In this guide we will try to explore if we can check for any mnemonics which we don’t want the CPU to execute. In the below example, we will try to block some specific commands from being executed in the CPU. The challenge is to convert rawbytes to assembly language again and check for prohibited mnemonics.
# prohibit command # the objective is to block certain commands from qiling import Qiling from qiling.const import QL_VERBOSE from pwn import asm, disasm import sys def Is_prohibited_MNEMONIC_present(code : bytes, prohibited_mnemonics: str): dis = disasm(code,offset=False, byte=False) for l in dis.splitlines(): for ll in l.split(): for blocked_mne in prohibited_mnemonics: if blocked_mne.lower() == ll: print("blocked item found !!") return True # we are only checked the first mnemonics so break break # debug purpose #print(l) return False def main(): code = asm(''' pop eax pop ebx add eax, ebx ''') prohibited = ['add'] if Is_prohibited_MNEMONIC_present(code, prohibited) == True : print("prohibited mnemonic present... ",flush=True) sys.exit() ql = Qiling(code=code, archtype='x86', ostype='Linux', verbose=QL_VERBOSE.DISASM) ql.stack_push(0x3) ql.stack_push(0x4) ql.run() print("after addtion the value of eax: " + str(ql.arch.regs.eax)) ql.stop() main()
...: main() blocked item found !! prohibited mnemonic present...
From the code we can see that we can filter specific commands. In this case we have filtered