def prepare(self):
"""Prepare the environment for attachment with a jitter"""
# Disassembler
self.mdis = self.machine.dis_engine(bin_stream_vm(self.jitter.vm),
lines_wd=1,
loc_db=self.loc_db)
# Symbexec engine
## Prepare symbexec engines
self.symb = self.SYMB_ENGINE(self.jitter.cpu, self.jitter.vm,
self.ir_arch, {})
self.symb.enable_emulated_simplifications()
self.symb_concrete = EmulatedSymbExec(
self.jitter.cpu, self.jitter.vm,
self.ir_arch, {}
)
### Avoid side effects on jitter while using 'symb_concrete'
self.symb_concrete.func_write = None
## Update registers value
self.symb.symbols[self.ir_arch.IRDst] = ExprInt(
getattr(self.jitter.cpu, self.ir_arch.pc.name),
self.ir_arch.IRDst.size
)
# Avoid memory write
self.symb.func_write = None
# Activate callback on each instr
self.jitter.jit.set_options(max_exec_per_call=1, jit_maxline=1)
self.jitter.exec_cb = self.callback
# Clean jit cache to avoid multi-line basic blocks already jitted
self.jitter.jit.clear_jitted_blocks()
def __init__(self, ir_arch, jit_type="tcc"):
"""Init an instance of jitter.
@ir_arch: ir instance for this architecture
@jit_type: JiT backend to use. Available options are:
- "tcc"
- "llvm"
- "python"
"""
self.arch = ir_arch.arch
self.attrib = ir_arch.attrib
arch_name = ir_arch.arch.name # (ir_arch.arch.name, ir_arch.attrib)
if arch_name == "x86":
from miasm2.jitter.arch import JitCore_x86 as jcore
elif arch_name == "arm":
from miasm2.jitter.arch import JitCore_arm as jcore
elif arch_name == "aarch64":
from miasm2.jitter.arch import JitCore_aarch64 as jcore
elif arch_name == "msp430":
from miasm2.jitter.arch import JitCore_msp430 as jcore
elif arch_name == "mips32":
from miasm2.jitter.arch import JitCore_mips32 as jcore
else:
raise ValueError("unsupported jit arch!")
self.vm = VmMngr.Vm()
self.cpu = jcore.JitCpu()
self.bs = bin_stream_vm(self.vm)
self.ir_arch = ir_arch
init_arch_C(self.arch)
if jit_type == "tcc":
self.jit = JitCore_Tcc(self.ir_arch, self.bs)
elif jit_type == "llvm":
self.jit = JitCore_LLVM(self.ir_arch, self.bs)
elif jit_type == "python":
self.jit = JitCore_Python(self.ir_arch, self.bs)
else:
raise Exception("Unkown JiT Backend")
self.cpu.init_regs()
self.vm.init_memory_page_pool()
self.vm.init_code_bloc_pool()
self.vm.init_memory_breakpoint()
self.vm.set_addr2obj(self.jit.addr2obj)
self.jit.load()
self.cpu.vmmngr = self.vm
self.cpu.jitter = self.jit
self.stack_size = 0x10000
self.stack_base = 0x1230000
# Init callback handler
self.breakpoints_handler = CallbackHandler()
self.exceptions_handler = CallbackHandlerBitflag()
self.init_exceptions_handler()
self.exec_cb = None
def prepare(self):
"""Prepare the environment for attachment with a jitter"""
# Disassembler
self.mdis = self.machine.dis_engine(bin_stream_vm(self.jitter.vm),
lines_wd=1)
# Symbexec engine
## Prepare symbexec engines
self.symb = self.SYMB_ENGINE(self.jitter.cpu, self.jitter.vm,
self.ir_arch, {})
self.symb.enable_emulated_simplifications()
self.symb_concrete = EmulatedSymbExec(self.jitter.cpu, self.jitter.vm,
self.ir_arch, {})
## Update registers value
self.symb.symbols[self.ir_arch.IRDst] = ExprInt(getattr(self.jitter.cpu,
self.ir_arch.pc.name),
self.ir_arch.IRDst.size)
# Avoid memory write
self.symb.func_write = None
# Activate callback on each instr
self.jitter.jit.set_options(max_exec_per_call=1, jit_maxline=1)
self.jitter.exec_cb = self.callback
def __init__(self, ir_arch, jit_type="tcc"):
"""Init an instance of jitter.
@ir_arch: ir instance for this architecture
@jit_type: JiT backend to use. Available options are:
- "tcc"
- "llvm"
- "python"
"""
self.arch = ir_arch.arch
self.attrib = ir_arch.attrib
arch_name = ir_arch.arch.name # (ir_arch.arch.name, ir_arch.attrib)
if arch_name == "x86":
from miasm2.jitter.arch import JitCore_x86 as jcore
elif arch_name == "arm":
from miasm2.jitter.arch import JitCore_arm as jcore
elif arch_name == "aarch64":
from miasm2.jitter.arch import JitCore_aarch64 as jcore
elif arch_name == "msp430":
from miasm2.jitter.arch import JitCore_msp430 as jcore
elif arch_name == "mips32":
from miasm2.jitter.arch import JitCore_mips32 as jcore
else:
raise ValueError("unsupported jit arch!")
self.vm = VmMngr.Vm()
self.cpu = jcore.JitCpu()
self.bs = bin_stream_vm(self.vm)
self.ir_arch = ir_arch
init_arch_C(self.arch)
if jit_type == "tcc":
self.jit = JitCore_Tcc(self.ir_arch, self.bs)
elif jit_type == "llvm":
self.jit = JitCore_LLVM(self.ir_arch, self.bs)
elif jit_type == "python":
self.jit = JitCore_Python(self.ir_arch, self.bs)
else:
raise Exception("Unkown JiT Backend")
self.cpu.init_regs()
self.vm.init_memory_page_pool()
self.vm.init_code_bloc_pool()
self.vm.init_memory_breakpoint()
self.vm.set_addr2obj(self.jit.addr2obj)
self.jit.load()
self.cpu.vmmngr = self.vm
self.cpu.jitter = self.jit
self.stack_size = 0x10000
self.stack_base = 0x1230000
# Init callback handler
self.breakpoints_handler = CallbackHandler()
self.exceptions_handler = CallbackHandlerBitflag()
self.init_exceptions_handler()
self.exec_cb = None
def __init__(self, ir_arch, jit_type="gcc"):
"""Init an instance of jitter.
@ir_arch: ir instance for this architecture
@jit_type: JiT backend to use. Available options are:
- "gcc"
- "tcc"
- "llvm"
- "python"
"""
self.arch = ir_arch.arch
self.attrib = ir_arch.attrib
arch_name = ir_arch.arch.name # (ir_arch.arch.name, ir_arch.attrib)
try:
if arch_name == "x86":
from miasm2.jitter.arch import JitCore_x86 as jcore
elif arch_name == "arm":
from miasm2.jitter.arch import JitCore_arm as jcore
elif arch_name == "aarch64":
from miasm2.jitter.arch import JitCore_aarch64 as jcore
elif arch_name == "msp430":
from miasm2.jitter.arch import JitCore_msp430 as jcore
elif arch_name == "mips32":
from miasm2.jitter.arch import JitCore_mips32 as jcore
else:
raise ValueError("unknown jit arch: %s" % arch_name)
except ImportError:
raise RuntimeError('Unsupported jit arch: %s' % arch_name)
self.vm = VmMngr.Vm()
self.cpu = jcore.JitCpu()
self.ir_arch = ir_arch
self.bs = bin_stream_vm(self.vm)
self.symbexec = EmulatedSymbExec(self.cpu, self.vm, self.ir_arch, {})
self.symbexec.reset_regs()
try:
if jit_type == "tcc":
from miasm2.jitter.jitcore_tcc import JitCore_Tcc as JitCore
elif jit_type == "llvm":
from miasm2.jitter.jitcore_llvm import JitCore_LLVM as JitCore
elif jit_type == "python":
from miasm2.jitter.jitcore_python import JitCore_Python as JitCore
elif jit_type == "gcc":
from miasm2.jitter.jitcore_gcc import JitCore_Gcc as JitCore
else:
raise ValueError("Unknown jitter %s" % jit_type)
except ImportError:
raise RuntimeError('Unsupported jitter: %s' % jit_type)
self.jit = JitCore(self.ir_arch, self.bs)
if isinstance(self.jit, JitCore_Cc_Base):
self.jit.init_codegen(self.C_Gen(self.ir_arch))
elif jit_type == "python":
self.jit.set_cpu_vm(self.cpu, self.vm)
self.cpu.init_regs()
self.vm.init_memory_page_pool()
self.vm.init_code_bloc_pool()
self.vm.init_memory_breakpoint()
self.jit.load()
self.cpu.vmmngr = self.vm
self.cpu.jitter = self.jit
self.stack_size = 0x10000
self.stack_base = 0x1230000
# Init callback handler
self.breakpoints_handler = CallbackHandler()
self.exceptions_handler = CallbackHandlerBitflag()
self.init_exceptions_handler()
self.exec_cb = None
def __init__(self, ir_arch, jit_type="tcc"):
"""Init an instance of jitter.
@ir_arch: ir instance for this architecture
@jit_type: JiT backend to use. Available options are:
- "tcc"
- "gcc"
- "llvm"
- "python"
"""
self.arch = ir_arch.arch
self.attrib = ir_arch.attrib
arch_name = ir_arch.arch.name # (ir_arch.arch.name, ir_arch.attrib)
try:
if arch_name == "x86":
from miasm2.jitter.arch import JitCore_x86 as jcore
elif arch_name == "arm":
from miasm2.jitter.arch import JitCore_arm as jcore
elif arch_name == "aarch64":
from miasm2.jitter.arch import JitCore_aarch64 as jcore
elif arch_name == "msp430":
from miasm2.jitter.arch import JitCore_msp430 as jcore
elif arch_name == "mips32":
from miasm2.jitter.arch import JitCore_mips32 as jcore
else:
raise ValueError("unknown jit arch: %s" % arch_name)
except ImportError:
raise RuntimeError('Unsupported jit arch: %s' % arch_name)
self.vm = VmMngr.Vm()
self.cpu = jcore.JitCpu()
self.ir_arch = ir_arch
self.bs = bin_stream_vm(self.vm)
self.symbexec = EmulatedSymbExec(self.cpu, self.vm, self.ir_arch, {})
self.symbexec.reset_regs()
try:
if jit_type == "tcc":
from miasm2.jitter.jitcore_tcc import JitCore_Tcc as JitCore
elif jit_type == "llvm":
from miasm2.jitter.jitcore_llvm import JitCore_LLVM as JitCore
elif jit_type == "python":
from miasm2.jitter.jitcore_python import JitCore_Python as JitCore
elif jit_type == "gcc":
from miasm2.jitter.jitcore_gcc import JitCore_Gcc as JitCore
else:
raise ValueError("Unknown jitter %s" % jit_type)
except ImportError:
raise RuntimeError('Unsupported jitter: %s' % jit_type)
self.jit = JitCore(self.ir_arch, self.bs)
if isinstance(self.jit, JitCore_Cc_Base):
self.jit.init_codegen(self.C_Gen(self.ir_arch))
elif jit_type == "python":
self.jit.set_cpu_vm(self.cpu, self.vm)
self.cpu.init_regs()
self.vm.init_memory_page_pool()
self.vm.init_code_bloc_pool()
self.vm.init_memory_breakpoint()
self.jit.load()
self.cpu.vmmngr = self.vm
self.cpu.jitter = self.jit
self.stack_size = 0x10000
self.stack_base = 0x1230000
# Init callback handler
self.breakpoints_handler = CallbackHandler()
self.exceptions_handler = CallbackHandlerBitflag()
self.init_exceptions_handler()
self.exec_cb = None
def prepare_symbexec(self, jitter, return_addr):
# Activate callback on each instr
jitter.jit.set_options(max_exec_per_call=1, jit_maxline=1)
#jitter.jit.log_mn = True
#jitter.jit.log_regs = True
jitter.exec_cb = self.callback
# Disassembler
self.mdis = self.machine.dis_engine(bin_stream_vm(jitter.vm),
lines_wd=1)
# Symbexec engine
## Prepare the symbexec engine
self.symb_ir = self.machine.ir()
self.symb = EmulatedSymbExecWithModif(jitter.cpu, jitter.vm, self.symb_ir, {})
self.symb.enable_emulated_simplifications()
## Update registers value
self.symb.reset_regs()
self.symb.update_engine_from_cpu()
## Load the memory as ExprMem
self.symb.func_read = None
self.symb.func_write = None
for base_addr, mem_segment in jitter.vm.get_all_memory().iteritems():
# Split into 8 bytes chunk for get_mem_overlapping
for start in xrange(0, mem_segment["size"], 8):
expr_mem = m2_expr.ExprMem(m2_expr.ExprInt(base_addr + start,
size=64),
size=8*min(8, mem_segment["size"] - start))
# Its initialisation, self.symb.apply_change is not necessary
self.symb.symbols[expr_mem] = self.symb._func_read(expr_mem)
## Save the initial state
self.symbols_init = self.symb.symbols.copy()
## Save the returning address
self.return_addr = return_addr
# Inject argument
self.init_values = {}
struct_expr_types = {}
self.args_symbols = []
for i, param_name in enumerate(self.prototype.args_order):
cur_arg_abi = self.get_arg_n(i)
cur_arg = m2_expr.ExprId("arg%d_%s" % (i, param_name),
size=cur_arg_abi.size)
self.init_values[cur_arg] = self.symb.eval_expr(cur_arg_abi)
arg_type = self.prototype.args[param_name]
if objc_is_dereferenceable(arg_type):
# Convert the argument to symbol to track access based on it
self.symb.apply_change(cur_arg_abi, cur_arg)
struct_expr_types[cur_arg.name] = arg_type
self.args_symbols.append(cur_arg)
# Init Expr <-> C conversion
# Strict access is deliberately not enforced (example: memcpy(struct))
self.c_handler = CHandler(self.types, struct_expr_types,
enforce_strict_access=False)
# Init output structures
self.memories_read = set()
self.memories_write = set()
def prepare_symbexec(self, jitter, return_addr):
# Activate callback on each instr
jitter.jit.set_options(max_exec_per_call=1, jit_maxline=1)
#jitter.jit.log_mn = True
#jitter.jit.log_regs = True
jitter.exec_cb = self.callback
# Disassembler
self.mdis = self.machine.dis_engine(bin_stream_vm(jitter.vm),
lines_wd=1)
# Symbexec engine
## Prepare the symbexec engine
self.symb_ir = self.machine.ir()
self.symb = EmulatedSymbExecWithModif(jitter.cpu, jitter.vm,
self.symb_ir, {})
self.symb.enable_emulated_simplifications()
## Update registers value
self.symb.reset_regs()
self.symb.update_engine_from_cpu()
## Load the memory as ExprMem
self.symb.func_read = None
self.symb.func_write = None
for base_addr, mem_segment in jitter.vm.get_all_memory().iteritems():
# Split into 8 bytes chunk for get_mem_overlapping
for start in xrange(0, mem_segment["size"], 8):
expr_mem = m2_expr.ExprMem(m2_expr.ExprInt(base_addr + start,
size=64),
size=8 *
min(8, mem_segment["size"] - start))
# Its initialisation, self.symb.apply_change is not necessary
self.symb.symbols[expr_mem] = self.symb._func_read(expr_mem)
## Save the initial state
self.symbols_init = self.symb.symbols.copy()
## Save the returning address
self.return_addr = return_addr
# Inject argument
# TODO
# TODO: use abicls
abi_order = ["RDI", "RSI", "RDX", "RCX", "R8", "R9"]
self.init_values = {}
struct_expr_types = {}
self.args_symbols = []
for i, param_name in enumerate(self.prototype.args_order):
cur_arg_abi = getattr(self.ira.arch.regs, abi_order[i])
cur_arg = m2_expr.ExprId("arg%d_%s" % (i, param_name),
size=cur_arg_abi.size)
arg_type = self.prototype.args[param_name]
if objc_is_dereferenceable(arg_type):
# Convert the argument to symbol to track access based on it
self.init_values[cur_arg] = self.symb.symbols[cur_arg_abi]
self.symb.apply_change(cur_arg_abi, cur_arg)
struct_expr_types[cur_arg.name] = arg_type
self.args_symbols.append(cur_arg)
# Init Expr <-> C conversion
# Strict access is deliberately not enforced (example: memcpy(struct))
self.c_handler = CHandler(self.types,
struct_expr_types,
enforce_strict_access=False)
# Init output structures
self.memories_read = set()
self.memories_write = set()
