def gen_finalize(self, block): """ Generate the C code for the final block instruction """ loc_key = self.get_block_post_label(block) offset = self.ir_arch.loc_db.get_location_offset(loc_key) out = (self.CODE_RETURN_NO_EXCEPTION % (loc_key, self.C_PC, m2_expr.ExprId('branch_dst_irdst', 32), m2_expr.ExprId('branch_dst_irdst', 32), self.id_to_c(m2_expr.ExprInt(offset, 32)))).split('\n') return out
def gen_regs(rnames, env, sz=32): regs_str = [] regs_expr = [] regs_init = [] for rname in rnames: r = m2_expr.ExprId(rname, sz) r_init = m2_expr.ExprId(rname+'_init', sz) regs_str.append(rname) regs_expr.append(r) regs_init.append(r_init) env[rname] = r reginfo = reg_info(regs_str, regs_expr) return regs_expr, regs_init, reginfo
def identifier(cls, size=32): """Return a random identifier @size: (optional) identifier size """ return m2_expr.ExprId("".join([ random.choice(cls.identifier_charset) for _ in range(cls.identifier_len) ]), size=size)
class IR(object): def __init__(self, loc_db): self.loc_db = loc_db IRDst = m2_expr.ExprId("IRDst", 32) def get_next_instr(self, _): return m2_expr.LocKey(0) def get_next_loc_key(self, _): return m2_expr.LocKey(0)
def set_dst_symbol(self, loc_db): dst = self.getdstflow(loc_db) args = [] for d in dst: if isinstance(d, m2_expr.ExprInt): l = loc_db.get_or_create_offset_location(int(d)) a = m2_expr.ExprId(l.name, d.size) else: a = d args.append(a) self.args_symb = args
def find_variables_rec(self, expr): """Recursive method called by find_variable to expand @expr. Set @var_names and @var_values. This implementation is faster than an expression visitor because we do not rebuild each expression. """ if (expr in self.var_asked): # Expr has already been asked if expr not in viewvalues(self._vars): # Create var identifier = m2_expr.ExprId( "%s%s" % (self.var_prefix, next(self.var_indice)), size=expr.size) self._vars[identifier] = expr # Recursion stop case return else: # First time for @expr self.var_asked.add(expr) if isinstance(expr, m2_expr.ExprOp): for a in expr.args: self.find_variables_rec(a) elif isinstance(expr, m2_expr.ExprInt): pass elif isinstance(expr, m2_expr.ExprId): pass elif isinstance(expr, m2_expr.ExprLoc): pass elif isinstance(expr, m2_expr.ExprMem): self.find_variables_rec(expr.ptr) elif isinstance(expr, m2_expr.ExprCompose): for arg in expr.args: self.find_variables_rec(arg) elif isinstance(expr, m2_expr.ExprSlice): self.find_variables_rec(expr.arg) elif isinstance(expr, m2_expr.ExprCond): self.find_variables_rec(expr.cond) self.find_variables_rec(expr.src1) self.find_variables_rec(expr.src2) else: raise NotImplementedError("Type not handled: %s" % expr)
def _expr_loc_to_symb(expr, loc_db): if not expr.is_loc(): return expr if loc_db is None: name = str(expr) else: names = loc_db.get_location_names(expr.loc_key) if not names: name = loc_db.pretty_str(expr.loc_key) else: # Use only one name for readability name = sorted(names)[0] return m2_expr.ExprId(name, expr.size)
def gen_reg(reg_name, sz=32): """Gen reg expr and parser""" reg = m2_expr.ExprId(reg_name, sz) reginfo = reg_info([reg_name], [reg]) return reg, reginfo
def __init__(self, loc_db): self.addrsize = 32 Lifter.__init__(self, mn_mips32, 'b', loc_db) self.pc = mn_mips32.getpc() self.sp = mn_mips32.getsp() self.IRDst = m2_expr.ExprId('IRDst', 32)
# Match the expected form ## isinstance(expr, m2_expr.ExprOp) is not needed: simplifications are ## attached to expression types if expr.op == "+" and \ len(expr.args) == 3 and \ expr.args.count(expr.args[0]) == len(expr.args): # Effective simplification return m2_expr.ExprOp("*", expr.args[0], m2_expr.ExprInt(3, expr.args[0].size)) else: # Do not simplify return expr a = m2_expr.ExprId('a', 32) base_expr = a + a + a print("Without adding the simplification:") print("\t%s = %s" % (base_expr, expr_simp(base_expr))) # Enable pass expr_simp.enable_passes({m2_expr.ExprOp: [simp_add_mul]}) print("After adding the simplification:") print("\t%s = %s" % (base_expr, expr_simp(base_expr))) # Automatic fail assert (expr_simp(base_expr) == m2_expr.ExprOp("*", a, m2_expr.ExprInt(3, a.size)))
def test_Variables_Identifier(self): import miasm.expression.expression as m2_expr from miasm.expression.expression_helper import Variables_Identifier # Build a complex expression cst = m2_expr.ExprInt(0x100, 16) eax = m2_expr.ExprId("EAX", 32) ebx = m2_expr.ExprId("EBX", 32) ax = eax[0:16] expr = eax + ebx expr = m2_expr.ExprCompose(ax, expr[16:32]) expr2 = m2_expr.ExprMem((eax + ebx) ^ (eax), size=16) expr2 = expr2 | ax | expr2 | cst exprf = expr - expr + m2_expr.ExprCompose(expr2, cst) # Identify variables vi = Variables_Identifier(exprf) # Use __str__ print(vi) # Test the result new_expr = vi.equation ## Force replace in the variable dependency order for var_id, var_value in reversed(list(viewitems(vi.vars))): new_expr = new_expr.replace_expr({var_id: var_value}) self.assertEqual(exprf, new_expr) # Test prefix vi = Variables_Identifier(exprf, var_prefix="prefix_v") ## Use __str__ print(vi) ## Test the result new_expr = vi.equation ### Force replace in the variable dependency order for var_id, var_value in reversed(list(viewitems(vi.vars))): new_expr = new_expr.replace_expr({var_id: var_value}) self.assertEqual(exprf, new_expr) # Test an identify on an expression already containing identifier vi = Variables_Identifier(exprf) vi2 = Variables_Identifier(vi.equation) ## Test the result new_expr = vi2.equation ### Force replace in the variable dependency order for var_id, var_value in reversed(list(viewitems(vi2.vars))): new_expr = new_expr.replace_expr({var_id: var_value}) self.assertEqual(vi.equation, new_expr) ## Corner case: each sub var depends on itself mem1 = m2_expr.ExprMem(ebx, size=32) mem2 = m2_expr.ExprMem(mem1, size=32) cst2 = m2_expr.ExprInt(-1, 32) expr_mini = ((eax ^ mem2 ^ cst2) & (mem2 ^ (eax + mem2)))[31:32] ## Build vi = Variables_Identifier(expr_mini) vi2 = Variables_Identifier(vi.equation) ## Test the result new_expr = vi2.equation ### Force replace in the variable dependency order for var_id, var_value in reversed(list(viewitems(vi2.vars))): new_expr = new_expr.replace_expr({var_id: var_value}) self.assertEqual(vi.equation, new_expr)
def __init__(self, loc_db=None): super(ir_ppc32b, self).__init__(mn_ppc, 'b', loc_db) self.pc = mn_ppc.getpc() self.sp = mn_ppc.getsp() self.IRDst = expr.ExprId('IRDst', 32) self.addrsize = 32
def __init__(self, loc_db=None): self.addrsize = 32 IntermediateRepresentation.__init__(self, mn_mips32, 'b', loc_db) self.pc = mn_mips32.getpc() self.sp = mn_mips32.getsp() self.IRDst = m2_expr.ExprId('IRDst', 32)
def __init__(self, ir_arch): super(mipsCGen, self).__init__(ir_arch) self.delay_slot_dst = m2_expr.ExprId("branch_dst_irdst", 32) self.delay_slot_set = m2_expr.ExprId("branch_dst_set", 32)
"Test docstring" Arg1 = Arg2 mem32[Arg1] = Arg2 mem32[Arg2] = Arg3 + i32(4) - mem32[Arg1] Arg3 = Arg3 if Arg2 else i32(0) tmpvar = 'myop' (i32(2)) Arg2 = ('myopsize%d' % Arg1.size)(tmpvar, Arg1) alias = Arg1[:24] if not Arg1: Arg2 = Arg3 else: alias = {i16(4), i8(5)} a = m2_expr.ExprId('A', 32) b = m2_expr.ExprId('B', 32) c = m2_expr.ExprId('C', 32) loc_db = LocationDB() ir = IR(loc_db) instr = Instr() res = test(ir, instr, a, b, c) print("[+] Returned:") print(res) print("[+] DocString:", test.__doc__) print("[+] Cur instr:") for statement in res[0]: print(statement)
def ast_id2expr(a): return m2_expr.ExprId(a, 32)
# in Miasm2 engine thanks to : # - Conditions computation in ExprOp # - Simplifications to catch known condition forms # # Conditions currently supported : # <u, <s, == # # Authors : Fabrice DESCLAUX (CEA/DAM), Camille MOUGEY (CEA/DAM) # ################################################################################ import miasm.expression.expression as m2_expr # Jokers for expression matching jok1 = m2_expr.ExprId("jok1", 32) jok2 = m2_expr.ExprId("jok2", 32) jok3 = m2_expr.ExprId("jok3", 32) jok_small = m2_expr.ExprId("jok_small", 1) # Constructors def __ExprOp_cond(op, arg1, arg2): "Return an ExprOp standing for arg1 op arg2 with size to 1" ec = m2_expr.ExprOp(op, arg1, arg2) return ec def ExprOp_inf_signed(arg1, arg2): "Return an ExprOp standing for arg1 <s arg2"