cleanup demigod typo

Author: xwings

qiling/loader/elf.py

@@ -448,7 +448,7 @@ def get_symbol(elffile, name):
         all_symbols = []
         self.ql.os.hook_addr = API_HOOK_MEM
         # map address to symbol name
-        ql.import_symbols = {}
+        self.import_symbols = {}
         # reverse dictionary to map symbol name -> address
         rev_reloc_symbols = {}
 
@@ -505,7 +505,7 @@ def get_symbol(elffile, name):
                                     self.ql.os.hook_addr = (int(
                                         self.ql.os.hook_addr / self.ql.pointersize) + 1) * self.ql.pointersize
                                     # print("hook_addr = %x" %self.ql.os.hook_addr)
-                            ql.import_symbols[self.ql.os.hook_addr] = symbol_name
+                            self.import_symbols[self.ql.os.hook_addr] = symbol_name
                             # ql.log.info(":: Demigod is hooking %s(), at slot %x" %(symbol_name, self.ql.os.hook_addr))
 
                             if symbol_name == "page_offset_base":
@@ -668,9 +668,9 @@ def load_driver(self, ql, stack_addr, loadbase=0):
         ql.mem.write(SYSCALL_MEM + 2 * ql.pointersize, ql.pack(self.ql.os.hook_addr + 2 * ql.pointersize))
 
         # setup hooks for read/write/open syscalls
-        ql.import_symbols[self.ql.os.hook_addr] = hook_sys_read
-        ql.import_symbols[self.ql.os.hook_addr + 1 * ql.pointersize] = hook_sys_write
-        ql.import_symbols[self.ql.os.hook_addr + 2 * ql.pointersize] = hook_sys_open
+        self.import_symbols[self.ql.os.hook_addr] = hook_sys_read
+        self.import_symbols[self.ql.os.hook_addr + 1 * ql.pointersize] = hook_sys_write
+        self.import_symbols[self.ql.os.hook_addr + 2 * ql.pointersize] = hook_sys_open
 
     def get_elfdata_mapping(self):
         elfdata_mapping = bytearray()

qiling/loader/macho.py

@@ -154,7 +154,7 @@ def run(self):
         self.ql.os.macho_task.min_offset = page_align_end(self.vm_end_addr, PAGE_SIZE)
 
     def loadDriver(self, stack_addr, loadbase = -1, argv = [], env = {}):
-        self.ql.import_symbols = {}
+        self.import_symbols = {}
         PAGE_SIZE = 0x1000
         if loadbase < 0:
             loadbase = 0xffffff7000000000
@@ -210,15 +210,15 @@ def loadDriver(self, stack_addr, loadbase = -1, argv = [], env = {}):
 
         for key in self.kernel_local_symbols_detail:
             value = self.kernel_local_symbols_detail[key]
-            self.ql.import_symbols[value["n_value"]] = key
+            self.import_symbols[value["n_value"]] = key
 
         kernel_extrn_symbols_index = self.kernel.dysymbol_table.defext_index
         kernel_extrn_symbols_num = self.kernel.dysymbol_table.defext_num
         self.kernel_extrn_symbols_detail = self.kernel.symbol_table.details(kernel_extrn_symbols_index, kernel_extrn_symbols_num, self.kernel.string_table)
 
         for key in self.kernel_extrn_symbols_detail:
             value = self.kernel_extrn_symbols_detail[key]
-            self.ql.import_symbols[value["n_value"]] = key
+            self.import_symbols[value["n_value"]] = key
 
         offset = 0
         """
@@ -244,7 +244,7 @@ def loadDriver(self, stack_addr, loadbase = -1, argv = [], env = {}):
                     else:
                         self.ql.log.info("Static symbol %s not found" % symname)
                         continue
-                    self.ql.import_symbols[real_addr] = symname
+                    self.import_symbols[real_addr] = symname
                     lo_addr = real_addr & 0xffffffff
                     hi_addr = (real_addr & 0xffffffff00000000) // 0x100000000
                     jmpcode = b"\x48\x83\xec\x08\xc7\x04\x24" + struct.pack("<I", lo_addr) + b"\xc7\x44\x24\x04" + struct.pack("<I", hi_addr) + b"\xc3"

qiling/os/linux/fncc.py

@@ -39,5 +39,4 @@ def wrapper(*args, **kwargs):
             else:
                 raise QlErrorArch("Unknown ql.archtype")
         return wrapper
-    return decorator
-
+    return decorator

qiling/os/linux/kernel_api/hook.py

@@ -3,15 +3,18 @@
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
+import types
+
 from qiling.os.linux.kernel_api import *
+from qiling.exception import *
 
 
 # hook Linux kernel API
 def hook_kernel_api(ql, address, size):
     # call kernel api
     # print("check hook_kernel_api: %x" %(address))
-    if address in ql.import_symbols:
-        api_name = ql.import_symbols[address]
+    if address in ql.loader.import_symbols:
+        api_name = ql.loader.import_symbols[address]
         # print("OK, found hook for %s" %api_name)
         api_func = None
 

qiling/os/linux/linux.py

@@ -64,10 +64,12 @@ def load(self):
             ql_x86_register_cs(self)
             ql_x86_register_ds_ss_es(self)
             self.ql.hook_insn(self.hook_syscall, UC_X86_INS_SYSCALL)
+            # Keep test for _cc
+            #self.ql.hook_insn(hook_posix_api, UC_X86_INS_SYSCALL)
             self.thread_class = QlLinuxX8664Thread
 
     def hook_syscall(self, int= None, intno= None):
-        return self.load_syscall(intno)
+        return self.load_syscall()
 
 
     def add_function_hook(self, fn, cb, userdata = None):

qiling/os/macos/kernel_api/hook.py

@@ -3,17 +3,17 @@
 # Cross Platform and Multi Architecture Advanced Binary Emulation Framework
 #
 
-
-from unicorn import *
+import types
 
 from qiling.os.macos.kernel_api import *
+from qiling.exception import *
 
 
 # hook MacOS kernel API
 def hook_kernel_api(ql, address, size):
     # call kernel api
-    if address in ql.import_symbols:
-        api_name = ql.import_symbols[address].decode()
+    if address in ql.loader.import_symbols:
+        api_name = ql.loader.import_symbols[address].decode()
         # print("OK, found hook for %s at 0x%x" % (api_name, address))
         api_func = None