Beispiel #1
0
def mem_read(state):
    length = state.inspect.mem_read_length * 8
    if str(state.inspect.mem_read_address) in state.globals:
        ptr = state.globals[str(state.inspect.mem_read_address)]
    else:
        ptr = state.solver.eval(state.inspect.mem_read_address)
    content = state.inspect.mem_read_expr
    insn = state.project.factory.block(state.addr, size=4).capstone.insns[0]
    op = insn.mnemonic
    src_value = str(insn.op_str).split(',')[0]

    if ptr in IVar.ivars:
        ivar = IVar.ivars[ptr]
        state.inspect.mem_read_expr = claripy.BVS(
            FORMAT_IVAR_OFFSET.format(ptr=hex(ptr)),
            length,
            uninitialized=True)
    elif ptr in IVar.fake_memory_and_ivar:
        ivar = IVar.fake_memory_and_ivar[ptr]['ivar']
        instance = IVar.fake_memory_and_ivar[ptr]['instance']
        state.inspect.mem_read_expr = ivar.ret_latest_data(length=length)
        record = AccessedRecord(state,
                                state.addr,
                                op,
                                instance=Receiver(Data(state, bv=instance),
                                                  None))
        ivar.add_record(record)
        # node = GraphView.current_view.insert_invoke(record.ea,
        #                                             "[{} {}]".format(record.instance.data.expr,
        #                                                              ivar.getter),
        #                                             record.state,
        #                                             receiver=record.instance.data.expr,
        #                                             selector=record.type)
        # GraphView.current_view.g.nodes[node]['ret'] = ivar.ret_latest_data()

    elif MachO.pd.segdata['common'] and ptr in range(
            MachO.pd.segdata['common'].min_addr,
            MachO.pd.segdata['common'].max_addr):
        state.inspect.mem_read_expr = claripy.BVS(
            FORMAT_COMMON_DATA.format(ptr=hex(ptr)),
            length,
            uninitialized=True)

    elif ptr in range(MachO.pd.segdata['bss'].min_addr,
                      MachO.pd.segdata['bss'].max_addr):
        state.inspect.mem_read_expr = BSS.get(ptr).load(length)

    elif ptr in range(MachO.pd.segdata['got'].min_addr,
                      MachO.pd.segdata['got'].max_addr):
        if ptr % 2:
            state.inspect.mem_read_expr = claripy.BVS(
                MachO.pd.macho.get_symbol_by_address_fuzzy(ptr -
                                                           GOT_ADD_ON).name,
                length,
                uninitialized=True)
        else:
            state.inspect.mem_read_expr = claripy.BVV(ptr + GOT_ADD_ON, length)
Beispiel #2
0
def mem_write(state):
    resolved_data = None
    length = state.inspect.mem_write_length * 8
    # TODO: UnsatError("CompositeSolver is already unsat")
    if str(state.inspect.mem_write_address) in state.globals:
        ptr = state.globals[str(state.inspect.mem_write_address)]
    else:
        ptr = state.solver.eval(state.inspect.mem_write_address)
    insn = state.project.factory.block(state.addr, size=4).capstone.insns[0]
    op = insn.mnemonic

    if ptr in IVar.ivars:
        ivar = IVar.ivars[ptr]
        resolved_data = FORMAT_IVAR_OFFSET.format(ptr=hex(ptr))

    elif ptr in IVar.fake_memory_and_ivar:
        ivar = IVar.fake_memory_and_ivar[ptr]['ivar']
        instance = IVar.fake_memory_and_ivar[ptr]['instance']
        record = AccessedRecord(state,
                                state.addr,
                                op,
                                instance=Receiver(Data(state, bv=instance),
                                                  None),
                                value=Data(state,
                                           bv=state.inspect.mem_write_expr))
        ivar.add_record(record)
        # node = GraphView.current_view.insert_invoke(record.ea,
        #                                             "[{} {}]".format(record.instance.data.expr,
        #                                                              ivar.setter),
        #                                             record.state,
        #                                             receiver=record.instance.data.expr,
        #                                             selector=record.type,
        #                                             args=[record.value, ])

    elif MachO.pd.segdata['common'] and ptr in range(
            MachO.pd.segdata['common'].min_addr,
            MachO.pd.segdata['common'].max_addr):
        resolved_data = FORMAT_COMMON_DATA.format(ptr=hex(ptr))

    elif ptr in range(MachO.pd.segdata['bss'].min_addr,
                      MachO.pd.segdata['bss'].max_addr):
        # 并不改变写入值,只是对写入值进行记录
        BSS.get(ptr).store(state.inspect.mem_write_expr)
Beispiel #3
0
 def analyze(self):
     for arg in self.bv.args:
         arg_data = Data(self.state, bv=arg)
         if arg_data.concrete is False:
             try:
                 value = self.state.solver.eval(arg)
             except Exception:
                 value = 'UNSAT'
             # arg_expr = arg_data.decode_expr()
             arg_expr = arg_data.expr
             # print '{}: {}'.format(arg_data.expr, value)
             if arg_expr in self.solutions:
                 self.solutions[arg_expr].append((str(self.bv), value))
             else:
                 self.solutions[arg_expr] = [(str(self.bv), value), ]
     return self
Beispiel #4
0
collision_weight = 25
regularizer = True  # first epoch only, ensure 'chi' deformations are small
""" MODEL """
print("Building model...")
model = DeePSD(128, checkpoint)
tgts = model.gather(only_chi=True)  # model weights
model_summary(tgts)
print("*" * 25)
print("Model Best: ", model._best)
print("*" * 25)
optimizer = tf.optimizers.Adam()
""" DATA """
print("Reading data...")
tr_txt = 'Data/train.txt'
val_txt = 'Data/val.txt'
tr_data = Data(tr_txt, batch_size=batch_size)
val_data = Data(val_txt, batch_size=batch_size)

tr_steps = floor(len(tr_data._samples) / batch_size)
val_steps = floor(len(val_data._samples) / batch_size)
for epoch in range(num_epochs):
    if (epoch + 1) % 2 == 0 and virtual_batch_size < 32:
        virtual_batch_size *= 2
    print("")
    print("Epoch " + str(epoch + 1))
    print("--------------------------")
    """ TRAIN """
    print("Training...")
    total_time = 0
    metrics = [0] * 4  # Err, Edge, Bend, Collision
    cgrds = None