def p_brackets_6(t): '''brackets : MINUS NUMBER PLUS symbol LBRA expression RBRA %prec UMINUS''' if not x86_afs.ad in t[6]: t[6][x86_afs.ad] = True t[0] = t[6] for f in t[4]: t[0][f] = t[4][f] t[0][x86_afs.imm] = - int(int32(uint32(int(t[2]))))
def p_brackets_5(t): '''brackets : NUMBER PLUS symbol LBRA expression RBRA ''' if not x86_afs.ad in t[5]: t[5][x86_afs.ad] = True t[0] = t[5] for f in t[3]: t[0][f] = t[3][f] t[0][x86_afs.imm] = int(int32(uint32(int(t[1]))))
def is_mem_in_target(self, e, t): ex = ExprOp('-', e.arg, t.arg) ex = expr_simp(self.eval_expr(ex, {})) if not isinstance(ex, ExprInt): return None ptr_diff = int32(ex.arg) if ptr_diff < 0: return False if ptr_diff + e.size / 8 <= t.size / 8: return True return False
def get_mem_overlapping(self, e, eval_cache={}): if not isinstance(e, ExprMem): raise ValueError('mem overlap bad arg') ov = [] """ for k in self.pool: if not isinstance(k, ExprMem): continue ex = ExprOp('-', k.arg, e.arg) ex = expr_simp(self.eval_expr(ex, {})) if not isinstance(ex, ExprInt): continue ptr_diff = int32(ex.arg) if ptr_diff >=0 and ptr_diff < e.size/8: ov.append((-ptr_diff, k)) elif ptr_diff <0 and ptr_diff + k.size/8>0: ov.append((-ptr_diff, k)) """ # suppose max mem size is 64 bytes, compute all reachable addresses to_test = [] #comp = {} #print("FINDING %s" % e) for i in range(-7, e.size // 8): ex = expr_simp( self.eval_expr(e.arg + ExprInt(uint32(i)), eval_cache)) #print("%s %s"%(i, ex)) to_test.append((i, ex)) for i, x in to_test: if not x in self.pool.pool_mem: continue ex = expr_simp(self.eval_expr(e.arg - x, eval_cache)) if not isinstance(ex, ExprInt): raise ValueError("%s should be ExprInt instead of %s" % (ex, ex.__class__.__name__)) ptr_diff = int32(ex.arg) #print("ptrdiff %s %s'%(ptr_diff, i)) if ptr_diff >= self.pool.pool_mem[x][1].get_size() / 8: #print("too long!") continue ov.append((i, self.pool.pool_mem[x][0])) #""" """ print(ov) if len(ov)>0: print("XXXX %s" % [(x[0], str(x[1])) for x in ov]) """ return ov
def substract_mems(self, a, b): ex = ExprOp('-', b.arg, a.arg) ex = expr_simp(self.eval_expr(ex, {})) if not isinstance(ex, ExprInt): return None ptr_diff = int(int32(ex.arg)) out = [] if ptr_diff < 0: # [a ] #[b ]XXX sub_size = b.size + ptr_diff * 8 if sub_size >= a.size: pass else: ex = ExprOp('+', a.arg, ExprInt(uint32(sub_size / 8))) ex = expr_simp(self.eval_expr(ex, {})) rest_ptr = ex rest_size = a.size - sub_size val = self.pool[a][sub_size:a.size] out = [(ExprMem(rest_ptr, rest_size), val)] else: #[a ] #XXXX[b ]YY #[a ] #XXXX[b ] out = [] #part X if ptr_diff > 0: val = self.pool[a][0:ptr_diff * 8] out.append((ExprMem(a.arg, ptr_diff * 8), val)) #part Y if ptr_diff * 8 + b.size < a.size: ex = ExprOp('+', b.arg, ExprInt(uint32(b.size / 8))) ex = expr_simp(self.eval_expr(ex, {})) val = self.pool[a][ptr_diff * 8 + b.size:a.size] out.append((ExprMem(ex, val.get_size()), val)) return out
def p_brackets_4(t): '''brackets : MINUS NUMBER LBRA expression RBRA''' if not x86_afs.ad in t[4]: t[4][x86_afs.ad] = True t[0] = t[4] t[0][x86_afs.imm] = - int(int32(uint32(int(t[2]))))
def p_brackets_3(t): '''brackets : NUMBER LBRA expression RBRA ''' if not x86_afs.ad in t[3]: t[3][x86_afs.ad] = True t[0] = t[3] t[0][x86_afs.imm] = int(int32(uint32(int(t[1]))))
def p_expression_5(t): '''expression : NUMBER''' t[0] = {x86_afs.imm:int(int32(uint32(int(t[1]))))}