Beispiel #1
0
 def findDep(self, item):
     arg = item.args[self.lastClickIndex]
     address = item.address + item.instr.l
     func = item.func
     if func.ircfg is None:
         func.ira = BinaryAnalysis.iraType(func.cfg.loc_db)
         func.ircfg = func.ira.new_ircfg_from_asmcfg(func.cfg)
         func.defUse = DiGraphDefUse(ReachingDefinitions(func.ircfg))
     indexReg = eval('BinaryAnalysis.machine.mn.regs.regs' + str(arg.size).zfill(2) + '_expr').index(arg)
     arg = eval('BinaryAnalysis.machine.mn.regs.regs' + str(BinaryAnalysis.disasmEngine.attrib).zfill(2) + '_expr')[
         indexReg]
     elements = set()
     elements.add(arg)
     depgraph = DependencyGraph(func.ircfg, implicit=False, apply_simp=True, follow_call=False, follow_mem=True)
     currentLockey = next(iter(func.ircfg.getby_offset(address)))
     assignblkIndex = 0
     currentBlock = func.ircfg.get_block(currentLockey)
     for assignblkIndex, assignblk in enumerate(currentBlock):
         if assignblk.instr.offset == address:
             break
     outputLog = ''
     for solNum, sol in enumerate(depgraph.get(currentBlock.loc_key, elements, assignblkIndex, set())):
         results = sol.emul(func.ira, ctx={})
         outputLog += 'Solution %d:\n' % solNum
         for k, v in viewitems(results):
             outputLog += str(k) + ' = ' + str(v) + '\n'
         path = ' -> '.join(BinaryAnalysis.locDB.pretty_str(h) for h in sol.history[::-1])
         outputLog += path + '\n\n'
     self.log.emit(outputLog)
Beispiel #2
0
 def recoverAlgorithm(self):
     if self.normalIRCFG is None:
         self.getNormalIRCFG()
     newLocDB = LocationDB()
     size = BinaryAnalysis.disasmEngine.attrib
     newIRA = BinaryAnalysis.iraType(newLocDB)
     newIRCFG = newIRA.new_ircfg()
     numLockey = 0
     head = LocKey(numLockey)
     todo = [(self.address, head, {}, None)]
     numLockey += 1
     while todo:
         nextTarget, lockey, state, preBlock = todo.pop()
         nextTarget, state = self.symbolicExecution(self.normalIRA,
                                                    self.normalIRCFG,
                                                    nextTarget, state)
         if isinstance(nextTarget, ExprCond):
             newLockey1 = LocKey(numLockey)
             newLockey2 = LocKey(numLockey + 1)
             ir_dst = state[newIRCFG.IRDst]
             new_cond = ExprCond(ir_dst.cond, ExprLoc(newLockey1, size),
                                 ExprLoc(newLockey2, size))
             state[newIRCFG.IRDst] = new_cond
             numLockey += 2
             newIRBlock = self.addIRBlock(newIRCFG, state, lockey)
             state[newIRCFG.IRDst] = ir_dst
             todo.append((nextTarget.src1, newLockey1, state, newIRBlock))
             todo.append((nextTarget.src2, newLockey2, state, newIRBlock))
         else:
             self.addIRBlock(newIRCFG, state, lockey)
     return newLocDB, newIRCFG
Beispiel #3
0
 def taintAnalysis(self, item):
     func = item.func
     if func.ircfg is None:
         func.ira = BinaryAnalysis.iraType(func.cfg.loc_db)
         func.ircfg = func.ira.new_ircfg_from_asmcfg(func.cfg)
         func.defUse = DiGraphDefUse(ReachingDefinitions(func.ircfg))
     current_block = func.ircfg.get_block(item.block.loc_key)
     index = 0
     dstArg = None
     for index, assignblk in enumerate(current_block):
         if assignblk.instr.offset == item.address:
             for dst, src in assignblk.items():
                 dstArg = dst
             break
     queue = [AssignblkNode(item.block.loc_key, index, dstArg)]
     currentPoint = 0
     endPoint = 0
     while currentPoint <= endPoint:
         node = queue[currentPoint]
         currentPoint += 1
         assign = func.ircfg.blocks[node.label][node.index]
         self.focusAddress(assign.instr.offset, False)
         for node2 in func.defUse.successors(node):
             endPoint += 1
             queue.append(node2)
Beispiel #4
0
 def __init__(self, address, cfg):
     self.rawIRA = BinaryAnalysis.iraType(cfg.loc_db)
     self.normalIRA = BinaryAnalysis.iraType(cfg.loc_db)
     self.ssaIRA = IRADelModCallStack(cfg.loc_db)
     self.maxIRA1 = IRADelModCallStack(cfg.loc_db)
     self.maxIRA2 = IRAOutRegs(cfg.loc_db)
     self.rawIRCFG = self.rawIRA.new_ircfg_from_asmcfg(cfg)
     self.normalIRCFG = None
     self.ssaIRCFG = None
     self.maxIRCFG = None
     self.rawDefUse = DiGraphDefUse(ReachingDefinitions(self.rawIRCFG))
     self.normalDefUse = None
     self.ssaDefUse = None
     self.maxDefUse = None
     self.head = cfg.loc_db.get_offset_location(address)
     self.address = address
     self.cfg = cfg
Beispiel #5
0
    def openFile(self):
        """"
        Open File, Load Function to ListFunction and Info
        :return:
        """
        try:
            f = open('cache', 'r')
            dir = f.read()
        except FileNotFoundError:
            dir = ''
        file, _ = QFileDialog.getOpenFileName(
            self,
            "Open File",
            dir,
            "All File (*);;Python File (*.elf);;PE File (*.exe",
            options=QFileDialog.DontUseNativeDialog)
        if file:
            dir = os.path.dirname(file)
            open('cache', 'w').write(dir)
            self.centralWidget = QWidget(self)
            self.setCentralWidget(self.centralWidget)
            QVBoxLayout(self.centralWidget)
            allLayout = self.centralWidget.layout()
            BinaryAnalysis.init(file)

            self.outputLog = QTextEdit()

            self.binInfo = QTextEdit()
            self.binInfo.setReadOnly(True)
            self.binInfo.setText(BinaryAnalysis.binaryInfo.info())

            self.listFunctions = ListFuncs(BinaryAnalysis.funcs)
            self.listFunctions.gotoFunc.connect(self.gotoAddress)

            leftTopBottomSplitter = QSplitter(Qt.Vertical)
            leftTopBottomSplitter.setSizePolicy(QSizePolicy.Minimum,
                                                QSizePolicy.Minimum)
            leftTopBottomSplitter.addWidget(self.binInfo)
            leftTopBottomSplitter.addWidget(self.listFunctions)
            leftTopBottomSplitter.setStretchFactor(0, 1)
            leftTopBottomSplitter.setStretchFactor(1, 9)

            leftRightSplitter = QSplitter()

            self.mainTab = QTabWidget()
            self.mainTab.setTabsClosable(True)
            self.mainTab.tabCloseRequested.connect(self.closeTab)
            self.mainTab.setSizePolicy(QSizePolicy.Expanding,
                                       QSizePolicy.Expanding)

            self.asmLinear = AsmLinear()
            self.mainTab.addTab(self.asmLinear, "Disassembly")
            self.asmLinear.focusAddress(BinaryAnalysis.binaryInfo.entryPoint)
            self.bindAsmLinear()

            self.hexView = HexView(BinaryAnalysis.rawData)
            self.mainTab.addTab(self.hexView, "Hex View")

            self.stringView = StringView(BinaryAnalysis.binaryInfo.strings)
            self.stringView.clicked.connect(self.gotoAddress)
            self.mainTab.addTab(self.stringView, "String List")

            self.importView = ImportView(BinaryAnalysis.binaryInfo.imports)
            self.importView.clicked.connect(self.gotoLibFunc)
            self.mainTab.addTab(self.importView, "Imports")

            self.exportView = ExportView(BinaryAnalysis.binaryInfo.exports)
            self.exportView.clicked.connect(self.gotoLibFunc)
            self.mainTab.addTab(self.exportView, "Exports")

            leftRightSplitter.addWidget(leftTopBottomSplitter)
            leftRightSplitter.addWidget(self.mainTab)
            leftRightSplitter.setStretchFactor(0, 2)
            leftRightSplitter.setStretchFactor(1, 8)
            topBottomSplitter = QSplitter(Qt.Vertical)
            topBottomSplitter.addWidget(leftRightSplitter)
            topBottomSplitter.addWidget(self.outputLog)
            topBottomSplitter.setStretchFactor(0, 8)
            topBottomSplitter.setStretchFactor(1, 2)
            allLayout.addWidget(topBottomSplitter)
            self.asmLinear.setFocus()