Ejemplo n.º 1
0
    def __build_graph(self, blocks):
        """
		构建图像
		:param blocks:
		:return:
		"""
        logging.info("图像生成器:构建图像")
        interpreter = BasicInterpreter(blocks, self.resolver)
        self.graph, self.tracker = \
         interpreter.explore_control_flow_graph(0, Image(-1))
        self.indirect_jumps = interpreter.ambiguous_blocks
Ejemplo n.º 2
0
    def __create_external_function(self, cur_id, signature):
        entry_ids = self.graph.get_successor_ids(cur_id)
        entry_id = max([int(i) for i in entry_ids])

        interpreter = BasicInterpreter(self.graph.get_blocks(), self.resolver)

        image = self.tracker.get_observed_image(entry_id)
        graph, trackers = interpreter.explore_control_flow_graph(
            entry_id, image)
        f = ExternalFunction(signature, graph, trackers, (entry_id, None))
        # f.indirect_jumps = interpreter.ambiguous_blocks
        return f
Ejemplo n.º 3
0
	def __create_internal_function(self, callee_pair, caller_pairs):
		possible_funcs = dict()
		callee_begin, callee_end = callee_pair

		for caller_pair in caller_pairs:
			caller_begin, caller_end = caller_pair

			caller_begin_image = self.tracker.get_observed_image(callee_begin, caller_begin)
			interpreter = BasicInterpreter(self.graph.get_blocks(), self.resolver)
			interpreter.add_to_poison(caller_end)

			sub_graph, sub_tracker = \
				interpreter.explore_control_flow_graph(callee_begin, caller_begin_image)
			sub_graph.remove_block(caller_end)  # this might not be safe

			end_path = interpreter.get_end_path()
			operations = interpreter.compute_stack_actions(end_path)
			# print(delta, alpha)
			signature = len(self.internal_functions)
			in_func = \
				InternalFunction(signature, sub_graph, sub_tracker, callee_pair, operations)

			block_ids = frozenset(sub_graph.get_block_ids())
			if block_ids not in possible_funcs:
				possible_funcs[block_ids] = [set(), in_func]
			possible_funcs[block_ids][0].add(caller_pair)

		caller_pairs, func = max(possible_funcs.values(), key=lambda x: len(x[0]))

		return func, caller_pairs
Ejemplo n.º 4
0
    def __create_external_function(self, cur_id, signature):
        """
		创建外部函数
		:param cur_id:
		:param signature:
		:return:
		"""
        logging.info("图像生成器:创建外部函数:" + 'cur_id:{:#x} '.format(cur_id) +
                     'signature:{:#x}'.format(signature))
        entry_ids = self.graph.get_successor_ids(cur_id)
        entry_id = max([int(i) for i in entry_ids])

        interpreter = BasicInterpreter(self.graph.get_blocks(), self.resolver)

        image = self.tracker.get_observed_image(entry_id)
        graph, trackers = interpreter.explore_control_flow_graph(
            entry_id, image)
        f = ExternalFunction(signature, graph, trackers, (entry_id, None))
        # f.indirect_jumps = interpreter.ambiguous_blocks
        return f
Ejemplo n.º 5
0
 def __build_graph(self, blocks):
     interpreter = BasicInterpreter(blocks, self.resolver)
     self.graph, self.tracker = \
      interpreter.explore_control_flow_graph(0, Image(-1))
     self.indirect_jumps = interpreter.ambiguous_blocks