def getJumpConditions(trace, addr):
raw_ins = parse_reil(trace["code"][-1])
addr = int(addr, 16)
pos = trace["code"].last - 1
if (raw_ins.instruction == "jcc"):
ins = Instruction(raw_ins, None)
jmp_op = ins.operands[2]
if (jmp_op.isVar()):
#print addr
trace["final_conditions"] = dict([(jmp_op,
Operand(str(addr), "DWORD"))])
sol = getPathConditions(trace)
if (sol <> None):
print "SAT conditions found!"
filename = raw_ins.instruction + "[" + str(pos) + "]"
dumped = sol.dump(filename, input_vars)
for filename in dumped:
print filename, "dumped!"
else:
print "Impossible to jump to", hex(
addr), "from", raw_ins.instruction, "at", pos
else:
return None
else:
return None
def getJumpConditions(trace, addr):
last_ins = trace["code"][-1]
addr = int(addr, 16)
pos = trace["code"].last - 1
if last_ins.instruction == "jcc":
jmp_op = last_ins.operands[2]
if jmp_op.isVar():
# print addr
trace["final_conditions"] = dict([(jmp_op, Operand(str(addr), "DWORD"))])
sol = getPathConditions(trace)
if sol <> None:
print "SAT conditions found!"
filename = last_ins.instruction + "[" + str(pos) + "]"
dumped = sol.dump(filename, input_vars)
for filename in dumped:
print filename, "dumped!"
else:
print "Impossible to jump to", hex(addr), "from", last_ins.instruction, "at", pos
else:
print "Jump operand (", jmp_op.name, ") in last instruction (", last_ins.instruction, ") is not variable!"
return None
else:
print "Last instructions (", last_ins, ") is not a jmp"
return None
def generatePaths(program, start, end, n):
random_paths = ManualPathGenerator(program, start, set([end]))
epsilon = dict() #list()
rand_count = 0
gen_count = 0
path_set = set()
#csv_writer = csv.writer(open('loop_bad_impos.csv', 'wb'))
for (i, (path, labels)) in enumerate(random_paths):
path.reset()
trace = mkTrace(path, [], False)
path.reset()
fvars, sol = getPathConditions(trace, False)
if sol <> None:
print "SAT!"
for var in fvars:
print "sol[" + str(var) + "] =", sol[var]
else:
print "UNSAT!"
#if not (str(labels) in path_set):
# path_set.add(str(labels))
# csv_writer.writerow(labels)
# print labels
#if (i==1000):
# break
"""
def generatePaths(program, start, end, n):
random_paths = ManualPathGenerator(program, start, set([end]))
epsilon = dict()#list()
rand_count = 0
gen_count = 0
path_set = set()
#csv_writer = csv.writer(open('loop_bad_impos.csv', 'wb'))
for (i,(path, labels)) in enumerate(random_paths):
path.reset()
trace = mkTrace(path, [], False)
path.reset()
fvars, sol = getPathConditions(trace, False)
if sol <> None:
print "SAT!"
for var in fvars:
print "sol["+str(var)+"] =", sol[var]
else:
print "UNSAT!"
#if not (str(labels) in path_set):
# path_set.add(str(labels))
# csv_writer.writerow(labels)
# print labels
#if (i==1000):
# break
"""
def getJumpConditions(trace, addr):
raw_ins = parse_reil(trace["code"][-1])
addr = int(addr, 16)
pos = trace["code"].last - 1
if raw_ins.instruction == "jcc":
ins = Instruction(raw_ins, None)
jmp_op = ins.operands[2]
if jmp_op.isVar():
# print addr
trace["final_conditions"] = dict([(jmp_op, Operand(str(addr), "DWORD"))])
sol = getPathConditions(trace)
if sol <> None:
print "SAT conditions found!"
filename = raw_ins.instruction + "[" + str(pos) + "]"
dumped = sol.dump(filename, input_vars)
for filename in dumped:
print filename, "dumped!"
else:
print "Impossible to jump to", hex(addr), "from", raw_ins.instruction, "at", pos
else:
return None
else:
return None
def getJumpConditions(trace, addr):
last_ins = (trace["code"][-1])
addr = int(addr, 16)
pos = trace["code"].last - 1
if (last_ins.instruction == "jcc"):
jmp_op = last_ins.operands[2]
if (jmp_op.isVar()):
#print addr
trace["final_conditions"] = dict([( jmp_op , Operand(str(addr), "DWORD"))])
sol = getPathConditions(trace)
if (sol <> None):
print "SAT conditions found!"
filename = last_ins.instruction + "[" + str(pos) +"]"
dumped = sol.dump(filename,input_vars)
for filename in dumped:
print filename, "dumped!"
else:
print "Impossible to jump to", hex(addr), "from", last_ins.instruction, "at", pos
else:
print "Jump operand (", jmp_op.name ,") in last instruction (", last_ins.instruction, ") is not variable!"
return None
else:
print "Last instructions (", last_ins, ") is not a jmp"
return None
def getJumpConditions(trace, addr):
last_ins = (trace["code"][-1])
addr = int(addr, 16)
pos = trace["code"].last - 1
if (last_ins.isJmp() or last_ins.isCJmp()):
jmp_op = last_ins.operands[2]
if (jmp_op.isVar()):
#print addr
trace["final_conditions"] = dict([( jmp_op , ImmOp(str(addr), "DWORD"))])
(fvars, sol) = getPathConditions(trace, False)
#print sol
return (fvars, sol)
else:
print "Jump operand (", jmp_op ,") in last instruction (", last_ins.instruction, ") is not variable!"
return (set(), None)
else:
exit("Last instruction ( "+ str(last_ins)+ " ) is not a jmp")
def getJumpConditions(trace, addr):
last_ins = (trace["code"][-1])
addr = int(addr, 16)
pos = trace["code"].last - 1
if (last_ins.isJmp() or last_ins.isCJmp()):
jmp_op = last_ins.operands[2]
if (jmp_op.isVar()):
#print addr
trace["final_conditions"] = dict([(jmp_op,
ImmOp(str(addr), "DWORD"))])
(fvars, sol) = getPathConditions(trace, False)
#print sol
return (fvars, sol)
else:
print "Jump operand (", jmp_op, ") in last instruction (", last_ins.instruction, ") is not variable!"
return (set(), None)
else:
exit("Last instruction ( " + str(last_ins) + " ) is not a jmp")
if not (mode in ["jump", "path", "debug"]):
print "\""+mode+"\" is an invalid type of operation for SEA"
exit(1)
address = args.address
trace = mkTrace(args.trace_filename, args.first, args.last, args.iconditions)
if (mode == "jump"):
if (address == None):
print "An address to jump to should be specified!"
else:
getJumpConditions(trace, address)
elif (mode == 'path'):
# TODO: move to PathConditions.py?
sol = getPathConditions(trace)
if (sol <> None):
print "SAT conditions found!"
input_vars = ["stdin:", "arg[0]@0:", "arg[1]@0:", "arg[2]@0:"]
pos = trace["code"].last - 1
filename = "path." + "[" + str(pos) +"]"
dumped = sol.dump(filename,input_vars)
for filename in dumped:
print filename, "dumped."
elif (mode == 'debug'):
pass
