_loading/test2.exe -------------------------------------------------------------------------------- /sample_dumps/windows_dynamic_loading/webc2-greencat-2_32.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/sample_dumps/windows_dynamic_loading/webc2-greencat-2_32.7z -------------------------------------------------------------------------------- /scripts/.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | -------------------------------------------------------------------------------- /scripts/.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 6 | 7 | -------------------------------------------------------------------------------- /scripts/.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /scripts/.idea/scripts.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 11 | -------------------------------------------------------------------------------- /scripts/.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import find_packages, setup 2 | 3 | setup( 4 | name="forsee", 5 | description="Symbolic analysis framework for memory forensics", 6 | version="0.0.2", 7 | python_requires=">=3.7", 8 | packages=find_packages(), 9 | install_requires=["minidump==0.0.10"], 10 | extras_require={"dev": ["ipython", "pre-commit", "pytest", "pytest-cov"]}, 11 | ) 12 | -------------------------------------------------------------------------------- /simprocedures/.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length = 88 3 | extend-ignore = E203, E501 4 | per-file-ignores = 5 | */__init__.py: F401 6 | simprocedures/models/data_types.py: F403, F405 7 | -------------------------------------------------------------------------------- /simprocedures/.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .DS_Store 3 | venv 4 | __pycache__ 5 | simprocedures.egg-info 6 | .coverage 7 | -------------------------------------------------------------------------------- /simprocedures/.isort.cfg: -------------------------------------------------------------------------------- 1 | [settings] 2 | line_length = 88 3 | multi_line_output = 3 4 | include_trailing_comma = True 5 | known_third_party = angr,archinfo,claripy,pytest,setuptools 6 | -------------------------------------------------------------------------------- /simprocedures/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @jfuller49 2 | -------------------------------------------------------------------------------- /simprocedures/README.md: -------------------------------------------------------------------------------- 1 | # CyFI SimProcedures 2 | ## Installation 3 | 1) Setup the virtual environment if not already using one `python3.7 -m venv venv` 4 | 2) Activate the virtual environment `. ./venv/bin/activate` 5 | 3) Install SimProcedures and dependencies `pip install -e .[dev]` 6 | 4) Install pre-commit `pre-commit install -t pre-commit -t pre-push` 7 | -------------------------------------------------------------------------------- /simprocedures/pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | addopts = -p no:warnings 3 | -------------------------------------------------------------------------------- /simprocedures/setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import find_packages, setup 2 | 3 | setup( 4 | name="simprocedures", 5 | description="SimProcedures for angr", 6 | version="0.0.1", 7 | python_requires=">=3.7", 8 | packages=find_packages(), 9 | install_requires=["angr"], 10 | extras_require={"dev": ["ipython", "pre-commit", "pytest", "pytest-cov"]}, 11 | ) 12 | -------------------------------------------------------------------------------- /simprocedures/simprocedures/__init__.py: -------------------------------------------------------------------------------- 1 | from simprocedures.libc import procedures as libc 2 | from simprocedures.models import ModelHandler 3 | from simprocedures.win32 import procedures as win32 4 | 5 | procedures = { 6 | "libc": libc, 7 | "win32": win32, 8 | } 9 | -------------------------------------------------------------------------------- /simprocedures/simprocedures/libc/__init__.py: -------------------------------------------------------------------------------- 1 | from simprocedures.libc.strtoul import strtoul 2 | 3 | procedures = { 4 | "strtoul": strtoul, 5 | } 6 | -------------------------------------------------------------------------------- /simprocedures/simprocedures/libc/strtoul.py: -------------------------------------------------------------------------------- 1 | from angr.procedures.libc.strtol import strtol 2 | 3 | 4 | class strtoul(strtol): 5 | """ 6 | This is just a subclass of strtol. It may not be entirely accurate, but should be good enough 7 | for most scenarios. 8 | """ 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /simprocedures/simprocedures/models/__init__.py: -------------------------------------------------------------------------------- 1 | from simprocedures.models.model_handler import ModelHandler 2 | -------------------------------------------------------------------------------- /simprocedures/simprocedures/win32/debugapi.py: -------------------------------------------------------------------------------- 1 | import angr 2 | 3 | 4 | class IsDebuggerPresent(angr.SimProcedure): 5 | """ 6 | Just tells the binary that no debugger is present 7 | """ 8 | def __init__(self, project: angr.Project): 9 | super().__init__(project=project, num_args=0) 10 | 11 | def run(self): 12 | return 0 13 | -------------------------------------------------------------------------------- /tests/programs/simple_loop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CyFI-Lab-Public/Forecast/2eb2996a893af3f8a456f33bb5dd6663c3feac80/tests/programs/simple_loop -------------------------------------------------------------------------------- /tests/programs/simple_loop.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int count = 0; 5 | for (int i = 0; i < 10; i++) { 6 | count += i * 2; 7 | } 8 | printf("Count: %d\n", count); 9 | } 10 | --------------------------------------------------------------------------------