def mem_read(state):
length = state.inspect.mem_read_length * 8
if str(state.inspect.mem_read_address) in state.globals:
ptr = state.globals[str(state.inspect.mem_read_address)]
else:
ptr = state.solver.eval(state.inspect.mem_read_address)
content = state.inspect.mem_read_expr
insn = state.project.factory.block(state.addr, size=4).capstone.insns[0]
op = insn.mnemonic
src_value = str(insn.op_str).split(',')[0]
if ptr in IVar.ivars:
ivar = IVar.ivars[ptr]
state.inspect.mem_read_expr = claripy.BVS(
FORMAT_IVAR_OFFSET.format(ptr=hex(ptr)),
length,
uninitialized=True)
elif ptr in IVar.fake_memory_and_ivar:
ivar = IVar.fake_memory_and_ivar[ptr]['ivar']
instance = IVar.fake_memory_and_ivar[ptr]['instance']
state.inspect.mem_read_expr = ivar.ret_latest_data(length=length)
record = AccessedRecord(state,
state.addr,
op,
instance=Receiver(Data(state, bv=instance),
None))
ivar.add_record(record)
# node = GraphView.current_view.insert_invoke(record.ea,
# "[{} {}]".format(record.instance.data.expr,
# ivar.getter),
# record.state,
# receiver=record.instance.data.expr,
# selector=record.type)
# GraphView.current_view.g.nodes[node]['ret'] = ivar.ret_latest_data()
elif MachO.pd.segdata['common'] and ptr in range(
MachO.pd.segdata['common'].min_addr,
MachO.pd.segdata['common'].max_addr):
state.inspect.mem_read_expr = claripy.BVS(
FORMAT_COMMON_DATA.format(ptr=hex(ptr)),
length,
uninitialized=True)
elif ptr in range(MachO.pd.segdata['bss'].min_addr,
MachO.pd.segdata['bss'].max_addr):
state.inspect.mem_read_expr = BSS.get(ptr).load(length)
elif ptr in range(MachO.pd.segdata['got'].min_addr,
MachO.pd.segdata['got'].max_addr):
if ptr % 2:
state.inspect.mem_read_expr = claripy.BVS(
MachO.pd.macho.get_symbol_by_address_fuzzy(ptr -
GOT_ADD_ON).name,
length,
uninitialized=True)
else:
state.inspect.mem_read_expr = claripy.BVV(ptr + GOT_ADD_ON, length)
def mem_write(state):
resolved_data = None
length = state.inspect.mem_write_length * 8
# TODO: UnsatError("CompositeSolver is already unsat")
if str(state.inspect.mem_write_address) in state.globals:
ptr = state.globals[str(state.inspect.mem_write_address)]
else:
ptr = state.solver.eval(state.inspect.mem_write_address)
insn = state.project.factory.block(state.addr, size=4).capstone.insns[0]
op = insn.mnemonic
if ptr in IVar.ivars:
ivar = IVar.ivars[ptr]
resolved_data = FORMAT_IVAR_OFFSET.format(ptr=hex(ptr))
elif ptr in IVar.fake_memory_and_ivar:
ivar = IVar.fake_memory_and_ivar[ptr]['ivar']
instance = IVar.fake_memory_and_ivar[ptr]['instance']
record = AccessedRecord(state,
state.addr,
op,
instance=Receiver(Data(state, bv=instance),
None),
value=Data(state,
bv=state.inspect.mem_write_expr))
ivar.add_record(record)
# node = GraphView.current_view.insert_invoke(record.ea,
# "[{} {}]".format(record.instance.data.expr,
# ivar.setter),
# record.state,
# receiver=record.instance.data.expr,
# selector=record.type,
# args=[record.value, ])
elif MachO.pd.segdata['common'] and ptr in range(
MachO.pd.segdata['common'].min_addr,
MachO.pd.segdata['common'].max_addr):
resolved_data = FORMAT_COMMON_DATA.format(ptr=hex(ptr))
elif ptr in range(MachO.pd.segdata['bss'].min_addr,
MachO.pd.segdata['bss'].max_addr):
# 并不改变写入值,只是对写入值进行记录
BSS.get(ptr).store(state.inspect.mem_write_expr)
def analyze(self):
for arg in self.bv.args:
arg_data = Data(self.state, bv=arg)
if arg_data.concrete is False:
try:
value = self.state.solver.eval(arg)
except Exception:
value = 'UNSAT'
# arg_expr = arg_data.decode_expr()
arg_expr = arg_data.expr
# print '{}: {}'.format(arg_data.expr, value)
if arg_expr in self.solutions:
self.solutions[arg_expr].append((str(self.bv), value))
else:
self.solutions[arg_expr] = [(str(self.bv), value), ]
return self
collision_weight = 25
regularizer = True # first epoch only, ensure 'chi' deformations are small
""" MODEL """
print("Building model...")
model = DeePSD(128, checkpoint)
tgts = model.gather(only_chi=True) # model weights
model_summary(tgts)
print("*" * 25)
print("Model Best: ", model._best)
print("*" * 25)
optimizer = tf.optimizers.Adam()
""" DATA """
print("Reading data...")
tr_txt = 'Data/train.txt'
val_txt = 'Data/val.txt'
tr_data = Data(tr_txt, batch_size=batch_size)
val_data = Data(val_txt, batch_size=batch_size)
tr_steps = floor(len(tr_data._samples) / batch_size)
val_steps = floor(len(val_data._samples) / batch_size)
for epoch in range(num_epochs):
if (epoch + 1) % 2 == 0 and virtual_batch_size < 32:
virtual_batch_size *= 2
print("")
print("Epoch " + str(epoch + 1))
print("--------------------------")
""" TRAIN """
print("Training...")
total_time = 0
metrics = [0] * 4 # Err, Edge, Bend, Collision
cgrds = None