Beispiel #1
0
    def gen_finalize(self, block):
        """
        Generate the C code for the final block instruction
        """

        loc_key = self.get_block_post_label(block)
        offset = self.ir_arch.loc_db.get_location_offset(loc_key)
        out = (self.CODE_RETURN_NO_EXCEPTION %
               (loc_key, self.C_PC, m2_expr.ExprId('branch_dst_irdst', 32),
                m2_expr.ExprId('branch_dst_irdst', 32),
                self.id_to_c(m2_expr.ExprInt(offset, 32)))).split('\n')
        return out
Beispiel #2
0
def gen_regs(rnames, env, sz=32):
    regs_str = []
    regs_expr = []
    regs_init = []
    for rname in rnames:
        r = m2_expr.ExprId(rname, sz)
        r_init = m2_expr.ExprId(rname+'_init', sz)
        regs_str.append(rname)
        regs_expr.append(r)
        regs_init.append(r_init)
        env[rname] = r

    reginfo = reg_info(regs_str, regs_expr)
    return regs_expr, regs_init, reginfo
Beispiel #3
0
 def identifier(cls, size=32):
     """Return a random identifier
     @size: (optional) identifier size
     """
     return m2_expr.ExprId("".join([
         random.choice(cls.identifier_charset)
         for _ in range(cls.identifier_len)
     ]),
                           size=size)
Beispiel #4
0
class IR(object):
    def __init__(self, loc_db):
        self.loc_db = loc_db

    IRDst = m2_expr.ExprId("IRDst", 32)

    def get_next_instr(self, _):
        return m2_expr.LocKey(0)

    def get_next_loc_key(self, _):
        return m2_expr.LocKey(0)
Beispiel #5
0
    def set_dst_symbol(self, loc_db):
        dst = self.getdstflow(loc_db)
        args = []
        for d in dst:
            if isinstance(d, m2_expr.ExprInt):
                l = loc_db.get_or_create_offset_location(int(d))

                a = m2_expr.ExprId(l.name, d.size)
            else:
                a = d
            args.append(a)
        self.args_symb = args
Beispiel #6
0
    def find_variables_rec(self, expr):
        """Recursive method called by find_variable to expand @expr.
        Set @var_names and @var_values.
        This implementation is faster than an expression visitor because
        we do not rebuild each expression.
        """

        if (expr in self.var_asked):
            # Expr has already been asked
            if expr not in viewvalues(self._vars):
                # Create var
                identifier = m2_expr.ExprId(
                    "%s%s" % (self.var_prefix, next(self.var_indice)),
                    size=expr.size)
                self._vars[identifier] = expr

            # Recursion stop case
            return
        else:
            # First time for @expr
            self.var_asked.add(expr)

        if isinstance(expr, m2_expr.ExprOp):
            for a in expr.args:
                self.find_variables_rec(a)

        elif isinstance(expr, m2_expr.ExprInt):
            pass

        elif isinstance(expr, m2_expr.ExprId):
            pass

        elif isinstance(expr, m2_expr.ExprLoc):
            pass

        elif isinstance(expr, m2_expr.ExprMem):
            self.find_variables_rec(expr.ptr)

        elif isinstance(expr, m2_expr.ExprCompose):
            for arg in expr.args:
                self.find_variables_rec(arg)

        elif isinstance(expr, m2_expr.ExprSlice):
            self.find_variables_rec(expr.arg)

        elif isinstance(expr, m2_expr.ExprCond):
            self.find_variables_rec(expr.cond)
            self.find_variables_rec(expr.src1)
            self.find_variables_rec(expr.src2)

        else:
            raise NotImplementedError("Type not handled: %s" % expr)
Beispiel #7
0
def _expr_loc_to_symb(expr, loc_db):
    if not expr.is_loc():
        return expr
    if loc_db is None:
        name = str(expr)
    else:
        names = loc_db.get_location_names(expr.loc_key)
        if not names:
            name = loc_db.pretty_str(expr.loc_key)
        else:
            # Use only one name for readability
            name = sorted(names)[0]
    return m2_expr.ExprId(name, expr.size)
Beispiel #8
0
def gen_reg(reg_name, sz=32):
    """Gen reg expr and parser"""
    reg = m2_expr.ExprId(reg_name, sz)
    reginfo = reg_info([reg_name], [reg])
    return reg, reginfo
Beispiel #9
0
 def __init__(self, loc_db):
     self.addrsize = 32
     Lifter.__init__(self, mn_mips32, 'b', loc_db)
     self.pc = mn_mips32.getpc()
     self.sp = mn_mips32.getsp()
     self.IRDst = m2_expr.ExprId('IRDst', 32)
Beispiel #10
0
    # Match the expected form
    ## isinstance(expr, m2_expr.ExprOp) is not needed: simplifications are
    ## attached to expression types
    if expr.op == "+" and \
            len(expr.args) == 3 and \
            expr.args.count(expr.args[0]) == len(expr.args):

        # Effective simplification
        return m2_expr.ExprOp("*", expr.args[0],
                              m2_expr.ExprInt(3, expr.args[0].size))
    else:
        # Do not simplify
        return expr


a = m2_expr.ExprId('a', 32)
base_expr = a + a + a
print("Without adding the simplification:")
print("\t%s = %s" % (base_expr, expr_simp(base_expr)))

# Enable pass
expr_simp.enable_passes({m2_expr.ExprOp: [simp_add_mul]})

print("After adding the simplification:")
print("\t%s = %s" % (base_expr, expr_simp(base_expr)))

# Automatic fail
assert (expr_simp(base_expr) == m2_expr.ExprOp("*", a,
                                               m2_expr.ExprInt(3, a.size)))
Beispiel #11
0
    def test_Variables_Identifier(self):
        import miasm.expression.expression as m2_expr
        from miasm.expression.expression_helper import Variables_Identifier

        # Build a complex expression
        cst = m2_expr.ExprInt(0x100, 16)
        eax = m2_expr.ExprId("EAX", 32)
        ebx = m2_expr.ExprId("EBX", 32)
        ax = eax[0:16]
        expr = eax + ebx
        expr = m2_expr.ExprCompose(ax, expr[16:32])
        expr2 = m2_expr.ExprMem((eax + ebx) ^ (eax), size=16)
        expr2 = expr2 | ax | expr2 | cst
        exprf = expr - expr + m2_expr.ExprCompose(expr2, cst)

        # Identify variables
        vi = Variables_Identifier(exprf)

        # Use __str__
        print(vi)

        # Test the result
        new_expr = vi.equation

        ## Force replace in the variable dependency order
        for var_id, var_value in reversed(list(viewitems(vi.vars))):
            new_expr = new_expr.replace_expr({var_id: var_value})
        self.assertEqual(exprf, new_expr)

        # Test prefix
        vi = Variables_Identifier(exprf, var_prefix="prefix_v")

        ## Use __str__
        print(vi)

        ## Test the result
        new_expr = vi.equation
        ### Force replace in the variable dependency order
        for var_id, var_value in reversed(list(viewitems(vi.vars))):
            new_expr = new_expr.replace_expr({var_id: var_value})
        self.assertEqual(exprf, new_expr)

        # Test an identify on an expression already containing identifier
        vi = Variables_Identifier(exprf)
        vi2 = Variables_Identifier(vi.equation)

        ## Test the result
        new_expr = vi2.equation
        ### Force replace in the variable dependency order
        for var_id, var_value in reversed(list(viewitems(vi2.vars))):
            new_expr = new_expr.replace_expr({var_id: var_value})
        self.assertEqual(vi.equation, new_expr)

        ## Corner case: each sub var depends on itself
        mem1 = m2_expr.ExprMem(ebx, size=32)
        mem2 = m2_expr.ExprMem(mem1, size=32)
        cst2 = m2_expr.ExprInt(-1, 32)
        expr_mini = ((eax ^ mem2 ^ cst2) & (mem2 ^ (eax + mem2)))[31:32]

        ## Build
        vi = Variables_Identifier(expr_mini)
        vi2 = Variables_Identifier(vi.equation)

        ## Test the result
        new_expr = vi2.equation
        ### Force replace in the variable dependency order
        for var_id, var_value in reversed(list(viewitems(vi2.vars))):
            new_expr = new_expr.replace_expr({var_id: var_value})
        self.assertEqual(vi.equation, new_expr)
Beispiel #12
0
 def __init__(self, loc_db=None):
     super(ir_ppc32b, self).__init__(mn_ppc, 'b', loc_db)
     self.pc = mn_ppc.getpc()
     self.sp = mn_ppc.getsp()
     self.IRDst = expr.ExprId('IRDst', 32)
     self.addrsize = 32
Beispiel #13
0
 def __init__(self, loc_db=None):
     self.addrsize = 32
     IntermediateRepresentation.__init__(self, mn_mips32, 'b', loc_db)
     self.pc = mn_mips32.getpc()
     self.sp = mn_mips32.getsp()
     self.IRDst = m2_expr.ExprId('IRDst', 32)
Beispiel #14
0
 def __init__(self, ir_arch):
     super(mipsCGen, self).__init__(ir_arch)
     self.delay_slot_dst = m2_expr.ExprId("branch_dst_irdst", 32)
     self.delay_slot_set = m2_expr.ExprId("branch_dst_set", 32)
Beispiel #15
0
    "Test docstring"
    Arg1 = Arg2
    mem32[Arg1] = Arg2
    mem32[Arg2] = Arg3 + i32(4) - mem32[Arg1]
    Arg3 = Arg3 if Arg2 else i32(0)
    tmpvar = 'myop' (i32(2))
    Arg2 = ('myopsize%d' % Arg1.size)(tmpvar, Arg1)
    alias = Arg1[:24]

    if not Arg1:
        Arg2 = Arg3
    else:
        alias = {i16(4), i8(5)}


a = m2_expr.ExprId('A', 32)
b = m2_expr.ExprId('B', 32)
c = m2_expr.ExprId('C', 32)
loc_db = LocationDB()
ir = IR(loc_db)
instr = Instr()
res = test(ir, instr, a, b, c)

print("[+] Returned:")
print(res)
print("[+] DocString:", test.__doc__)

print("[+] Cur instr:")
for statement in res[0]:
    print(statement)
Beispiel #16
0
def ast_id2expr(a):
    return m2_expr.ExprId(a, 32)
Beispiel #17
0
# in Miasm2 engine thanks to :
# - Conditions computation in ExprOp
# - Simplifications to catch known condition forms
#
# Conditions currently supported :
# <u, <s, ==
#
# Authors : Fabrice DESCLAUX (CEA/DAM), Camille MOUGEY (CEA/DAM)
#
################################################################################

import miasm.expression.expression as m2_expr

# Jokers for expression matching

jok1 = m2_expr.ExprId("jok1", 32)
jok2 = m2_expr.ExprId("jok2", 32)
jok3 = m2_expr.ExprId("jok3", 32)
jok_small = m2_expr.ExprId("jok_small", 1)

# Constructors


def __ExprOp_cond(op, arg1, arg2):
    "Return an ExprOp standing for arg1 op arg2 with size to 1"
    ec = m2_expr.ExprOp(op, arg1, arg2)
    return ec


def ExprOp_inf_signed(arg1, arg2):
    "Return an ExprOp standing for arg1 <s arg2"