def storesymbols(function):
res = ifc.decompileFunction(function, 60, monitor)
high_func = res.getHighFunction()
lsm = high_func.getLocalSymbolMap()
symbols = lsm.getSymbols()
HighFunctionDBUtil.commitLocalsToDatabase(high_func, SourceType.ANALYSIS)
HighFunctionDBUtil.commitLocalsToDatabase(high_func, SourceType.ANALYSIS)
def analyzeFunctionBackward(func, pci, init_param=None):
print("Backwards analysis", func.getName())
hf = get_highfunction(func)
HighFunctionDBUtil.commitParamsToDatabase(hf, True, SourceType.DEFAULT)
func_proto = hf.getFunctionPrototype()
# Grab return varnodes
return_varnodes = []
for i in hf.getPcodeOps():
if i.getOpcode() == PcodeOp.RETURN:
if len(i.getInputs()) >= 2:
return_varnodes.append(i.getInputs()[1])
# Grab argument varnodes as base case
argument_varnodes = []
for i in range(func_proto.getNumParams()):
argument_varnodes.append(func_proto.getParam(i).getRepresentative())
# Sets argument as base cases
for arg in range(len(argument_varnodes)):
if init_param is None:
pci.store_node(
argument_varnodes[arg],
Node("ARG" + str(arg), None, None,
argument_varnodes[arg].getSize()))
else:
pci.store_node(argument_varnodes[arg], init_param[arg])
return_types = []
for i in return_varnodes:
result = pci.lookup_node(i)
return_types.append(result)
return return_types, argument_varnodes
def annotateVirtualCall(calledFunc, startingFunc, callAddr, thisOverride=None):
print calledFunc
funcDef = FunctionDefinitionDataType(calledFunc.signature)
if thisOverride is not None:
originalThis = funcDef.arguments[0]
funcDef.replaceArgument(0, originalThis.name, thisOverride, originalThis.comment, SourceType.DEFAULT)
HighFunctionDBUtil.writeOverride(startingFunc, callAddr, funcDef)
currentProgram.listing.setComment(callAddr, CodeUnit.PRE_COMMENT, "{@symbol %s}"%calledFunc.symbol.getName(True))
def get_function(caller):
func_addr = caller.getAddress()
func = getFunctionAt(func_addr)
# we want to deal only with functions with a namespace
if func.getParentNamespace().isGlobal() == True:
return None
hfunc = decompile_func(ifc,func)
HighFunctionDBUtil.commitParamsToDatabase(hfunc,True,SourceType.USER_DEFINED)
return hfunc
def analyzeFunctionForward(func, pci):
print("Forwards analysis", func.getName())
hf = get_highfunction(func)
HighFunctionDBUtil.commitParamsToDatabase(hf, True, SourceType.DEFAULT)
print(func.getParameters())
# get the varnode of function parameters
func_proto = hf.getFunctionPrototype()
argument_varnodes = []
argument_nodes = []
for i in range(func_proto.getNumParams()):
argument_varnodes.append(func_proto.getParam(i).getRepresentative())
argument_nodes.append(
Node("ARG" + str(i), None, None, argument_varnodes[i].getSize()))
hash_list = set()
for a in range(2):
print("Loop variants", map(id, pci.loop_variants))
variant_vals = []
new_nodes = {}
for i in pci.loop_variants:
new_nodes[i] = pci.nodes[i]
del pci.nodes[i]
visited = set()
pci.nodes = new_nodes
for arg in range(len(argument_varnodes)):
pci.store_node(argument_varnodes[arg], argument_nodes[arg])
# recursively traverse the varnode descendants to get reaching definitions
for i in argument_varnodes:
traverseForward(i, 0, pci, visited)
if a == 0:
for i in pci.stores + pci.loads:
hash_list.add(hash(i))
continue
temp = pci.stores + pci.loads
for i in range(len(temp))[::-1]:
if hash(temp[i]) not in hash_list:
pci.arrays.append(temp[i])
print("FOUND ARRAY!")
return argument_varnodes
def analyze_pcode(varname,vartype, dstvar , op):
param_index = -1
if op.opcode == PcodeOp.CALL:
inputs = op.getInputs()
caller = inputs[0]
param_index = get_input_index(op,dstvar)
if param_index == -1:
raise Exception("target param not found ")
hfunc = get_function(caller)
# global namesapce is out of scope
if hfunc == None:
return
#print varname,vartype, param_index
func = hfunc.getFunction()
resolve_param(func,param_index,varname,vartype)
elif op.opcode == PcodeOp.CALLIND:
# get memory reference
pc = op.getSeqnum().getTarget()
refMgr = currentProgram.getReferenceManager()
refs = refMgr.getReferencesFrom(pc,0)
if len(refs) == 0:
raise Exception()
return
# take care for one ref atm
ref = refs.pop()
addr = ref.getToAddress()
# get function from that address
func = getFunctionAt(addr)
hfunc = decompile_func(ifc,func)
HighFunctionDBUtil.commitParamsToDatabase(hfunc,True,SourceType.USER_DEFINED)
# get the input index from the operation varnode
param_index = get_input_index(op,dstvar)
if param_index == -1:
raise Exception("target param not found ")
# get parameter index from the resolved function
# change its name/type
resolve_param(func,param_index,varname,vartype)
def checkFixParameters(func, parameters):
hf = get_highfunction(func)
HighFunctionDBUtil.commitParamsToDatabase(hf, True, SourceType.DEFAULT)
# reload cache
del highfunction_cache[func]
hf = get_highfunction(func)
# Check arguments
func_proto = hf.getFunctionPrototype()
if func_proto.getNumParams() != len(parameters) and not func.hasVarArgs():
print(func, "call signature wrong...")
raise Exception("Function call signature different")
argument_varnodes = []
for i in range(func_proto.getNumParams()):
cur = func_proto.getParam(i).getRepresentative()
if cur.getSize() != parameters[i].getSize():
print(cur.getSize(), parameters[i].getSize())
raise Exception("Func parameter size mismatch")