def resolve_argument(f, addr):
register = currentProgram.getLanguage().getRegister("v1")
startaddr = f.getEntryPoint()
evaluator = ConstantPropagationContextEvaluator(True)
symbolic = SymbolicPropogator(currentProgram)
symbolic.flowConstants(startaddr, f.getBody(), evaluator, True, monitor)
reg_value = symbolic.getRegisterValue(addr, register)
return reg_value.getValue()
def getRegisterValue(self, func, call, register):
symEval = SymbolicPropogator(self.currentProgram)
function = self.currentProgram.getListing().getFunctionContaining(call)
evaluate = ConstantPropagationContextEvaluator(True)
symEval.flowConstants(function.getEntryPoint(), function.getBody(), evaluate, False, self.monitor)
result = symEval.getRegisterValue(call, register)
if result is not None:
return result.getValue()
return None
def resolveConstants(funcsToCalls, program, tMonitor):
addressesToSyscalls = {}
syscallReg = program.getLanguage().getRegister(syscallRegister)
for func in sorted(funcsToCalls, key=lambda a: str(a)):
start = func.getEntryPoint()
eval_ = ConstantPropagationContextEvaluator(True)
symEval = SymbolicPropogator(program)
symEval.flowConstants(start, func.getBody(), eval_, True, tMonitor)
for callSite in funcsToCalls[func]:
val = symEval.getRegisterValue(callSite, syscallReg)
if val is None:
print "Couldn't resolve value of %s" % syscallReg
continue
print "Resolved syscall to 0x%02X" % val.getValue()
addressesToSyscalls[callSite] = val.getValue()
return addressesToSyscalls
class RegsAnalyzer:
"""Analyze register values at a given address"""
def __init__(self, currentProgram, monitor):
self.currentProgram = currentProgram
self.monitor = monitor
self.symprop = SymbolicPropogator(currentProgram)
self.last_fn = None
# loosely based on code from https://github.com/0xb0bb/pwndra/blob/master/scripts/lib/Syscalls.py
def getRegs(self, regs, addr):
fn = self.currentProgram.getListing().getFunctionContaining(addr)
if not fn:
return
# don't reflow if we already did this function
if fn != self.last_fn:
cpce = ConstantPropagationContextEvaluator(True)
self.symprop.flowConstants(fn.getEntryPoint(), fn.getBody(), cpce,
False, self.monitor)
self.last_fn = fn
res = {}
for rname in regs:
res[rname] = self.symprop.getRegisterValue(
addr, self.currentProgram.getRegister(rname))
return res
def describe(self, regvals):
for rname in sorted(list(regvals)):
reg = regvals[rname]
if reg is None:
rval = "Unknown"
elif reg.isRegisterRelativeValue():
rval = str(
reg.getRelativeRegister()) + ' %#x' % (reg.getValue())
else:
rval = '%#x' % (reg.getValue())
infomsg(-1, '%s %s\n' % (rname, rval))