def test_reversers(self):
# order of resolution should be
# FieldReverser
# DoubleLinkedListReverser
# PointerFieldReverser
# TypeReverser
struct_d = self._context.get_record_for_address(self.offset)
sig_1 = struct_d.get_signature_text()
# print '1.', self._v(struct_d)
# try to find some logical constructs.
doublelink = reversers.DoubleLinkedListReverser(self.memory_handler)
doublelink.reverse()
sig_2 = struct_d.get_signature_text()
# print '2.', self._v(struct_d)
# no double linked list in here
self.assertEqual('', sig_2)
# decode bytes contents to find basic types.
fr = dsa.FieldReverser(self.memory_handler)
fr.reverse()
sig_3 = struct_d.get_signature_text()
# print '3.', self._v(struct_d)
#self.assertEqual(sig_3, 'P8P8P8z24i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z40i8z8i8z8i8z8i8z8i8z8i8z8i8z8i8z8i8z8i8z8P8P8P8P8P8P8P8P8P8P8P8P8u40P8P8P8P8P8P8P8P8P8P8i8P8T14u2z16P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z8P8z16P8')
# identify pointer relation between allocators
pfr = pointertypes.PointerFieldReverser(self.memory_handler)
pfr.reverse()
sig_4 = struct_d.get_signature_text()
# print '4.', self._v(struct_d)
#logging.getLogger("reversers").setLevel(logging.DEBUG)
# aggregate field of same type in an array
## FIXME very very long.
#afr = reversers.ArrayFieldsReverser(self._context)
#afr.reverse()
#sig_5 = struct_d.get_signature_text()
# print '5.', self._v(struct_d)
tr = signature.TypeReverser(self.memory_handler)
tr.reverse()
sig_6 = struct_d.get_signature_text()
# print '6.', self._v(struct_d)
# print "tr._similarities", tr._similarities
for a, b in tr._similarities:
# print self._context.get_record_for_address(a).to_string()
# print self._context.get_record_for_address(b).to_string()
#import code
#code.interact(local=locals())
pass
def test_doublelink(self):
rev = signature.TypeReverser(self.memory_handler)
# interesting records
# SIG:T4i4P4P4i4z12
# struct_bbf78 struct_a6518 struct_cca28
# list goes from 0xccd28, 0xccd00 to 0x98268
#_record = self._context.get_record_for_address(0xccd28)
_record = self._context.get_record_for_address(0xccd00)
print _record.to_string()
_record.set_reverse_level(10)
rev.reverse_context(self._context)
print _record.to_string()
pass
def test_doublelink(self):
# we need a basic reversing first - see this UT class setUP
rev = signature.TypeReverser(self.memory_handler)
# interesting records
# SIG:T4i4P4P4i4z12
# struct_bbf78 struct_a6518 struct_cca28
# list goes from 0xccd28, 0xccd00 to 0x98268
#_record = self._context.get_record_for_address(0xccd28)
_record = self._context.get_record_for_address(0xccd00)
print("Before:")
print(_record.to_string())
_record.set_reverse_level(10)
rev.reverse_context(self._context)
print("After:")
print(_record.to_string())
pass
def test_reverse_heap(self):
#ctx = reversers.reverse_heap(self.memory_handler, zeus_856_svchost_exe.known_heaps[0][0])
struct_d = self._context.get_record_for_address(self.offset)
struct_d.reset()
sig_1 = struct_d.get_signature_text()
# print '1.', self._v(struct_d)
#self.assertEqual(sig_1, 'P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z8272P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z180u4z176')
# decode bytes contents to find basic types.
fr = dsa.FieldReverser(self.memory_handler)
fr.reverse()
sig_2 = struct_d.get_signature_text()
# print '2.', self._v(struct_d)
# no double linked list in here
#self.assertEqual(sig_2, 'P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z8272P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z180u4z176')
# print struct_d.to_string()
#import code
#code.interact(local=locals())
# try to find some logical constructs.
doublelink = reversers.DoubleLinkedListReverser(self.memory_handler)
doublelink.reverse()
#self.assertEqual(doublelink.found, 12)
sig_3 = struct_d.get_signature_text()
# print '3.', self._v(struct_d)
#self.assertEqual(sig_3, 'P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4P4P4P4P4P4P4i4z4i4i4z8P4P4z8P4i4u16z4i4z4P4P4P4P4z64P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z8272P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z176P4u4z180u4z176')
# print struct_d.to_string()
#import code
#code.interact(local=locals())
# identify pointer relation between allocators
pfr = pointertypes.PointerFieldReverser(self.memory_handler)
pfr.reverse()
sig_4 = struct_d.get_signature_text()
# print '4.', self._v(struct_d)
# print struct_d.to_string()
#import code
#code.interact(local=locals())
# aggregate field of same type in an array
#afr = reversers.ArrayFieldsReverser(self._context)
#afr.reverse()
#sig_5 = struct_d.get_signature_text()
# print '5.', self._v(struct_d)
# print struct_d.to_string()
#import code
#code.interact(local=locals())
tr = signature.TypeReverser(self.memory_handler)
tr.reverse()
sig_6 = struct_d.get_signature_text()
# print '6.', self._v(struct_d)
# print "tr._similarities", tr._similarities
for a, b in tr._similarities:
# print self._context.get_record_for_address(a).to_string()
# print self._context.get_record_for_address(b).to_string()
#import code
#code.interact(local=locals())
pass
