def detectFuncParameters(self, reil_code, memaccess, callstack, inputs, counter): pins = parse_reil(reil_code[-1]) ins = Instruction(pins,None) assert(ins.instruction == "call" and ins.called_function <> None) # first we locate the stack pointer to know where the parameters are located esp = Operand("esp","DWORD") pbase = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, esp) #print pbase.name #print pbase.mem_source # func_cons = funcs.get(ins.called_function, Function) func = func_cons(pbase = pbase) parameters = [] for (par_type, location, needed) in func.getParameterLocations(): #print (ins.called_function, par_type, location.mem_source, needed) if needed: reil_code.reverse() reil_code.reset() val = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, location) #print "parameter of",ins.called_function, "at", str(location) , "has value:", val.name parameters.append((location, val)) else: parameters.append((None, None)) if parameters <> []: self.parameters[counter] = self.__getParameters__(ins, parameters)
def detectFuncParameters(self, reil_code, memaccess, callstack, inputs, counter): ins = reil_code[-1] assert (ins.isCall() and ins.called_function <> None) # first we locate the stack pointer to know where the parameters are located esp = Operand("esp", "DWORD") pbase = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, esp) func_cons = funcs.get(ins.called_function, Function) func = func_cons(pbase=pbase) parameters = [] for (par_type, location, needed) in func.getParameterLocations(): if needed: reil_code.reverse() reil_code.reset() val = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, location) #print "parameter of",ins.called_function, "at", str(location) , "has value:", val.name parameters.append((location, val)) else: parameters.append((None, None)) if parameters <> []: self.parameters[counter] = self.__getParameters__(ins, parameters)
def detectMemAccess(self, reil_code, callstack, inputs, counter): pins = parse_reil(reil_code[-1]) ins = Instruction(pins, None) assert (ins.instruction in ["stm", "ldm"]) addr_op = ins.getMemReg() #print "op:", addr_op, ins.address val = getTypedValueFromCode(reil_code, callstack, inputs, self, addr_op) #print val if (val.isMem()): #if self.__isArgMem__(val, callstack.callstack[1]): # print "arg detected at", ins, "with", str(val) # self.access[counter] = self.__getArgMemAccess__(ins, val, callstack.callstack[1]) #else: #print val self.access[counter] = self.__getMemAccess__(ins, val) elif (val.isImm): self.access[counter] = self.__getGlobalMemAccess__( ins, int(val.name)) else: assert (0)
def detectMemAccess(self, reil_code, callstack, inputs, counter): ins = reil_code[-1] assert(ins.instruction in ["stm", "ldm"]) addr_op = ins.getMemReg() val = getTypedValueFromCode(reil_code, callstack, inputs, self, addr_op) if (val.isMem()): #if self.__isArgMem__(val, callstack.callstack[1]): # print "arg detected at", ins, "with", str(val) # self.access[counter] = self.__getArgMemAccess__(ins, val, callstack.callstack[1]) #else: #print val self.access[counter] = self.__getMemAccess__(ins, val) elif (val.isImm): self.access[counter] = self.__getGlobalMemAccess__(ins, int(val.name)) else: assert(0)