def __rec_search_canary_plt(faddr, ctx, ast, last_block):
if isinstance(ast, Ast_Branch):
for n in ast.nodes:
if isinstance(n, list):
for i in n:
if not is_call(i):
continue
op = i.operands[0]
if op.type == X86_OP_IMM and op.value.imm == faddr:
get_var_canary(ctx, last_block)
last_block = n
else: # ast
__rec_search_canary_plt(faddr, ctx, n, last_block)
elif isinstance(ast, Ast_Ifelse):
__rec_search_canary_plt(faddr, ctx, ast.br_next_jump, last_block)
__rec_search_canary_plt(faddr, ctx, ast.br_next, last_block)
elif isinstance(ast, Ast_Loop):
__rec_search_canary_plt(faddr, ctx, ast.branch, last_block)
def _sub_asm_inst(self, i, tab=0, prefix=""):
tab = self._rep_begin(i, tab)
if is_ret(i):
self._retcall(self.get_inst_str(i))
return False
if is_call(i):
self._retcall(i.mnemonic)
self._add(" ")
if self.gctx.sectionsname:
op = i.operands[0]
if op.type == X86_OP_IMM:
s = self._binary.get_section(op.value.imm)
if s is not None:
self._add("(")
self._section(s.name)
self._add(") ")
self._operand(i, 0, hexa=True, force_dont_print_data=True)
return False
# Here we can have conditional jump with the option --dump
if is_jump(i):
self._add(i.mnemonic + " ")
if i.operands[0].type != X86_OP_IMM:
self._operand(i, 0, force_dont_print_data=True)
self.inst_end_here()
if is_uncond_jump(i) and not self.ctx.is_dump \
and not i.address in self._dis.jmptables:
self._add(" ")
self._comment("# STOPPED")
return False
self._operand(i, 0, hexa=True, force_dont_print_data=True)
return False
modified = False
if self.gctx.capstone_string == 0:
if i.id in INST_CHECK:
if (i.id == X86_INS_OR and i.operands[1].type == X86_OP_IMM and
i.operands[1].value.imm == -1):
self._operand(i, 0)
self._add(" = -1")
elif (i.id == X86_INS_AND and i.operands[1].type == X86_OP_IMM and
i.operands[1].value.imm == 0):
self._operand(i, 0)
self._add(" = 0")
elif (all(op.type == X86_OP_REG for op in i.operands) and
len(set(op.value.reg for op in i.operands)) == 1 and
i.id == X86_INS_XOR):
self._operand(i, 0)
self._add(" = 0")
elif i.id == X86_INS_INC or i.id == X86_INS_DEC:
self._operand(i, 0)
self._add(inst_symbol(i))
elif i.id == X86_INS_LEA:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1, show_deref=False)
elif i.id == X86_INS_MOVZX:
self._operand(i, 0)
self._add(" = (zero ext) ")
self._operand(i, 1)
elif i.id == X86_INS_IMUL:
if len(i.operands) == 3:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._add(" " + inst_symbol(i).rstrip('=') + " ")
self._operand(i, 2)
elif len(i.operands) == 2:
self._operand(i, 0)
self._add(" " + inst_symbol(i) + " ")
self._operand(i, 1)
elif len(i.operands) == 1:
sz = i.operands[0].size
if sz == 1:
self._add("ax = al * ")
elif sz == 2:
self._add("dx:ax = ax * ")
elif sz == 4:
self._add("edx:eax = eax * ")
elif sz == 8:
self._add("rdx:rax = rax * ")
self._operand(i, 0)
else:
self._operand(i, 0)
self._add(" " + inst_symbol(i) + " ")
self._operand(i, 1)
modified = True
elif i.id == X86_INS_CDQE:
self._add("rax = eax")
modified = True
elif i.id == X86_INS_IDIV:
self._add('eax = edx:eax / ')
self._operand(i, 0)
self._add('; edx = edx:eax % ')
self._operand(i, 0)
modified = True
elif i.id == X86_INS_MUL:
lut = {1: ("al", "ax"), 2: ("ax", "dx:ax"), 4: ("eax", "edx:eax"),
8: ("rax", "rdx:rax")}
src, dst = lut[i.operands[0].size]
self._add('{0} = {1} * '.format(dst, src))
self._operand(i, 0)
modified = True
elif i.id == X86_INS_NOT:
self._operand(i, 0)
self._add(' ^= -1')
modified = True
elif i.id in INST_SCAS:
self._operand(i, 0)
self._add(" cmp ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_STOS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_LODS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_CMPS:
self._operand(i, 0)
self._add(" cmp ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add("' += D")
modified = True
elif i.id in INST_MOVS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
if not modified:
if len(i.operands) > 0:
self._add("%s " % i.mnemonic)
modified = self._operand(i, 0)
k = 1
while k < len(i.operands):
self._add(", ")
modified |= self._operand(i, k)
k += 1
else:
self._add(i.mnemonic)
self._rep_end(i, tab)
return modified
def _sub_asm_inst(self, i, tab=0, prefix=""):
tab = self._rep_begin(i, tab)
if is_ret(i):
self._retcall(self.get_inst_str(i))
return False
if is_call(i):
self._retcall(i.mnemonic)
self._add(" ")
if self.gctx.sectionsname:
op = i.operands[0]
if op.type == X86_OP_IMM:
s = self._binary.get_section(op.value.imm)
if s is not None:
self._add("(")
self._section(s.name)
self._add(") ")
self._operand(i, 0, hexa=True, force_dont_print_data=True)
return False
# Here we can have conditional jump with the option --dump
if is_jump(i):
self._add(i.mnemonic + " ")
if i.operands[0].type != X86_OP_IMM:
self._operand(i, 0, force_dont_print_data=True)
self.inst_end_here()
if is_uncond_jump(i) and not self.ctx.is_dump \
and not i.address in self._dis.jmptables:
self._add(" ")
self._comment("# STOPPED")
return False
self._operand(i, 0, hexa=True, force_dont_print_data=True)
return False
modified = False
if not self.gctx.capstone_string:
if i.id in INST_CHECK:
if (i.id == X86_INS_OR and i.operands[1].type == X86_OP_IMM and
i.operands[1].value.imm == -1):
self._operand(i, 0)
self._add(" = -1")
elif (i.id == X86_INS_AND and i.operands[1].type == X86_OP_IMM and
i.operands[1].value.imm == 0):
self._operand(i, 0)
self._add(" = 0")
elif (all(op.type == X86_OP_REG for op in i.operands) and
len(set(op.value.reg for op in i.operands)) == 1 and
i.id == X86_INS_XOR):
self._operand(i, 0)
self._add(" = 0")
elif i.id == X86_INS_INC or i.id == X86_INS_DEC:
self._operand(i, 0)
self._add(inst_symbol(i))
elif i.id == X86_INS_LEA:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1, show_deref=False)
elif i.id == X86_INS_MOVZX:
self._operand(i, 0)
self._add(" = (zero ext) ")
self._operand(i, 1)
elif i.id == X86_INS_IMUL:
if len(i.operands) == 3:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._add(" " + inst_symbol(i).rstrip('=') + " ")
self._operand(i, 2)
elif len(i.operands) == 2:
self._operand(i, 0)
self._add(" " + inst_symbol(i) + " ")
self._operand(i, 1)
elif len(i.operands) == 1:
sz = i.operands[0].size
if sz == 1:
self._add("ax = al * ")
elif sz == 2:
self._add("dx:ax = ax * ")
elif sz == 4:
self._add("edx:eax = eax * ")
elif sz == 8:
self._add("rdx:rax = rax * ")
self._operand(i, 0)
else:
self._operand(i, 0)
self._add(" " + inst_symbol(i) + " ")
self._operand(i, 1)
modified = True
elif i.id == X86_INS_CDQE:
self._add("rax = eax")
modified = True
elif i.id == X86_INS_IDIV:
self._add('eax = edx:eax / ')
self._operand(i, 0)
self._add('; edx = edx:eax % ')
self._operand(i, 0)
modified = True
elif i.id == X86_INS_MUL:
lut = {1: ("al", "ax"), 2: ("ax", "dx:ax"), 4: ("eax", "edx:eax"),
8: ("rax", "rdx:rax")}
src, dst = lut[i.operands[0].size]
self._add('{0} = {1} * '.format(dst, src))
self._operand(i, 0)
modified = True
elif i.id == X86_INS_NOT:
self._operand(i, 0)
self._add(' ^= -1')
modified = True
elif i.id in INST_SCAS:
self._operand(i, 0)
self._add(" cmp ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_STOS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_LODS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
elif i.id in INST_CMPS:
self._operand(i, 0)
self._add(" cmp ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add("' += D")
modified = True
elif i.id in INST_MOVS:
self._operand(i, 0)
self._add(" = ")
self._operand(i, 1)
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 0, show_deref=False)
self._add(" += D")
self._new_line()
self._tabs(tab)
self._address(i.address)
self._operand(i, 1, show_deref=False)
self._add(" += D")
modified = True
if not modified:
if len(i.operands) > 0:
self._add("%s " % i.mnemonic)
modified = self._operand(i, 0)
k = 1
while k < len(i.operands):
self._add(", ")
modified |= self._operand(i, k)
k += 1
else:
self._add(i.mnemonic)
self._rep_end(i, tab)
return modified
