def __initialize_analyzer(self): self.__smt_solver = Z3Solver() self.__smt_translator = SmtTranslator(self.__smt_solver, self.__arch.address_size) self.__smt_translator.set_arch_alias_mapper(self.__arch.alias_mapper) self.__smt_translator.set_arch_registers_size(self.__arch.registers_size) self.__code_analyzer = CodeAnalyzer(self.__smt_solver, self.__smt_translator, self.__arch)
def setUp(self): self._address_size = 32 self._parser = ReilParser() self._solver = SmtSolver() self._translator = SmtTranslator(self._solver, self._address_size) self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32) self._translator.set_arch_alias_mapper(self._arch_info.alias_mapper) self._translator.set_arch_registers_size(self._arch_info.registers_size)
def setUp(self): self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32) self._operand_size = self._arch_info.operand_size self._memory = MemoryMock() self._smt_solver = SmtSolver() self._smt_translator = SmtTranslator(self._smt_solver, self._operand_size) self._smt_translator.set_arch_alias_mapper(self._arch_info.alias_mapper) self._smt_translator.set_arch_registers_size(self._arch_info.registers_size) self._disasm = X86Disassembler() self._ir_translator = X86Translator() self._bb_builder = BasicBlockBuilder(self._disasm, self._memory, self._ir_translator)
def setUp(self): self._arch_info = ArmArchitectureInformation(ARCH_ARM_MODE_ARM) self._smt_solver = SmtSolver() self._smt_translator = SmtTranslator(self._smt_solver, self._arch_info.address_size) self._ir_emulator = ReilEmulator(self._arch_info) self._smt_translator.set_arch_alias_mapper(self._arch_info.alias_mapper) self._smt_translator.set_arch_registers_size(self._arch_info.registers_size) self._code_analyzer = CodeAnalyzer(self._smt_solver, self._smt_translator, self._arch_info) self._g_classifier = GadgetClassifier(self._ir_emulator, self._arch_info) self._g_verifier = GadgetVerifier(self._code_analyzer, self._arch_info)
def setUp(self): self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32) self._smt_solver = SmtSolver() self._smt_translator = SmtTranslator(self._smt_solver, self._arch_info.address_size) self._smt_translator.set_arch_alias_mapper( self._arch_info.alias_mapper) self._smt_translator.set_arch_registers_size( self._arch_info.registers_size) self._x86_parser = X86Parser(ARCH_X86_MODE_32) self._x86_translator = X86Translator(ARCH_X86_MODE_32) self._code_analyzer = CodeAnalyzer(self._smt_solver, self._smt_translator, self._arch_info)
def setUp(self): self._address_size = 32 self._parser = ReilParser() self._solver = SmtSolver() self._translator = SmtTranslator(self._solver, self._address_size)
def barf_classify(gadget_map, printout=True): arch_mode = ARCH_X86_MODE_32 arch_info = X86ArchitectureInformation(arch_mode) translator = X86Translator(arch_mode) instruction_parser = X86Parser(arch_mode) ir_emulator = ReilEmulator(arch_info) classifier = GadgetClassifier(ir_emulator, arch_info) raw_gadgets = {} typed_gadgets = [] for _, gadget in gadget_map.items(): # Translation cycle: from my emulator to BARF representation classifiable = False barf_instr_list = [] for _, instr in gadget.instructions.items(): # Parse a ROPInstruction into the BARF representation of an x86 instruction barf_instr = instruction_parser.parse("{} {}".format( instr.mnemonic, instr.op_str)) barf_instr.address = instr.address try: # Translate an x86 instruction into a list of REIL instructions reil_transl_instrs = translator.translate(barf_instr) barf_instr.ir_instrs = reil_transl_instrs classifiable = True except TranslationError: classifiable = False finally: barf_instr_list.append(barf_instr) # Classification of the gadgets barf_g = RawGadget(barf_instr_list) raw_gadgets[barf_g.address] = barf_g if classifiable: classified = classifier.classify(barf_g) for tg in classified: typed_gadgets.append(tg) if printout: print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr', True, 'Raw Gadgets', False) verified = [] unverified = [] solver = Z3Solver() translator = SmtTranslator(solver, arch_info.address_size) code_analyzer = CodeAnalyzer(solver, translator, arch_info) verifier = GadgetVerifier(code_analyzer, arch_info) for tg in typed_gadgets: if verifier.verify(tg): verified.append(tg) else: unverified.append(tg) print_gadgets_typed(verified, sys.stdout, arch_info.address_size, 'Verified classification') print_gadgets_typed(unverified, sys.stdout, arch_info.address_size, 'Unverified classification') for tg in typed_gadgets: if tg.address in raw_gadgets: raw_gadgets.pop(tg.address) print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr', False, 'Not classified', False) return {tg.address: tg for tg in typed_gadgets}