def simulate(self, iaddr: str, simstate: "SimulationState") -> str: conop = self.test_operand conval = simstate.rhs(iaddr, conop) if conval.is_undefined: raise SU.CHBSimError( simstate, iaddr, "movn: condition value undefined") elif conval.is_literal: if conval.literal_value != 0: dstop = self.dst_operand srcop = self.src_operand srcval = simstate.rhs(iaddr, srcop) lhs = simstate.set(iaddr, dstop, srcval) result = SU.simassign(iaddr, simstate, lhs, srcval) else: result = str(conval) + " == 0: nop" else: raise SU.CHBSimError( simstate, iaddr, "movn: condition value not recognized: " + str(conval)) simstate.increment_programcounter() return result
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = simstate.rhs(iaddr, srcop, opsize=1) if srcval.is_undefined: result = cast(SV.SimLiteralValue, SV.simUndefinedDW) simstate.add_logmsg( "warning", "lb: value undefined at " + iaddr + " from address " + str(srcop)) elif srcval.is_symbolic: raise SU.CHBSimError(simstate, iaddr, ('encountered symbolic value in lb: ' + str(srcval) + ' at address: ' + str(srcop))) elif srcval.is_literal: result = cast(SV.SimLiteralValue, srcval).sign_extend(4) else: result = SV.simUndefinedDW simstate.add_logmsg( "warning", "lb: source value at " + iaddr + " not recognized " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: srcop = self.src_operand dstop = self.dst_operand srcptrop = self.srcptr_operand dstptrop = self.dstptr_operand srcval = simstate.get_rhs(iaddr, srcop) srcptrval = simstate.get_rhs(iaddr, srcptrop) dstptrval = simstate.get_rhs(iaddr, dstptrop) dflag = simstate.get_flag_value(iaddr, 'DF') incr = SV.mk_simvalue(srcptrop.size, self.size) simstate.set(iaddr, dstop, srcval) if (srcptrval.is_literal and srcptrval.is_defined and dstptrval.is_literal and dstptrval.is_defined): srcptrval = cast(SV.SimLiteralValue, srcptrval) dstptrval = cast(SV.SimLiteralValue, dstptrval) if dflag == 0: simstate.set(iaddr, srcptrop, srcptrval.add(incr)) simstate.set(iaddr, dstptrop, dstptrval.add(incr)) elif dflag == 1: simstate.set(iaddr, srcptrop, srcptrval.sub(incr)) simstate.set(iaddr, dstptrop, dstptrval.sub(incr)) else: raise SU.CHBSimError( simstate, iaddr, 'Unexpected value for direction flag: ' + str(dflag)) else: raise SU.CHBSimError( simstate, iaddr, ("Movs not supported for " + str(srcptrop) + ":" + str(srcptrval) + ", " + str(dstptrop) + ":" + str(dstptrval)))
def simulate(self, simstate: "X86SimulationState", processed: List[X86Instruction] = []) -> None: blockaddr = self.faddr while True: try: (baddr, processed) = self.simulate_block(simstate, blockaddr, processed) bsuccessors = self.cfg.successors(baddr) except SU.CHBSimFallthroughException as e: baddr = e.blockaddr processed = cast(List[X86Instruction], e.processed) bsuccessors = self.cfg.successors(baddr) bsuccessors = [x for x in bsuccessors if not x == e.tgtaddr] if len(bsuccessors) == 1: blockaddr = bsuccessors[0] if not (blockaddr in self.blocks): raise SU.CHBSimError( simstate, blockaddr, 'Block successor not found: ' + str(blockaddr)) elif len(bsuccessors) == 0: raise SU.CHBSimError( simstate, blockaddr, 'No block successors found' + str(self.cfg)) else: err = SU.CHBSimError(simstate, blockaddr, ('Multiple block successors found: ' + ','.join([str(x) for x in bsuccessors]))) err.set_instructions_processed( cast(List[Instruction], processed)) raise err
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + ' == ' + str(src2val) if src1val.is_undefined or src2val.is_undefined: raise SU.CHBSimError( simstate, iaddr, "teq: some operands are undefined: " + expr) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, src1op, expr) elif src1val.is_literal and src2val.is_literal: if src1val.literal_value == src2val.literal_value: raise SU.CHBSimTrapSignalException( simstate, iaddr, src1val, src2val) else: simstate.increment_programcounter() return 'trap if equal: ' + expr else: raise SU.CHBSimError( simstate, iaddr, "teq: some operands not recognized: " + expr)
def rhs(self, iaddr: str, op: Operand, opsize: int = 4) -> SV.SimValue: if op.is_register: return self.regval(iaddr, op.register, opsize=opsize) elif op.is_immediate: return SV.mk_simvalue(op.value, size=opsize) elif op.is_indirect_register: regval = self.regval(iaddr, op.indirect_register) offset = op.offset if not regval.is_defined: return SV.mk_undefined_simvalue(opsize) if regval.is_string_address and opsize == 1: regval = cast(SSV.SimStringAddress, regval) return self.rhs_string_char(iaddr, regval, offset) elif regval.is_symbol: regval = cast(SSV.SimSymbol, regval) return self.rhs_symbol(iaddr, regval, offset, opsize) elif regval.is_address: regval = cast(SSV.SimAddress, regval) return self.memval(iaddr, regval.add_offset(offset), opsize) elif regval.is_literal: regval = cast(SV.SimLiteralValue, regval) return self.rhs_literal_address(iaddr, regval.value, offset, opsize) else: raise SU.CHBSimError( self, iaddr, "Unable to resolve indirect register operand: " + str(op)) else: raise SU.CHBSimError( self, iaddr, "Operand " + str(op) + " not recognized in rhs")
def simulate_block( self, simstate: "X86SimulationState", blockaddr: str, processed: List[X86Instruction] ) -> Tuple[str, List[X86Instruction]]: if blockaddr not in self.blocks: raise SU.CHBSimError(simstate, blockaddr, 'Block address not found: ' + str(blockaddr)) block = self.blocks[blockaddr] def f(baddr: str, i: X86Instruction) -> None: i.simulate(simstate) processed.append(i) try: block.iter_instructions(f) return (block.baddr, processed) except SU.CHBSimError as e: e.set_instructions_processed(cast(List[Instruction], processed)) raise except SU.CHBSimFallthroughException as e: e.set_instructions_processed(cast(List[Instruction], processed)) e.set_block_address(block.baddr) raise except SU.CHBSimJumpException as e: processed.append(cast(X86Instruction, self.instruction(e.iaddr))) tgtaddr = str(e.tgtaddr) if tgtaddr in self.blocks: return self.simulate_block(simstate, tgtaddr, processed) else: targets = ','.join([str(t) for t in self.blocks]) eerror = SU.CHBSimError( simstate, e.iaddr, ('Target block address not found: ' + str(e.tgtaddr) + ' (targets: ' + targets + ')')) raise eerror
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcop = self.src_operand immop = self.imm_operand dstop = self.dst_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.value expr = str(srcval) + " < " + str(immval) if srcval.is_undefined: result = SV.simUndefinedDW simstate.add_logmsg("warning", "slti: operand not defined: " + str(srcop)) elif srcval.is_literal: v = SV.mk_simvalue(srcval.literal_value) if v.to_signed_int() < immval: result = SV.simOne else: result = SV.simZero elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + ' >> ' + str(src2val) result: SV.SimValue = SV.simUndefinedDW if src1val.is_undefined or src2val.is_undefined: simstate.add_logmsg("warning", "srlv: some operand is undefined: " + expr) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_literal and src2val.is_literal: v1 = SV.mk_simvalue(src1val.literal_value) result = v1.bitwise_srl(src2val.literal_value % 32) else: simstate.add_logmsg("warning", "srlv: some operand not recognized: " + expr) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = simstate.rhs(iaddr, srcop) result: SV.SimValue if srcval.is_undefined: result = SV.simUndefinedDW if srcval.is_global_address: val = cast(SV.SimDoubleWordValue, SV.mk_simvalue(srcval.literal_value)) srcval = cast(SSV.SimGlobalAddress, srcval) name = srcval.modulename resultval = val.swap_bytes_within_halfwords() result = SSV.mk_global_address(resultval.literal_value, name) elif srcval.is_literal: val = cast(SV.SimDoubleWordValue, srcval) result = val.swap_bytes_within_halfwords() else: raise SU.CHBSimError( simstate, iaddr, "wsbh: operand not recognized: " + str(srcop) + ": " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, intermediates=str(srcval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + ' < ' + str(src2val) if src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg("warning", "slt: some operand is undefined: " + expr) elif src1val.is_literal and src2val.is_literal: v1 = SV.mk_simvalue(src1val.literal_value) v2 = SV.mk_simvalue(src2val.literal_value) if v1.to_signed_int() < v2.to_signed_int(): result = SV.simOne else: result = SV.simZero else: result = SV.simUndefinedDW simstate.add_logmsg("warning", "slt: some operand is not recognized: " + expr) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + " xor " + str(src2val) if src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_literal and src2val.is_literal: v1 = SV.mk_simvalue(src1val.literal_value) v2 = SV.mk_simvalue(src2val.literal_value) result = v1.bitwise_xor(v2) else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand immop = self.imm_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.to_unsigned_int() expr = str(srcval) + ' >> ' + str(immval) result: SV.SimValue = SV.simUndefinedDW if srcval.is_undefined: simstate.add_logmsg("warning", "srl: operand is undefined: " + str(srcop)) elif srcval.is_literal: srcval = SV.mk_simvalue(srcval.literal_value) result = (SV.mk_simvalue(srcval.literal_value)).bitwise_srl(immval) elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif srcval.is_address: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) else: simstate.add_logmsg("warning", "srl: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + " * " + str(src2val) if src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg("warning", "mul: some operand is undefined: " + expr) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_literal and src2val.is_literal: result = SV.mk_simvalue(src1val.literal_value * src2val.literal_value) else: raise SU.CHBSimError( simstate, iaddr, "mul: some operand to mul not recognized: " + expr) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, intermediates=str(lhs) + ' := ' + expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcop = self.src_operand immop = self.imm_operand dstop = self.dst_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.to_unsigned_int() imm = SV.SimDoubleWordValue(immval) expr = str(srcval) + ' | ' + str(immval) if srcval.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg( "warning", "ori: operand is undefined: " + str(srcop)) elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) if srcval.is_literal: result = SV.mk_simvalue(srcval.literal_value).bitwise_or(imm) else: result = SV.simUndefinedDW simstate.add_logmsg( "warning", "ori: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: """Subtraction with trap on overflow (trap not currently implemented).""" dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) if src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) elif src1val.is_symbol or src2val.is_symbol: expr = str(src1val) + ' - ' + str(src2val) raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_string_address and src2val.is_string_address: src1val = cast(SSV.SimStringAddress, src1val) src2val = cast(SSV.SimStringAddress, src2val) diff = src2val.stringval.find(src1val.stringval) result = SV.mk_simvalue(diff) elif src1val.is_stack_address and src2val.is_stack_address: src1val = cast(SSV.SimStackAddress, src1val) src2val = cast(SSV.SimStackAddress, src2val) diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_stack_address and src2val.is_literal: src1val = cast(SSV.SimStackAddress, src1val) result = cast(SV.SimValue, src1val.add_offset(-src2val.literal_value)) elif src1val.is_global_address and src2val.is_global_address: src1val = cast(SSV.SimGlobalAddress, src1val) src2val = cast(SSV.SimGlobalAddress, src2val) diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_global_address and src2val.is_literal: src1val = cast(SSV.SimGlobalAddress, src1val) diff = (src1val.offsetvalue - src2val.literal_value) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_literal and src2val.is_literal: diff = (src1val.literal_value - src2val.literal_value) % (SU.max32 + 1) result = SV.mk_simvalue(diff) else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, ('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' + str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: syscallindex = simstate.registers['v0'] if syscallindex.is_literal and syscallindex.is_defined: syscallindex = cast(SV.SimLiteralValue, syscallindex) raise SU.CHBSimSystemCallException(simstate, iaddr, syscallindex.value) else: raise SU.CHBSimCallTargetUnknownError( simstate, iaddr, syscallindex, 'syscall = ' + str(syscallindex))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: ecxval = simstate.get_regval(iaddr, 'ecx') if ecxval.is_literal: ecxval = cast(SV.SimLiteralValue, ecxval) newval = ecxval.sub(SV.simOne) simstate.set_register(iaddr, 'ecx', newval) tgtaddr = str(self.target_address) if newval.value != 0: raise SU.CHBSimJumpException(iaddr, tgtaddr) raise SU.CHBSimFallthroughException(iaddr, tgtaddr) else: raise SU.CHBSimError(simstate, iaddr, "Loop cannot be applied to " + str(ecxval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcval = simstate.rhs(iaddr, self.src_operand) simstate.increment_programcounter() if srcval.is_undefined: raise SU.CHBSimError( simstate, iaddr, "jr: jump target is undefined: " + str(srcval)) elif srcval.is_symbol: if str(srcval).endswith("ra_in"): simstate.trace.add_delayed("\n") return "return" else: raise SU.CHBSimError( simstate, iaddr, "jr: internal error: symbolic return address: " + str(srcval)) elif srcval.is_function_return_address: addr = cast(SSV.SimReturnAddress, srcval) simstate.simprogramcounter.set_delayed_programcounter(addr) simstate.trace.add_delayed("\n") simstate.set_function_address(addr.functionaddr) return "return to " + addr.functionaddr elif srcval.is_global_address: gaddr = cast(SSV.SimGlobalAddress, srcval) simstate.simprogramcounter.set_delayed_programcounter(gaddr) simstate.trace.add_delayed("\n") simstate.set_function_address(hex(gaddr.offsetvalue)) return "goto " + str(gaddr) elif srcval.is_literal: gaddr = simstate.resolve_literal_address(iaddr, srcval.literal_value) if gaddr.is_defined: simstate.simprogramcounter.set_delayed_programcounter(gaddr) return "goto " + str(gaddr) else: raise SU.CHBSimError( simstate, iaddr, "jr: target address cannot be resolved: " + str(srcval)) else: raise SU.CHBSimError( simstate, iaddr, "jr: illegal target address: " + str(srcval))
def do_assign(result: SV.SimValue) -> str: lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign( iaddr, simstate, lhs, result, ('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' + str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: X86SimulationState) -> None: op1 = self.operand_1 op2 = self.operand_2 val1 = simstate.get_rhs(iaddr, op1) val2 = simstate.get_rhs(iaddr, op2) if val2.is_literal: val2 = cast(SV.SimLiteralValue, val2) if val2.is_byte: val2 = cast(SV.SimByteValue, val2) val2 = val2.sign_extend(op1.size) elif val2.is_word: val2 = cast(SV.SimWordValue, val2) val2 = val2.sign_extend(op1.size) if (val1.is_doubleword and val1.is_literal and val2.is_doubleword and val2.is_literal): val1 = cast(SV.SimDoubleWordValue, val1) val2 = cast(SV.SimDoubleWordValue, val2) result = val1.sub(val2) simstate.update_flag(iaddr, 'CF', val1.sub_carries(val2)) simstate.update_flag(iaddr, 'OF', val1.sub_overflows(val2)) simstate.update_flag(iaddr, 'SF', result.is_negative) simstate.update_flag(iaddr, 'ZF', result.is_zero) simstate.update_flag(iaddr, 'PF', result.is_odd_parity) else: raise SU.CHBSimError( simstate, iaddr, ("Comparison of " + str(op1) + ":" + str(val1) + " and " + str(op2) + ":" + str(val2) + " not yet supported"))
def char_string(self, iaddr: str, address: SSV.SimAddress, size: int) -> str: offset = address.offsetvalue if offset not in self._mem: raise SU.CHBSimError( self.simstate, iaddr, "Address " + str(address) + " not found in memory") if self._mem[offset].is_link: return "----" if size == 4: b1 = self.byte(iaddr, offset + 3) b2 = self.byte(iaddr, offset + 2) b3 = self.byte(iaddr, offset + 1) b4 = self.byte(iaddr, offset) result = "" if b1.value == 0 and b2.value == 0 and b3.value == 0 and b4.value == 0: return result if self.bigendian: seq = [b4, b3, b2, b1] else: seq = [b1, b2, b3, b4] for b in seq: if b.value > 10 and b.value < 127: result += chr(b.value) else: result += "?" return result else: return "?"
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand immop = self.imm_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.value if srcval.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg("warning", "sltiu: operand is undefined: " + str(srcop)) elif srcval.is_literal: if srcval.literal_value < immval: result = SV.simOne else: result = SV.simZero else: result = SV.simUndefinedDW simstate.add_logmsg( "warning", "sltiu: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, str(srcval) + " < " + str(immval))
def get(self, iaddr: str, address: SSV.SimAddress, size: int) -> SV.SimValue: offset = address.offsetvalue if address.base.startswith("/stderr"): return cast(SV.SimValue, address) if offset not in self._mem: raise SU.CHBSimError( self.simstate, iaddr, "Address " + str(address) + " not found in memory") elif self._mem[offset].is_link: if self.bigendian: try: return self.symbolic_big_endian(iaddr, offset, size) except UF.CHBError as e: raise UF.CHBError(str(e) + ": " + str(self._mem[offset])) else: try: return self.symbolic_little_endian(iaddr, offset, size) except UF.CHBError as e: raise UF.CHBError( str(e) + ": " + str(address) + ": " + str(self._mem[offset])) elif size == 1: return self.byte(iaddr, offset) if self.bigendian: return self.big_endian(iaddr, offset, size) else: return self.little_endian(iaddr, offset, size)
def byte(self, iaddr: str, offset: int) -> SV.SimByteValue: if offset in self._mem: simbyte = self._mem[offset] if simbyte.is_defined: return simbyte else: raise SU.CHBSimError(self.simstate, iaddr, (self.name + " memory location at " + hex(offset) + " is a symbolic value")) else: if self.initialized: return SV.simZerobyte else: raise SU.CHBSimError(self.simstate, iaddr, (self.name + " memory location at " + str(hex(offset)) + " not initialized"))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: srcop = self.src_operand shiftop = self.shift_operand dstop = self.dst_operand srcval = simstate.get_rhs(iaddr, srcop) shiftval = simstate.get_rhs(iaddr, shiftop) dstval = simstate.get_rhs(iaddr, dstop) if (shiftval.is_literal and srcval.is_literal and dstval.is_literal and dstval.is_doubleword): shiftval = cast(SV.SimLiteralValue, shiftval) dstval = cast(SV.SimDoubleWordValue, dstval) srcval = cast(SV.SimLiteralValue, srcval) (cflag, result) = dstval.bitwise_shld(srcval, shiftval) simstate.set(iaddr, dstop, result) if shiftval.value > 0: if shiftval.value == 1: msbd = dstval.msb msbr = result.msb if msbd == msbr: simstate.clear_flag(iaddr, 'OF') else: simstate.set_flag(iaddr, 'OF') else: simstate.undefine_flag(iaddr, 'OF') simstate.update_flag(iaddr, 'CF', cflag == 1) simstate.update_flag(iaddr, 'SF', result.is_negative) simstate.update_flag(iaddr, 'ZF', result.is_zero) simstate.update_flag(iaddr, 'PF', result.is_odd_parity) else: SU.CHBSimError( simstate, iaddr, ("ShiftLeftDouble not yet implemented for " + str(dstop) + ":" + str(dstval) + ", " + str(srcop) + ":" + str(srcval) + ", " + str(shiftop) + ":" + str(shiftval)))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: srcop = self.src_operand dstop = self.dst_operand if (srcop.is_register and dstop.is_register and srcop.register == dstop.register): simstate.set(iaddr, dstop, SV.simZero) simstate.set_flag(iaddr, 'ZF') simstate.clear_flag(iaddr, 'PF') simstate.clear_flag(iaddr, 'CF') simstate.clear_flag(iaddr, 'OF') simstate.clear_flag(iaddr, 'SF') else: srcval = simstate.get_rhs(iaddr, srcop) dstval = simstate.get_rhs(iaddr, dstop) if dstval.is_literal: dstval = cast(SV.SimLiteralValue, dstval) result = dstval.bitwise_xor(srcval) simstate.set(iaddr, dstop, result) simstate.clear_flag(iaddr, 'OF') simstate.clear_flag(iaddr, 'CF') simstate.update_flag(iaddr, 'SF', result.is_negative) simstate.update_flag(iaddr, 'ZF', result.is_zero) simstate.update_flag(iaddr, 'PF', result.is_odd_parity) else: raise SU.CHBSimError( simstate, iaddr, ("Xor cannot be applied to " + str(dstval)))
def get(self, iaddr: str, address: SSV.SimAddress, size: int) -> SV.SimValue: try: for base in self.baseoffsets: if ( address.offsetvalue >= base and address.offsetvalue < base + self.buffersize): address = address.add_offset(-base) try: memval = SimMemory.get(self, iaddr, address, size) except SU.CHBSimError: memval = SV.mk_simvalue(0, size=size) return memval else: raise SU.CHBSimError( self.simstate, iaddr, "invalid shared memory address: " + str(address)) except SU.CHBSimError as e: print("Error in shared memory: " + str(e)) name = (self.name + '[' + str(address.offsetvalue) + ']' + ' (value not retrieved: ' + str(e) + ')') return SSV.SimSymbol(name)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = simstate.rhs(iaddr, srcop, opsize=1) lhs = simstate.set(iaddr, dstop, srcval) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, srcval)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: srcop = self.src_operand dstop = self.dst_operand srcval = simstate.get_rhs(iaddr, srcop) dstval = simstate.get_rhs(iaddr, dstop) if (srcval.is_literal and dstval.is_literal and dstval.is_doubleword): srcval = cast(SV.SimLiteralValue, srcval) dstval = cast(SV.SimDoubleWordValue, dstval) (cflag, result) = dstval.bitwise_shr(srcval) simstate.set(iaddr, dstop, result) if srcval.value > 0: simstate.update_flag(iaddr, 'CF', cflag == 1) if srcval.value == 1: msb = dstval.msb simstate.update_flag(iaddr, 'OF', msb == 1) else: simstate.undefine_flag(iaddr, 'OF') simstate.update_flag(iaddr, 'CF', cflag == 1) simstate.update_flag(iaddr, 'SF', result.is_negative) simstate.update_flag(iaddr, 'ZF', result.is_zero) simstate.update_flag(iaddr, 'PF', result.is_odd_parity) else: raise SU.CHBSimError( simstate, iaddr, ("ShiftRight not yet supported for " + str(dstop) + ":" + str(dstval) + ", " + str(srcop) + ":" + str(srcval)))