def __run_code(self, asm_list, address, ctx_init): reil_instrs = self.__asm_to_reil(asm_list, address) _, arm_ctx_out, _ = pyasmjit.arm_execute("\n".join(asm_list), ctx_init) reil_ctx_out, _ = self.reil_emulator.execute(reil_instrs, start=address << 8, registers=ctx_init) return arm_ctx_out, reil_ctx_out
def _run_code(self, asm_list, address, ctx_init): reil_instrs = self._asm_to_reil(asm_list, address) _, arm_ctx_out, _ = pyasmjit.arm_execute("\n".join(asm_list), ctx_init) reil_ctx_out, _ = self.reil_emulator.execute(reil_instrs, start=address << 8, registers=ctx_init) return arm_ctx_out, reil_ctx_out
def test_add(self): code = """ add r7, r7, r8 """ ctx_in = { 'r7': 0x1, 'r8': 0x2, } rv, ctx_out, _ = pyasmjit.arm_execute(code, ctx_in) self.assertEqual(0x3, ctx_out['r7'])
def _test_asm_instruction_with_mem(self, asm, reg_mem): print(asm) mem_dir = pyasmjit.arm_alloc(4096) arm_instrs = map(self.arm_parser.parse, asm) self.__set_address(0xdeadbeef, arm_instrs) reil_instrs = map(self.arm_translator.translate, arm_instrs) ctx_init = self.__init_context() ctx_init[reg_mem] = mem_dir arm_rv, arm_ctx_out, arm_mem_out = pyasmjit.arm_execute( "\n".join(asm), ctx_init) self.reil_emulator._mem._memory = { } # TODO: Check how to clean emulator memory. reil_ctx_out, reil_mem_out = self.reil_emulator.execute( reil_instrs, 0xdeadbeef << 8, context=ctx_init) base_dir = mem_dir for idx, b in enumerate( struct.unpack("B" * len(arm_mem_out), arm_mem_out)): if ( base_dir + idx ) in reil_mem_out._memory: # TODO: Don't access variable directly. self.assertTrue(b == reil_mem_out._memory[base_dir + idx]) else: self.assertTrue( b == 0x0) # Memory in pyasmjit is initialized to 0 cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue( cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out)) pyasmjit.arm_free( ) # There is only one memory pool, so there is no need (for now) to specify the address
def __test_asm_instruction_with_mem(self, asm_list, address_register): # TODO: Merge with previous test function. mem_addr = pyasmjit.arm_alloc(4096) self.reil_emulator.reset() reil_instrs = self.__asm_to_reil(asm_list, 0xdeadbeef) ctx_init = self.__init_context() ctx_init[address_register] = mem_addr _, arm_ctx_out, arm_mem_out = pyasmjit.arm_execute( "\n".join(asm_list), ctx_init) reil_ctx_out, reil_mem_out = self.reil_emulator.execute( reil_instrs, 0xdeadbeef << 8, registers=ctx_init) base_addr = mem_addr for idx, b in enumerate( struct.unpack("B" * len(arm_mem_out), arm_mem_out)): addr = base_addr + idx # TODO: Don't access variable directly. if addr in reil_mem_out._memory: self.assertTrue(b == reil_mem_out.read(addr, 1)) else: # Memory in pyasmjit is initialized to 0. self.assertTrue(b == 0x0) cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue( cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out)) # NOTE: There is only one memory pool, so there is no need # (for now) to specify the address. pyasmjit.arm_free()
def _test_asm_instruction_with_mem(self, asm, reg_mem): print(asm) mem_dir = pyasmjit.arm_alloc(4096) arm_instrs = map(self.arm_parser.parse, asm) self.__set_address(0xdeadbeef, arm_instrs) reil_instrs = map(self.arm_translator.translate, arm_instrs) ctx_init = self.__init_context() ctx_init[reg_mem] = mem_dir arm_rv, arm_ctx_out, arm_mem_out = pyasmjit.arm_execute("\n".join(asm), ctx_init) self.reil_emulator._mem._memory = {} # TODO: Check how to clean emulator memory. reil_ctx_out, reil_mem_out = self.reil_emulator.execute( reil_instrs, 0xdeadbeef << 8, context=ctx_init ) base_dir = mem_dir for idx, b in enumerate(struct.unpack("B" * len(arm_mem_out), arm_mem_out)): if (base_dir + idx) in reil_mem_out._memory: # TODO: Don't access variable directly. self.assertTrue(b == reil_mem_out._memory[base_dir + idx]) else: self.assertTrue(b == 0x0) # Memory in pyasmjit is initialized to 0 cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue(cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out)) pyasmjit.arm_free() # There is only one memory pool, so there is no need (for now) to specify the address
def __test_asm_instruction_with_mem(self, asm_list, address_register): # TODO: Merge with previous test function. mem_addr = pyasmjit.arm_alloc(4096) self.reil_emulator.reset() reil_instrs = self.__asm_to_reil(asm_list, 0xdeadbeef) ctx_init = self.__init_context() ctx_init[address_register] = mem_addr _, arm_ctx_out, arm_mem_out = pyasmjit.arm_execute("\n".join(asm_list), ctx_init) reil_ctx_out, reil_mem_out = self.reil_emulator.execute(reil_instrs, 0xdeadbeef << 8, registers=ctx_init) base_addr = mem_addr for idx, b in enumerate(struct.unpack("B" * len(arm_mem_out), arm_mem_out)): addr = base_addr + idx # TODO: Don't access variable directly. if addr in reil_mem_out._memory: self.assertTrue(b == reil_mem_out.read(addr, 1)) else: # Memory in pyasmjit is initialized to 0. self.assertTrue(b == 0x0) cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue(cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out)) # NOTE: There is only one memory pool, so there is no need # (for now) to specify the address. pyasmjit.arm_free()
def _test_asm_instruction(self, asm): print(asm) arm_instrs = map(self.arm_parser.parse, asm) self.__set_address(0xdeadbeef, arm_instrs) reil_instrs = map(self.arm_translator.translate, arm_instrs) ctx_init = self.__init_context() arm_rv, arm_ctx_out, _ = pyasmjit.arm_execute("\n".join(asm), ctx_init) reil_ctx_out, reil_mem_out = self.reil_emulator.execute( reil_instrs, 0xdeadbeef << 8, context=ctx_init) cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue( cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out))
def _test_asm_instruction(self, asm): print(asm) arm_instrs = map(self.arm_parser.parse, asm) self.__set_address(0xdeadbeef, arm_instrs) reil_instrs = map(self.arm_translator.translate, arm_instrs) ctx_init = self.__init_context() arm_rv, arm_ctx_out, _ = pyasmjit.arm_execute("\n".join(asm), ctx_init) reil_ctx_out, reil_mem_out = self.reil_emulator.execute( reil_instrs, 0xdeadbeef << 8, context=ctx_init ) cmp_result = self.__compare_contexts(ctx_init, arm_ctx_out, reil_ctx_out) if not cmp_result: self.__save_failing_context(ctx_init) self.assertTrue(cmp_result, self.__print_contexts(ctx_init, arm_ctx_out, reil_ctx_out))
movs r8, r2, lsl #31 mov r7, #0x7FFFFFFF mov r8, #0x7FFFFFFF adds r7, r7, r8 #subs r10, r10, #0xFFFFFFFF """ context_in = { 'r0': 0x0, 'r1': 0x1, 'r2': 0x2, 'r3': 0x3, 'r4': 0x4, 'r5': 0x5, 'r6': 0x6, 'r7': 0x7, 'r8': 0x8, 'r9': 0x9, 'r10': 0xa, 'r11': 0xb, 'r12': 0xc, 'apsr': 0x0, } print code print context_in rv, context_out, mem = pyasmjit.arm_execute(code, context_in) print context_out
movs r8, r2, lsl #31 mov r7, #0x7FFFFFFF mov r8, #0x7FFFFFFF adds r7, r7, r8 #subs r10, r10, #0xFFFFFFFF """ context_in = { 'r0' : 0x0, 'r1' : 0x1, 'r2' : 0x2, 'r3' : 0x3, 'r4' : 0x4, 'r5' : 0x5, 'r6' : 0x6, 'r7' : 0x7, 'r8' : 0x8, 'r9' : 0x9, 'r10' : 0xa, 'r11' : 0xb, 'r12' : 0xc, 'apsr' : 0x0, } print code print context_in rv, context_out, mem = pyasmjit.arm_execute(code, context_in) print context_out