diff --git a/qiling/core.py b/qiling/core.py index 1a42d3e7e..4e99a39be 100644 --- a/qiling/core.py +++ b/qiling/core.py @@ -703,6 +703,9 @@ def emu_start(self, begin: int, end: int, timeout: int = 0, count: int = 0): count : max emulation steps (instructions count); unlimited by default """ + if self._arch.type in (QL_ARCH.ARM, QL_ARCH.CORTEX_M) and self._arch._init_thumb: + begin |= 1 + self.uc.emu_start(begin, end, timeout, count) if self._internal_exception is not None: diff --git a/qltool b/qltool index 861bbbae3..200101e04 100755 --- a/qltool +++ b/qltool @@ -90,6 +90,7 @@ def handle_code(options: argparse.Namespace): profile=options.profile, filter=options.filter, endian=archendian, + thumb=options.thumb, ) return ql @@ -184,7 +185,7 @@ if __name__ == '__main__': code_parser.add_argument('-f', '--filename', metavar="FILE", help="filename") code_parser.add_argument('-i', '--input', metavar="INPUT", dest="input", help='input hex value') code_parser.add_argument('--arch', required=True, choices=arch_map) - code_parser.add_argument('--thumb', action='store_true', help='specify thumb mode for ARM') + code_parser.add_argument('--thumb', action='store_true', default=False, help='specify thumb mode for ARM') code_parser.add_argument('--endian', choices=('little', 'big'), default='little', help='specify endianess for bi-endian archs') code_parser.add_argument('--os', required=True, choices=os_map) code_parser.add_argument('--rootfs', default='.', help='emulated root filesystem, that is where all libraries reside') diff --git a/tests/test_shellcode.py b/tests/test_shellcode.py index b89d35468..8d01e4e59 100644 --- a/tests/test_shellcode.py +++ b/tests/test_shellcode.py @@ -18,6 +18,7 @@ X86_WIN = unhexlify('fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d6a01eb2668318b6f87ffd5bbf0b5a25668a695bd9dffd53c067c0a80fbe07505bb4713726f6a0053ffd5e8d5ffffff63616c6300') X8664_WIN = unhexlify('fc4881e4f0ffffffe8d0000000415141505251564831d265488b52603e488b52183e488b52203e488b72503e480fb74a4a4d31c94831c0ac3c617c022c2041c1c90d4101c1e2ed5241513e488b52203e8b423c4801d03e8b80880000004885c0746f4801d0503e8b48183e448b40204901d0e35c48ffc93e418b34884801d64d31c94831c0ac41c1c90d4101c138e075f13e4c034c24084539d175d6583e448b40244901d0663e418b0c483e448b401c4901d03e418b04884801d0415841585e595a41584159415a4883ec204152ffe05841595a3e488b12e949ffffff5d49c7c1000000003e488d95fe0000003e4c8d850f0100004831c941ba45835607ffd54831c941baf0b5a256ffd548656c6c6f2c2066726f6d204d534621004d657373616765426f7800') ARM_LIN = unhexlify('01308fe213ff2fe178460e300190491a921a0827c251033701df2f62696e2f2f7368') +ARM_THUMB = unhexlify('401c01464fea011200bf') ARM64_LIN = unhexlify('420002ca210080d2400080d2c81880d2010000d4e60300aa01020010020280d2681980d2010000d4410080d2420002cae00306aa080380d2010000d4210400f165ffff54e0000010420002ca210001caa81b80d2010000d4020004d27f0000012f62696e2f736800') X8664_FBSD = unhexlify('6a61586a025f6a015e990f054897baff02aaaa80f2ff524889e699046680c2100f05046a0f05041e4831f6990f0548976a035852488d7424f080c2100f0548b8523243427730637257488d3e48af74084831c048ffc00f055f4889d04889fe48ffceb05a0f0575f799043b48bb2f62696e2f2f73685253545f5257545e0f05') X8664_macos = unhexlify('4831f65648bf2f2f62696e2f7368574889e74831d24831c0b00248c1c828b03b0f05') @@ -44,6 +45,12 @@ def test_linux_arm(self): ql = Qiling(code = ARM_LIN, archtype = "arm", ostype = "linux", verbose=QL_VERBOSE.OFF) ql.run() + + def test_linux_arm_thumb(self): + print("Linux ARM Thumb Shllcode") + ql = Qiling(code = ARM_THUMB, archtype = "arm", ostype = "linux", verbose=QL_VERBOSE.OFF, thumb = True) + ql.run() + def test_linux_arm64(self): print("Linux ARM 64bit Shellcode")