def __init__(self, binary):
self.__binary = binary
self.__arch_mode = self.__binary.architecture_mode
self.__arch = X86ArchitectureInformation(self.__arch_mode)
self.__disassembler = X86Disassembler(architecture_mode=self.__arch_mode)
self.__translator = X86Translator(architecture_mode=self.__arch_mode)
self.__bb_builder = CFGRecoverer(RecursiveDescent(self.__disassembler, self.__binary.text_section,
self.__translator, self.__arch))
def test_sample_2(self):
binary = BinaryFile(get_full_path("/data/bin/x86_sample_2"))
strategy = RecursiveDescent(self._disassembler, binary.text_section,
self._translator, self._arch_info)
recoverer = CFGRecoverer(strategy)
# Recover "main" function.
bbs, call_targets = recoverer.build(0x0804846d, 0x080484a3)
self.assertEquals(len(bbs), 4)
cfg = ControlFlowGraph(bbs, name="main")
self.assertEquals(cfg.start_address, 0x0804846d)
self.assertEquals(cfg.end_address, 0x080484a3)
self.assertEquals(len(cfg.basic_blocks), 4)
bb_entry = cfg.find_basic_block(0x0804846d)
self.assertEquals(len(bb_entry.branches), 2)
self.assertEquals(bb_entry.taken_branch, 0x08048491)
self.assertEquals(bb_entry.not_taken_branch, 0x0804848a)
bb_taken = cfg.find_basic_block(0x08048491)
self.assertEquals(len(bb_taken.branches), 1)
self.assertEquals(bb_taken.taken_branch, None)
self.assertEquals(bb_taken.not_taken_branch, None)
self.assertEquals(bb_taken.direct_branch, 0x08048496)
bb_not_taken = cfg.find_basic_block(0x0804848a)
self.assertEquals(len(bb_not_taken.branches), 1)
self.assertEquals(bb_not_taken.taken_branch, None)
self.assertEquals(bb_not_taken.not_taken_branch, None)
self.assertEquals(bb_not_taken.direct_branch, 0x08048496)
# Recover "func_1" function.
bbs, call_targets = recoverer.build(0x0804843b, 0x8048453)
self.assertEquals(len(bbs), 1)
cfg = ControlFlowGraph(bbs, name="main")
self.assertEquals(cfg.start_address, 0x0804843b)
self.assertEquals(cfg.end_address, 0x8048453)
self.assertEquals(len(cfg.basic_blocks), 1)
# Recover "func_2" function.
bbs, call_targets = recoverer.build(0x08048454, 0x0804846c)
self.assertEquals(len(bbs), 1)
cfg = ControlFlowGraph(bbs, name="main")
self.assertEquals(cfg.start_address, 0x08048454)
self.assertEquals(cfg.end_address, 0x0804846c)
self.assertEquals(len(cfg.basic_blocks), 1)
def test_sample_1(self):
binary = BinaryFile(get_full_path("/data/bin/x86_sample_1"))
strategy = RecursiveDescent(self._disassembler, binary.text_section,
self._translator, self._arch_info)
recoverer = CFGRecoverer(strategy)
bbs, call_targets = recoverer.build(0x0804840b, 0x08048438)
self.assertEquals(len(bbs), 1)
cfg = ControlFlowGraph(bbs, name="main")
self.assertEquals(cfg.start_address, 0x0804840b)
self.assertEquals(cfg.end_address, 0x08048438)
self.assertEquals(len(cfg.basic_blocks), 1)
def setUp(self):
self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)
self._operand_size = self._arch_info.operand_size
self._memory = Memory()
self._smt_solver = SmtSolver()
self._smt_translator = SmtTranslator(self._smt_solver,
self._operand_size)
self._smt_translator.set_arch_alias_mapper(
self._arch_info.alias_mapper)
self._smt_translator.set_arch_registers_size(
self._arch_info.registers_size)
self._disasm = X86Disassembler()
self._ir_translator = X86Translator()
self._bb_builder = CFGRecoverer(
RecursiveDescent(self._disasm, self._memory, self._ir_translator,
self._arch_info))
def __init__(self, binary, symbols):
self.__binary = binary
self.__arch_mode = self.__binary.architecture_mode
self.__arch = X86ArchitectureInformation(self.__arch_mode)
self.__disassembler = X86Disassembler(architecture_mode=self.__arch_mode)
self.__translator = X86Translator(architecture_mode=self.__arch_mode)
self.__bb_builder = CFGRecoverer(RecursiveDescent(self.__disassembler, self.__binary.text_section,
self.__translator, self.__arch))
self.__container = {}
self.__symbols = symbols
self.__symbols_by_addr = {}
for name, start, end in symbols:
self.__symbols_by_addr[start] = (name, end)