def extract_call_contexts(vw, fva, bb_ends):
emu = makeEmulator(vw)
monitor = StackstringContextMonitor(vw, emu.getStackCounter(), bb_ends)
driver = viv_utils.emulator_drivers.FunctionRunnerEmulatorDriver(emu)
driver.add_monitor(monitor)
driver.runFunction(fva, maxhit=1, maxrep=0x100, func_only=True)
return monitor.ctxs
def emulate_decoding_routine(vw, function_index, function, context):
'''
Emulate a function with a given context and extract the CPU and
memory contexts at interesting points during emulation.
These "interesting points" include calls to other functions and
the final state.
Emulation terminates if the CPU executes an unexpected region of
memory, or the function returns.
Implementation note: currently limits emulation to 20,000 instructions.
This prevents unexpected infinite loops.
This number is taken from emulating the decoding of "Hello world" using RC4.
:param vw: The vivisect workspace in which the function is defined.
:type function_index: viv_utils.FunctionIndex
:type function: int
:param function: The address of the function to emulate.
:type context: funtion_argument_getter.FunctionContext
:param context: The initial state of the CPU and memory
prior to the function being called.
:rtype: Sequence[decoding_manager.Delta]
'''
emu = makeEmulator(vw)
emu.setEmuSnap(context.emu_snap)
floss_logger.debug("Emulating function at 0x%08X called at 0x%08X, return address: 0x%08X",
function, context.decoded_at_va, context.return_address)
deltas = decoding_manager.emulate_function(
emu,
function_index,
function,
context.return_address,
20000)
return deltas
def extract_call_contexts(vw, fva):
emu = makeEmulator(vw)
monitor = CallContextMonitor(vw, emu.getStackCounter())
driver = viv_utils.emulator_drivers.FunctionRunnerEmulatorDriver(emu)
driver.add_monitor(monitor)
driver.runFunction(fva, maxhit=1, func_only=True)
return monitor.ctxs
def emulate_decoding_routine(vw, function_index, function, context, max_instruction_count):
'''
Emulate a function with a given context and extract the CPU and
memory contexts at interesting points during emulation.
These "interesting points" include calls to other functions and
the final state.
Emulation terminates if the CPU executes an unexpected region of
memory, or the function returns.
Implementation note: currently limits emulation to 20,000 instructions.
This prevents unexpected infinite loops.
This number is taken from emulating the decoding of "Hello world" using RC4.
:param vw: The vivisect workspace in which the function is defined.
:type function_index: viv_utils.FunctionIndex
:type function: int
:param function: The address of the function to emulate.
:type context: funtion_argument_getter.FunctionContext
:param context: The initial state of the CPU and memory
prior to the function being called.
:type max_instruction_count: int
:param max_instruction_count: The maximum number of instructions to emulate per function.
:rtype: Sequence[decoding_manager.Delta]
'''
emu = makeEmulator(vw)
emu.setEmuSnap(context.emu_snap)
floss_logger.debug("Emulating function at 0x%08X called at 0x%08X, return address: 0x%08X",
function, context.decoded_at_va, context.return_address)
deltas = decoding_manager.emulate_function(
emu,
function_index,
function,
context.return_address,
max_instruction_count)
return deltas
def __init__(self, vivisect_workspace):
viv_utils.LoggingObject.__init__(self)
self.vivisect_workspace = vivisect_workspace
self.emu = makeEmulator(vivisect_workspace)
self.driver = viv_utils.emulator_drivers.FunctionRunnerEmulatorDriver(
self.emu)
self.index = viv_utils.InstructionFunctionIndex(vivisect_workspace)
def __init__(self, vivisect_workspace, fva, function_index):
viv_utils.LoggingObject.__init__(self)
self.vw = vivisect_workspace
self.emu = makeEmulator(vivisect_workspace)
self.fva = fva
self.fer = FunctionEmulator(self.emu, fva, function_index)
self.decoded_strings = []
def __init__(self, vivisect_workspace):
viv_utils.LoggingObject.__init__(self)
self.vivisect_workspace = vivisect_workspace
self.emu = makeEmulator(vivisect_workspace)
self.driver = viv_utils.emulator_drivers.FunctionRunnerEmulatorDriver(self.emu)
self.index = viv_utils.InstructionFunctionIndex(vivisect_workspace)