def test(data):
# Digest C informations
text = """
struct human {
unsigned short age;
unsigned int height;
char name[50];
};
struct ll_human {
struct ll_human* next;
struct human human;
};
"""
my_types = CTypeAMD64_unk()
types_mngr = CTypesManagerNotPacked(my_types.types)
types_mngr.add_c_decl(text)
# Analyze binary
cont = Container.fallback_container(data, None, addr=0)
machine = Machine("x86_64")
dis_engine, ira = machine.dis_engine, machine.ira
mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool)
addr_head = 0
blocks = mdis.dis_multibloc(addr_head)
lbl_head = mdis.symbol_pool.getby_offset(addr_head)
ir_arch_a = ira(mdis.symbol_pool)
for block in blocks:
ir_arch_a.add_bloc(block)
open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot())
# Main function's first argument's type is "struct ll_human*"
void_ptr = types_mngr.void_ptr
ll_human = types_mngr.get_type(('ll_human',))
ptr_llhuman = ObjCPtr('noname', ll_human,
void_ptr.align, void_ptr.size)
arg0 = ExprId('ptr', 64)
ctx = {ir_arch_a.arch.regs.RDI: arg0}
expr_types = {arg0.name: ptr_llhuman}
mychandler = MyCHandler(types_mngr, expr_types)
for expr in get_funcs_arg0(ctx, ir_arch_a, lbl_head):
print "Access:", expr
target_types = mychandler.expr_to_types(expr)
for target_type in target_types:
print '\tType:', target_type
c_strs = mychandler.expr_to_c(expr)
for c_str in c_strs:
print "\tC access:", c_str
print
'-d',
"--defuse",
action="store_true",
help="Dump the def-use graph in file 'defuse.dot'."
"The defuse is dumped after simplifications if -s option is specified")
args = parser.parse_args()
if args.verbose:
log_asmblock.setLevel(logging.DEBUG)
log.info('Load binary')
if args.rawbinary:
shift = args.shiftoffset if args.shiftoffset is not None else 0
cont = Container.fallback_container(open(args.filename).read(),
None,
addr=shift)
else:
with open(args.filename) as fdesc:
cont = Container.from_stream(fdesc, addr=args.shiftoffset)
default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
print "Architecture recognition fail. Please specify it in arguments"
};
struct ll_human {
struct ll_human* next;
struct human human;
};
"""
base_types = CTypeAMD64_unk()
types_ast = CAstTypes()
types_ast.add_c_decl(text)
types_mngr = CTypesManagerNotPacked(types_ast, base_types)
# Analyze binary
cont = Container.fallback_container(data, None, addr=0)
machine = Machine("x86_64")
dis_engine, ira = machine.dis_engine, machine.ira
mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool)
addr_head = 0
blocks = mdis.dis_multiblock(addr_head)
lbl_head = mdis.symbol_pool.getby_offset(addr_head)
ir_arch_a = ira(mdis.symbol_pool)
for block in blocks:
ir_arch_a.add_block(block)
open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot())
help="Display image representation of disasm")
parser.add_argument('-c', "--rawbinary", default=False, action="store_true",
help="Don't interpret input as ELF/PE/...")
parser.add_argument('-d', "--defuse", action="store_true",
help="Dump the def-use graph in file 'defuse.dot'."
"The defuse is dumped after simplifications if -s option is specified")
args = parser.parse_args()
if args.verbose:
log_asmblock.setLevel(logging.DEBUG)
log.info('Load binary')
if args.rawbinary:
shift = args.shiftoffset if args.shiftoffset is not None else 0
cont = Container.fallback_container(open(args.filename).read(),
None, addr=shift)
else:
with open(args.filename) as fdesc:
cont = Container.from_stream(fdesc, addr=args.shiftoffset)
default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
print "Architecture recognition fail. Please specify it in arguments"
exit(-1)
};
struct ll_human {
struct ll_human* next;
struct human human;
};
"""
base_types = CTypeAMD64_unk()
types_ast = CAstTypes()
types_ast.add_c_decl(text)
types_mngr = CTypesManagerNotPacked(types_ast, base_types)
# Analyze binary
cont = Container.fallback_container(data, None, addr=0)
machine = Machine("x86_64")
dis_engine, ira = machine.dis_engine, machine.ira
mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool)
addr_head = 0
asmcfg = mdis.dis_multiblock(addr_head)
lbl_head = mdis.symbol_pool.getby_offset(addr_head)
ir_arch_a = ira(mdis.symbol_pool)
for block in asmcfg.blocks:
ir_arch_a.add_block(block)
open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot())
help="Dump the def-use graph in file 'defuse.dot'."
"The defuse is dumped after simplifications if -s option is specified")
parser.add_argument('-p',
"--ssa",
action="store_true",
help="Generate the ssa form in 'ssa.dot'.")
args = parser.parse_args()
if args.verbose:
log_asmblock.setLevel(logging.DEBUG)
log.info('Load binary')
if args.rawbinary:
cont = Container.fallback_container(open(args.filename, "rb").read(),
vm=None,
addr=args.shiftoffset)
else:
with open(args.filename, "rb") as fdesc:
cont = Container.from_stream(fdesc, addr=args.shiftoffset)
default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
print "Architecture recognition fail. Please specify it in arguments"
"Use only with --propagexpr option. "
"WARNING: not reliable, may fail.")
parser.add_argument('-e', "--loadint", action="store_true",
help="Load integers from binary in fixed memory lookup.")
parser.add_argument('-j', "--calldontmodstack", action="store_true",
help="Consider stack high is not modified in subcalls")
args = parser.parse_args()
if args.verbose:
log_asmblock.setLevel(logging.DEBUG)
log.info('Load binary')
if args.rawbinary:
cont = Container.fallback_container(open(args.filename, "rb").read(),
vm=None, addr=args.base_address)
else:
with open(args.filename, "rb") as fdesc:
cont = Container.from_stream(fdesc, addr=args.base_address)
default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
print "Architecture recognition fail. Please specify it in arguments"
exit(-1)
parser.add_argument('-x', "--propagexpr", action="store_true",
help="Do Expression propagation.")
parser.add_argument('-y', "--stack2var", action="store_true",
help="*Try* to do transform stack accesses into variables. "
"Use only with --propagexpr option. "
"WARNING: not reliable, may fail.")
args = parser.parse_args()
if args.verbose:
log_asmblock.setLevel(logging.DEBUG)
log.info('Load binary')
if args.rawbinary:
cont = Container.fallback_container(open(args.filename, "rb").read(),
vm=None, addr=args.shiftoffset)
else:
with open(args.filename, "rb") as fdesc:
cont = Container.from_stream(fdesc, addr=args.shiftoffset)
default_addr = cont.entry_point
bs = cont.bin_stream
e = cont.executable
log.info('ok')
log.info("import machine...")
# Use the guessed architecture or the specified one
arch = args.architecture if args.architecture else cont.arch
if not arch:
print "Architecture recognition fail. Please specify it in arguments"
exit(-1)
