def memory(cls, size=32, depth=1):
"""Return an ExprMem
@size: (optional) Operation size
@depth: (optional) Expression depth
"""
address_size = random.randint(1, cls.memory_max_address_size)
return m2_expr.ExprMem(cls._gen(size=address_size, depth=depth - 1),
size=size)
def elements(self):
value = self.cbReg.value
if value in self.stk_args:
line = self.ircfg.blocks[self.loc_key][self.line_nb].instr
arg_num = self.stk_args[value]
stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), ir_arch.sp.size)
stk_off = m2_expr.ExprInt(self.ira.sp.size // 8 * arg_num, ir_arch.sp.size)
element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.ira.sp.size)
element = expr_simp(element)
# Force stack unaliasing
self.stk_unalias_force = True
elif value:
element = self.ira.arch.regs.all_regs_ids_byname.get(value, None)
else:
raise ValueError("Unknown element '%s'!" % value)
return set([element])
def lb(arg1, arg2):
"A byte is loaded into a register @arg1 from the specified address @arg2."
arg1 = m2_expr.ExprMem(arg2.ptr, 8).signExtend(32)
def lhu(arg1, arg2):
"""A word is loaded (unsigned extended) into a register @arg1 from the
specified address @arg2."""
arg1 = m2_expr.ExprMem(arg2.ptr, 16).zeroExtend(32)
def lh(arg1, arg2):
"""A word is loaded into a register @arg1 from the
specified address @arg2."""
arg1 = m2_expr.ExprMem(arg2.ptr, 16).signExtend(32)
def sh(arg1, arg2):
e = []
e.append(m2_expr.ExprMem(arg2.ptr, 16), arg1[:16])
return e, []
def sb(arg1, arg2):
"""The least significant byte of @arg1 is stored at the specified address
@arg2."""
e = []
e.append(m2_expr.ExprMem(arg2.ptr, 8), arg1[:8])
return e, []
def possible_values(expr):
"""Return possible values for expression @expr, associated with their
condition constraint as a ConstrainedValues instance
@expr: Expr instance
"""
consvals = ConstrainedValues()
# Terminal expression
if (isinstance(expr, m2_expr.ExprInt) or isinstance(expr, m2_expr.ExprId)
or isinstance(expr, m2_expr.ExprLoc)):
consvals.add(ConstrainedValue(frozenset(), expr))
# Unary expression
elif isinstance(expr, m2_expr.ExprSlice):
consvals.update(
ConstrainedValue(consval.constraints,
consval.value[expr.start:expr.stop])
for consval in possible_values(expr.arg))
elif isinstance(expr, m2_expr.ExprMem):
consvals.update(
ConstrainedValue(consval.constraints,
m2_expr.ExprMem(consval.value, expr.size))
for consval in possible_values(expr.ptr))
elif isinstance(expr, m2_expr.ExprAssign):
consvals.update(possible_values(expr.src))
# Special case: constraint insertion
elif isinstance(expr, m2_expr.ExprCond):
src1cond = CondConstraintNotZero(expr.cond)
src2cond = CondConstraintZero(expr.cond)
consvals.update(
ConstrainedValue(consval.constraints.union([src1cond]),
consval.value)
for consval in possible_values(expr.src1))
consvals.update(
ConstrainedValue(consval.constraints.union([src2cond]),
consval.value)
for consval in possible_values(expr.src2))
# N-ary expression
elif isinstance(expr, m2_expr.ExprOp):
# For details, see ExprCompose
consvals_args = [possible_values(arg) for arg in expr.args]
for consvals_possibility in itertools.product(*consvals_args):
args_value = [consval.value for consval in consvals_possibility]
args_constraint = itertools.chain(
*[consval.constraints for consval in consvals_possibility])
consvals.add(
ConstrainedValue(frozenset(args_constraint),
m2_expr.ExprOp(expr.op, *args_value)))
elif isinstance(expr, m2_expr.ExprCompose):
# Generate each possibility for sub-argument, associated with the start
# and stop bit
consvals_args = [list(possible_values(arg)) for arg in expr.args]
for consvals_possibility in itertools.product(*consvals_args):
# Merge constraint of each sub-element
args_constraint = itertools.chain(
*[consval.constraints for consval in consvals_possibility])
# Gen the corresponding constraints / ExprCompose
args = [consval.value for consval in consvals_possibility]
consvals.add(
ConstrainedValue(frozenset(args_constraint),
m2_expr.ExprCompose(*args)))
else:
raise RuntimeError("Unsupported type for expr: %s" % type(expr))
return consvals
def test_Variables_Identifier(self):
import miasm.expression.expression as m2_expr
from miasm.expression.expression_helper import Variables_Identifier
# Build a complex expression
cst = m2_expr.ExprInt(0x100, 16)
eax = m2_expr.ExprId("EAX", 32)
ebx = m2_expr.ExprId("EBX", 32)
ax = eax[0:16]
expr = eax + ebx
expr = m2_expr.ExprCompose(ax, expr[16:32])
expr2 = m2_expr.ExprMem((eax + ebx) ^ (eax), size=16)
expr2 = expr2 | ax | expr2 | cst
exprf = expr - expr + m2_expr.ExprCompose(expr2, cst)
# Identify variables
vi = Variables_Identifier(exprf)
# Use __str__
print(vi)
# Test the result
new_expr = vi.equation
## Force replace in the variable dependency order
for var_id, var_value in reversed(list(viewitems(vi.vars))):
new_expr = new_expr.replace_expr({var_id: var_value})
self.assertEqual(exprf, new_expr)
# Test prefix
vi = Variables_Identifier(exprf, var_prefix="prefix_v")
## Use __str__
print(vi)
## Test the result
new_expr = vi.equation
### Force replace in the variable dependency order
for var_id, var_value in reversed(list(viewitems(vi.vars))):
new_expr = new_expr.replace_expr({var_id: var_value})
self.assertEqual(exprf, new_expr)
# Test an identify on an expression already containing identifier
vi = Variables_Identifier(exprf)
vi2 = Variables_Identifier(vi.equation)
## Test the result
new_expr = vi2.equation
### Force replace in the variable dependency order
for var_id, var_value in reversed(list(viewitems(vi2.vars))):
new_expr = new_expr.replace_expr({var_id: var_value})
self.assertEqual(vi.equation, new_expr)
## Corner case: each sub var depends on itself
mem1 = m2_expr.ExprMem(ebx, size=32)
mem2 = m2_expr.ExprMem(mem1, size=32)
cst2 = m2_expr.ExprInt(-1, 32)
expr_mini = ((eax ^ mem2 ^ cst2) & (mem2 ^ (eax + mem2)))[31:32]
## Build
vi = Variables_Identifier(expr_mini)
vi2 = Variables_Identifier(vi.equation)
## Test the result
new_expr = vi2.equation
### Force replace in the variable dependency order
for var_id, var_value in reversed(list(viewitems(vi2.vars))):
new_expr = new_expr.replace_expr({var_id: var_value})
self.assertEqual(vi.equation, new_expr)
def sh(ir, instr, arg1, arg2):
e = []
e.append(m2_expr.ExprAssign(m2_expr.ExprMem(arg2.ptr, 16), arg1[:16]))
return e, []
