def test_fauxware(): amd64 = archinfo.arch_from_id('amd64') args = { 'i386': [ ('authenticate', SimCCCdecl( archinfo.arch_from_id('i386'), args=[SimStackArg(4, 4), SimStackArg(8, 4)], sp_delta=4, ret_val=SimRegArg('eax', 4), ) ), ], 'x86_64': [ ('authenticate', SimCCSystemVAMD64( amd64, args=[SimRegArg('rdi', 8), SimRegArg('rsi', 8)], sp_delta=8, ret_val=SimRegArg('rax', 8), ) ), ], } for arch, lst in args.items(): yield run_fauxware, arch, lst
def test_x86_saved_regs(): # Calling convention analysis should be able to determine calling convention of functions with registers saved on # the stack. binary_path = os.path.join(test_location, "tests", "cgc", "NRFIN_00036") proj = angr.Project(binary_path, auto_load_libs=False) cfg = proj.analyses.CFG() func = cfg.functions[0x80494f0] # int2str proj.analyses.VariableRecoveryFast(func) cca = proj.analyses.CallingConvention(func) cc = cca.cc assert cc is not None, "Calling convention analysis failed to determine the calling convention of function " \ "0x80494f0." assert isinstance(cc, SimCCCdecl) assert len(cc.args) == 3 assert cc.args[0] == SimStackArg(4, 4) assert cc.args[1] == SimStackArg(8, 4) assert cc.args[2] == SimStackArg(12, 4) func_exit = cfg.functions[0x804a1a9] # exit proj.analyses.VariableRecoveryFast(func_exit) cca = proj.analyses.CallingConvention(func_exit) cc = cca.cc assert func_exit.returning is False assert cc is not None, "Calling convention analysis failed to determine the calling convention of function " \ "0x804a1a9." assert isinstance(cc, SimCCCdecl) assert len(cc.args) == 1 assert cc.args[0] == SimStackArg(4, 4)
class SimCCBPF(SimCC): ARG_REGS = [] FP_ARG_REGS = [] STACKARG_SP_DIFF = 0 RETURN_ADDR = SimStackArg(0, 4) RETURN_VAL = SimRegArg('acc', 4) ARCH = ArchBPF
class SimCCMSP430(SimCC): ARG_REGS = ['r15', 'r14', 'r13', 'r12'] FP_ARG_REGS = [] # TODO: ??? STACKARG_SP_DIFF = 2 RETURN_ADDR = SimStackArg(0, 2) RETURN_VAL = SimRegArg('r15', 2) ARCH = ArchMSP430
class SimCCRISCV(SimCC): ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'] FP_ARG_REGS = [] # expand in case the floating point extension is added STACK_ALIGNMENT = 16 RETURN_ADDR = SimStackArg(4, 4) RETURN_VAL = SimRegArg('ra', 4) ARCH = ArchRISCV
class SimCCRISCV(SimCC): ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'] FP_ARG_REGS = [] # TODO: ??? STACK_ALIGNMENT = 16 RETURN_ADDR = SimStackArg(4, 4) RETURN_VAL = SimRegArg('ra', 4) ARCH = ArchRISCV
class SimRISCVSyscall(SimCC): ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5'] RETURN_VAL = SimRegArg('a0', 4) RETURN_ADDR = SimStackArg(4, 4) ARCH = ArchRISCV @staticmethod def _match(arch, args, sp_delta): # pylint: disable=unused-argument # doesn't appear anywhere but syscalls return False @staticmethod def syscall_num(state): return state.regs.a7