def test_coverage(self):
'''
((mem[piva_global(0xbfbfee08):1] | (mem[(arg0 + 72):4] & 0xffffff00)) + piva_global())
'''
ids = []
piva1 = Var('piva_global', 4)
ids.append(piva1._sym_id)
arg = Const(0xbfbfee08, 4)
ids.append(arg._sym_id)
call = Call(piva1, 4, argsyms=[arg])
ids.append(call._sym_id)
con = Const(1, 4)
ids.append(con._sym_id)
mem1 = Mem(call, con)
ids.append(mem1._sym_id)
arg = Arg(0, 4)
ids.append(arg._sym_id)
addop = Const(72, 4)
ids.append(addop._sym_id)
add = o_add(arg, addop, 4)
ids.append(add._sym_id)
con = Const(4, 4)
ids.append(con._sym_id)
memac = Mem(add, con)
ids.append(memac._sym_id)
andop = Const(0xffffff00, 4)
ids.append(andop._sym_id)
mem2 = o_and(memac, andop, 4)
ids.append(mem2._sym_id)
memor = o_or(mem1, mem2, 4)
ids.append(memor._sym_id)
piva2 = Var('piva_global', 4)
ids.append(piva2._sym_id)
call2 = Call(piva2, 4, argsyms=[])
ids.append(call2._sym_id)
add = o_add(memor, call2, 4)
ids.append(add._sym_id)
traveled_ids = []
def walkerTest(path, symobj, ctx):
traveled_ids.append(symobj._sym_id)
add.walkTree(walkerTest)
self.assertEqual(traveled_ids, ids)
self.assertEqual(
'((mem[piva_global(0xbfbfee08):1] | (mem[(arg0 + 72):4] & 0xffffff00)) + piva_global())',
str(add))
def test_callfunc(self):
# reduction, with and without argsyms
funcsym = Var('NeatoBurrito', 4)
argsyms = [
(Const(1, 4)**Var('edx', 4)) ^ Const(0x10, 4),
(Var('eax', 4) ^ Var('eax', 4) | Const(0x10, 4)) << Const(0, 4),
(Var('ebx', 4) & Var('ebx', 4)) | Const(0x40, 4) | Const(0x80, 4),
Mem(Const(0x41414141, 4), Const(32, 4)),
]
cf = CallFunction(0x44, funcsym, argsyms=argsyms)
self.assertEqual(
str(cf),
'NeatoBurrito(((1 ** edx) ^ 16),(((eax ^ eax) | 16) << 0),(((ebx & ebx) | 64) | 128),mem[0x41414141:32])'
)
cf.reduce()
self.assertEqual(str(cf),
'NeatoBurrito(17,16,(ebx | 192),mem[0x41414141:32])')
# walkTree
funcsym = Var('NeatoBurrito', 4)
argsyms = [
(Var('eax', 4) + Const(47, 4)) + (Var('ebx', 4) + Const(12, 4)),
Var('foo', 4) & Var('foo', 4),
Var('eax', 4) / Const(4, 4),
Var('eax', 4) >> Const(2, 4),
Const(4, 4) / Var('eax', 4),
]
cf = CallFunction(0x44, funcsym, argsyms=argsyms)
answer = [
Var('NeatoBurrito', 4),
Var('eax', 4),
Const(47, 4),
o_add(Var("eax", 4), Const(47, 4), 4),
Var('ebx', 4),
Const(12, 4),
o_add(Var('ebx', 4), Const(12, 4), 4),
(Var('eax', 4) + Const(47, 4)) + (Var('ebx', 4) + Const(12, 4)),
Var('foo', 4),
Var('foo', 4),
o_and(Var('foo', 4), Var('foo', 4), 4),
Var('eax', 4),
Const(4, 4),
o_div(Var('eax', 4), Const(4, 4), 4),
Var('eax', 4),
Const(2, 4),
o_rshift(Var('eax', 4), Const(2, 4), 4),
Const(4, 4),
Var('eax', 4),
o_div(Const(4, 4), Var('eax', 4), 4),
]
visited = []
cf.walkTree(walker, ctx=visited)
self.assertEqual(visited, answer)
# application, with argsyms
emu = MockEmulator(MockVw())
emu.setSymVariable('eax', Const(100, 4))
newcf = cf.applyEffect(emu=emu)
newcf.reduce()
self.assertEqual(str(newcf), 'NeatoBurrito((ebx + 159),foo,25,25,0)')
# application, without argsyms
# by itself, emu.applyFunctionCall is just a NOP
emu = MockEmulator(MockVw())
funcsym = Var('ebx', 4)
cf = CallFunction(0x44, funcsym)
newcf = cf.applyEffect(emu=emu)
newcf.reduce()
self.assertEqual(newcf, cf)
def test_moarmem(self):
ctx = {'path': []}
ast = o_sub(
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(Arg(0, width=8), Const(0x00000030, 8),
8), Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4), 4), Const(0x00000001, 8), 8),
Const(0x00000001, 8), 8)
ast.walkTree(walkTree_cb, ctx)
flattened = [
Arg(0, width=8),
Const(0x00000030, 8),
o_add(Arg(0, width=8), Const(0x00000030, 8), 8),
Const(0x00000008, 8),
Mem(o_add(Arg(0, width=8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
Const(0x20000000, 8),
Const(0x00000008, 8),
Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8),
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8),
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8),
o_sub(
Mem(o_add(Arg(0, width=8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4),
o_and(
o_sub(
Mem(o_add(Arg(0, width=8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8), Const(0x00000008,
8)),
Const(0x00000048, 8), 8), Const(0x00000008,
8)),
Const(0x00000001, 8), 8), 8), Const(0xffffffff, 4), 4),
Const(0x20000000, 8),
Const(0x00000030, 8),
o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8),
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
Const(0x20000000, 8),
Const(0x00000008, 8),
Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8),
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8),
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8),
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4),
o_and(
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8), Const(0x00000008,
8)),
Const(0x00000048, 8), 8), Const(0x00000008,
8)),
Const(0x00000001, 8), 8), 8), Const(0xffffffff, 4), 4),
o_xor(
o_and(
o_sub(
Mem(o_add(Arg(0, width=8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)), Const(0x00000001, 8),
8), 8), Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8), Const(0x00000030, 8),
8), Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)), Const(0x00000001, 8),
8), 8), Const(0xffffffff, 4), 4), 4),
Const(0x00000001, 8),
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(Arg(0, width=8), Const(0x00000030, 8),
8), Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4), 4), Const(0x00000001, 8), 8),
Const(0x00000001, 8),
o_sub(
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(Arg(0, width=8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4), 4), Const(0x00000001, 8),
8), Const(0x00000001, 8), 8)
]
self.assertEqual(ast, evalSymbolik(repr(ast)))
self.assertEqual(ctx['path'], flattened)
self.assertEqual(ctx['path'][-1], ast)
def test_mem(self):
ctx = {'path': []}
ast = o_sub(
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(
#Arg(0,width=8)
Const(0x20000000, 8),
Const(0x00000030, 8),
8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(
#Arg(0,width=8)
Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8),
8),
Const(0x00000008, 8)),
Const(0x00000001, 8),
8),
8),
Const(0xffffffff, 4),
4),
o_and(
o_sub(
Mem(
o_add(
#Arg(0,width=8)
Const(0x20000000, 8),
Const(0x00000030, 8),
8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(
#Arg(0,width=8)
Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8),
8),
Const(0x00000008, 8)),
Const(0x00000001, 8),
8),
8),
Const(0xffffffff, 4),
4),
4),
Const(0x00000001, 8),
8),
Const(0x00000001, 8),
8)
flattened = [
Const(0x20000000, 8),
Const(0x00000030, 8),
o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8),
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
Const(0x20000000, 8),
Const(0x00000008, 8),
Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8),
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8),
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8),
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4),
o_and(
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8), Const(0x00000008,
8)),
Const(0x00000048, 8), 8), Const(0x00000008,
8)),
Const(0x00000001, 8), 8), 8), Const(0xffffffff, 4), 4),
Const(0x20000000, 8),
Const(0x00000030, 8),
o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8),
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
Const(0x20000000, 8),
Const(0x00000008, 8),
Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8),
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8),
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8),
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(Mem(Const(0x20000000, 8), Const(0x00000008, 8)),
Const(0x00000048, 8), 8), Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4),
o_and(
o_sub(
Mem(o_add(Const(0x20000000, 8), Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8), Const(0x00000008,
8)),
Const(0x00000048, 8), 8), Const(0x00000008,
8)),
Const(0x00000001, 8), 8), 8), Const(0xffffffff, 4), 4),
o_xor(
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8), Const(0x00000030, 8),
8), Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)), Const(0x00000001, 8),
8), 8), Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8), Const(0x00000030, 8),
8), Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)), Const(0x00000001, 8),
8), 8), Const(0xffffffff, 4), 4), 4),
Const(0x00000001, 8),
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4), 4), Const(0x00000001, 8), 8),
Const(0x00000001, 8),
o_sub(
o_add(
o_xor(
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4),
o_and(
o_sub(
Mem(
o_add(Const(0x20000000, 8),
Const(0x00000030, 8), 8),
Const(0x00000008, 8)),
o_add(
Mem(
o_add(
Mem(Const(0x20000000, 8),
Const(0x00000008, 8)),
Const(0x00000048, 8), 8),
Const(0x00000008, 8)),
Const(0x00000001, 8), 8), 8),
Const(0xffffffff, 4), 4), 4), Const(0x00000001, 8),
8), Const(0x00000001, 8), 8)
]
ast.walkTree(walkTree_cb, ctx)
self.assertEqual(ctx['path'], flattened)
self.assertEqual(ctx['path'][-1], ast)