def analyse_function():
# Init
machine = guess_machine()
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.symbol_pool)
# Get the current function
func = ida_funcs.get_func(idc.ScreenEA())
addr = func.startEA
blocks = mdis.dis_multiblock(addr)
# Generate IR
for block in blocks:
ir_arch.add_block(block)
# Get settings
settings = TypePropagationForm(ir_arch)
ret = settings.Execute()
if not ret:
return
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]}
cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
for line in settings.strTypesInfo.value.split('\n'):
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
assignblk_head = AssignBlock([
ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ir_arch.blocks[lbl_head] = irb_head
ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ir_arch.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.emul_ir_block(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch._graph = None
sons = ir_arch.graph.successors(lbl)
for son in sons:
add_state(ir_arch, todo, states, son, symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ir_arch.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state,
cst_propag_link)
addr = symbexec_engine.emul_ir_block(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
def analyse_function():
# Get settings
settings = TypePropagationForm()
ret = settings.Execute()
if not ret:
return
end = None
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
# Init
machine = guess_machine(addr=addr)
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
if end is not None:
mdis.dont_dis = [end]
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.loc_db)
asmcfg = mdis.dis_multiblock(addr)
# Generate IR
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]}
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.loc_db.get_offset_location(addr)
lbl_head = ir_arch.loc_db.get_or_create_name_location("start")
first_block = asmcfg.label2block(lbl_real_start)
assignblk_head = AssignBlock([
ExprAff(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ircfg.blocks[lbl_head] = irb_head
ircfg.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ircfg.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
sons = ircfg.successors(lbl)
for son in sons:
add_state(ircfg, todo, states, son, symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ircfg.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state,
cst_propag_link)
addr = symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
def analyse_function():
# Init
machine = guess_machine()
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.symbol_pool)
# Get settings
settings = TypePropagationForm(ir_arch)
ret = settings.Execute()
if not ret:
return
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
mdis.dont_dis = [end]
blocks = mdis.dis_multiblock(addr)
# Generate IR
for block in blocks:
ir_arch.add_block(block)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] }
cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(
ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(
ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ir_arch.blocks[lbl_head] = irb_head
ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ir_arch.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.run_block_at(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch._graph = None
sons = ir_arch.graph.successors(lbl)
for son in sons:
add_state(ir_arch, todo, states, son,
symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ir_arch.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link)
addr = symbexec_engine.run_block_at(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
action="store_true",
help="Apply simplifications rules (liveness, graph simplification, ...)")
args = parser.parse_args()
machine = Machine("x86_32")
cont = Container.from_stream(open(args.filename))
ira, dis_engine = machine.ira, machine.dis_engine
mdis = dis_engine(cont.bin_stream)
ir_arch = ira(mdis.loc_db)
addr = int(args.address, 0)
asmcfg = mdis.dis_multiblock(addr)
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
entry_points = set([mdis.loc_db.get_offset_location(addr)])
init_infos = ir_arch.arch.regs.regs_init
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
if args.simplify:
ircfg.simplify(expr_simp)
modified = True
while modified:
modified = False
modified |= dead_simp(ir_arch, ircfg)
modified |= remove_empty_assignblks(ircfg)
modified |= merge_blocks(ircfg, entry_points)
open("%s.propag.dot" % args.filename, 'w').write(ircfg.dot())
machine = Machine("x86_32")
cont = Container.from_stream(open(args.filename))
ira, dis_engine = machine.ira, machine.dis_engine
mdis = dis_engine(cont.bin_stream)
ir_arch = ira(mdis.symbol_pool)
addr = int(args.address, 0)
asmcfg = mdis.dis_multiblock(addr)
for block in asmcfg.blocks:
ir_arch.add_block(block)
init_infos = ir_arch.arch.regs.regs_init
cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos)
if args.simplify:
ir_arch.simplify(expr_simp)
modified = True
while modified:
modified = False
modified |= dead_simp(ir_arch)
modified |= ir_arch.remove_empty_assignblks()
modified |= ir_arch.remove_jmp_blocks()
modified |= ir_arch.merge_blocks()
open("%s.propag.dot" % args.filename, 'w').write(ir_arch.graph.dot())