def _simulate(self): # get branches branches = dasmutil.find_inst_addr(self.binary, ['br'], 0) # get fallthrough addresses fallthrough = dasmutil.find_inst_addr(self.binary, ['br'], 3) # map: branch -> fallthrough addr brf = {b: f for b, f in zip(branches, fallthrough)} print brf # main iteration: try: await = [] for i, addr in enumerate(simutil.trace(self.binary)): if addr in brf: # initialize with empty list if addr not in self.bittraces: self.bittraces[addr] = [] await .append((i + 3, addr, brf[addr])) if len(await) > 0 and await [0][0] == i: x = await .pop(0) self.bittraces[x[1]].append(1 if x[2] != addr else 0) except simutil.SimError: # ignore exit code (if the application returns other than 0) pass
def _simulate(self): # get branches branches = dasmutil.find_inst_addr(self.binary, ['br'], 0) # get fallthrough addresses fallthrough = dasmutil.find_inst_addr(self.binary, ['br'], 3) # map: branch -> fallthrough addr brf = { b:f for b, f in zip(branches, fallthrough) } print brf # main iteration: try: await = [] for i, addr in enumerate(simutil.trace(self.binary)): if addr in brf: # initialize with empty list if addr not in self.bittraces: self.bittraces[addr] = [] await.append( (i+3, addr, brf[addr]) ) if len(await)>0 and await[0][0]==i: x = await.pop(0) self.bittraces[x[1]].append(1 if x[2]!=addr else 0) except simutil.SimError: # ignore exit code (if the application returns other than 0) pass
def __init__(self, binary): self.binary = binary self.Hist = dict() # addresses self.total = 0 self.maxcnt = 0 self.maxaddrlen = 0 self.checksum = checksum(binary) for addr in simutil.trace(self.binary): self._put(addr)
def _simulate(self): bbs_a = self.bb_map() funcs_a = self.func_map() funcs_lst = sorted(funcs_a.keys()) # temporary pointers for the iteration last_bb = None last_func = None callstack = [] # main iteration: build up tables (adjacency lists, special sets) try: for addr in simutil.trace(self.binary): iaddr = int(addr,16) if iaddr in bbs_a: cur_bb = iaddr # function call? # - no need to check if last inst was a call point: # loops don't target function entries (prologue) if iaddr in funcs_a: callstack.append( (last_func, last_bb) ) cur_func = iaddr cur_func_name = funcs_a[cur_func][1] if cur_func_name in self.observe_list and \ cur_func not in self.edges: self.edges[cur_func] = dict() self.call_edges.add( (last_bb, cur_bb) ) else: # check if function changed, if so then it must be a RET cur_func = find_le(funcs_lst, iaddr) if cur_func == last_func: # normal inst, nothing to update continue assert( cur_func == callstack[-1][0] ) cur_func, cur_bb = callstack.pop() self.ret_edges.add( (last_bb, cur_bb) ) # update transitions if last_func in self.edges: self._update_edge(last_func, last_bb, cur_bb) last_bb = cur_bb last_func = cur_func except simutil.SimError: # ignore exit code (if the application returns other than 0) pass
def _simulate(self): bbs_a = self.bb_map() funcs_a = self.func_map() funcs_lst = sorted(funcs_a.keys()) # temporary pointers for the iteration last_bb = None last_func = None callstack = [] # main iteration: build up tables (adjacency lists, special sets) try: for addr in simutil.trace(self.binary): iaddr = int(addr, 16) if iaddr in bbs_a: cur_bb = iaddr # function call? # - no need to check if last inst was a call point: # loops don't target function entries (prologue) if iaddr in funcs_a: callstack.append((last_func, last_bb)) cur_func = iaddr cur_func_name = funcs_a[cur_func][1] if cur_func_name in self.observe_list and \ cur_func not in self.edges: self.edges[cur_func] = dict() self.call_edges.add((last_bb, cur_bb)) else: # check if function changed, if so then it must be a RET cur_func = find_le(funcs_lst, iaddr) if cur_func == last_func: # normal inst, nothing to update continue assert (cur_func == callstack[-1][0]) cur_func, cur_bb = callstack.pop() self.ret_edges.add((last_bb, cur_bb)) # update transitions if last_func in self.edges: self._update_edge(last_func, last_bb, cur_bb) last_bb = cur_bb last_func = cur_func except simutil.SimError: # ignore exit code (if the application returns other than 0) pass