def findDep(self, item):
arg = item.args[self.lastClickIndex]
address = item.address + item.instr.l
func = item.func
if func.ircfg is None:
func.ira = BinaryAnalysis.iraType(func.cfg.loc_db)
func.ircfg = func.ira.new_ircfg_from_asmcfg(func.cfg)
func.defUse = DiGraphDefUse(ReachingDefinitions(func.ircfg))
indexReg = eval('BinaryAnalysis.machine.mn.regs.regs' + str(arg.size).zfill(2) + '_expr').index(arg)
arg = eval('BinaryAnalysis.machine.mn.regs.regs' + str(BinaryAnalysis.disasmEngine.attrib).zfill(2) + '_expr')[
indexReg]
elements = set()
elements.add(arg)
depgraph = DependencyGraph(func.ircfg, implicit=False, apply_simp=True, follow_call=False, follow_mem=True)
currentLockey = next(iter(func.ircfg.getby_offset(address)))
assignblkIndex = 0
currentBlock = func.ircfg.get_block(currentLockey)
for assignblkIndex, assignblk in enumerate(currentBlock):
if assignblk.instr.offset == address:
break
outputLog = ''
for solNum, sol in enumerate(depgraph.get(currentBlock.loc_key, elements, assignblkIndex, set())):
results = sol.emul(func.ira, ctx={})
outputLog += 'Solution %d:\n' % solNum
for k, v in viewitems(results):
outputLog += str(k) + ' = ' + str(v) + '\n'
path = ' -> '.join(BinaryAnalysis.locDB.pretty_str(h) for h in sol.history[::-1])
outputLog += path + '\n\n'
self.log.emit(outputLog)
def recoverAlgorithm(self):
if self.normalIRCFG is None:
self.getNormalIRCFG()
newLocDB = LocationDB()
size = BinaryAnalysis.disasmEngine.attrib
newIRA = BinaryAnalysis.iraType(newLocDB)
newIRCFG = newIRA.new_ircfg()
numLockey = 0
head = LocKey(numLockey)
todo = [(self.address, head, {}, None)]
numLockey += 1
while todo:
nextTarget, lockey, state, preBlock = todo.pop()
nextTarget, state = self.symbolicExecution(self.normalIRA,
self.normalIRCFG,
nextTarget, state)
if isinstance(nextTarget, ExprCond):
newLockey1 = LocKey(numLockey)
newLockey2 = LocKey(numLockey + 1)
ir_dst = state[newIRCFG.IRDst]
new_cond = ExprCond(ir_dst.cond, ExprLoc(newLockey1, size),
ExprLoc(newLockey2, size))
state[newIRCFG.IRDst] = new_cond
numLockey += 2
newIRBlock = self.addIRBlock(newIRCFG, state, lockey)
state[newIRCFG.IRDst] = ir_dst
todo.append((nextTarget.src1, newLockey1, state, newIRBlock))
todo.append((nextTarget.src2, newLockey2, state, newIRBlock))
else:
self.addIRBlock(newIRCFG, state, lockey)
return newLocDB, newIRCFG
def taintAnalysis(self, item):
func = item.func
if func.ircfg is None:
func.ira = BinaryAnalysis.iraType(func.cfg.loc_db)
func.ircfg = func.ira.new_ircfg_from_asmcfg(func.cfg)
func.defUse = DiGraphDefUse(ReachingDefinitions(func.ircfg))
current_block = func.ircfg.get_block(item.block.loc_key)
index = 0
dstArg = None
for index, assignblk in enumerate(current_block):
if assignblk.instr.offset == item.address:
for dst, src in assignblk.items():
dstArg = dst
break
queue = [AssignblkNode(item.block.loc_key, index, dstArg)]
currentPoint = 0
endPoint = 0
while currentPoint <= endPoint:
node = queue[currentPoint]
currentPoint += 1
assign = func.ircfg.blocks[node.label][node.index]
self.focusAddress(assign.instr.offset, False)
for node2 in func.defUse.successors(node):
endPoint += 1
queue.append(node2)
def __init__(self, address, cfg):
self.rawIRA = BinaryAnalysis.iraType(cfg.loc_db)
self.normalIRA = BinaryAnalysis.iraType(cfg.loc_db)
self.ssaIRA = IRADelModCallStack(cfg.loc_db)
self.maxIRA1 = IRADelModCallStack(cfg.loc_db)
self.maxIRA2 = IRAOutRegs(cfg.loc_db)
self.rawIRCFG = self.rawIRA.new_ircfg_from_asmcfg(cfg)
self.normalIRCFG = None
self.ssaIRCFG = None
self.maxIRCFG = None
self.rawDefUse = DiGraphDefUse(ReachingDefinitions(self.rawIRCFG))
self.normalDefUse = None
self.ssaDefUse = None
self.maxDefUse = None
self.head = cfg.loc_db.get_offset_location(address)
self.address = address
self.cfg = cfg
def openFile(self):
""""
Open File, Load Function to ListFunction and Info
:return:
"""
try:
f = open('cache', 'r')
dir = f.read()
except FileNotFoundError:
dir = ''
file, _ = QFileDialog.getOpenFileName(
self,
"Open File",
dir,
"All File (*);;Python File (*.elf);;PE File (*.exe",
options=QFileDialog.DontUseNativeDialog)
if file:
dir = os.path.dirname(file)
open('cache', 'w').write(dir)
self.centralWidget = QWidget(self)
self.setCentralWidget(self.centralWidget)
QVBoxLayout(self.centralWidget)
allLayout = self.centralWidget.layout()
BinaryAnalysis.init(file)
self.outputLog = QTextEdit()
self.binInfo = QTextEdit()
self.binInfo.setReadOnly(True)
self.binInfo.setText(BinaryAnalysis.binaryInfo.info())
self.listFunctions = ListFuncs(BinaryAnalysis.funcs)
self.listFunctions.gotoFunc.connect(self.gotoAddress)
leftTopBottomSplitter = QSplitter(Qt.Vertical)
leftTopBottomSplitter.setSizePolicy(QSizePolicy.Minimum,
QSizePolicy.Minimum)
leftTopBottomSplitter.addWidget(self.binInfo)
leftTopBottomSplitter.addWidget(self.listFunctions)
leftTopBottomSplitter.setStretchFactor(0, 1)
leftTopBottomSplitter.setStretchFactor(1, 9)
leftRightSplitter = QSplitter()
self.mainTab = QTabWidget()
self.mainTab.setTabsClosable(True)
self.mainTab.tabCloseRequested.connect(self.closeTab)
self.mainTab.setSizePolicy(QSizePolicy.Expanding,
QSizePolicy.Expanding)
self.asmLinear = AsmLinear()
self.mainTab.addTab(self.asmLinear, "Disassembly")
self.asmLinear.focusAddress(BinaryAnalysis.binaryInfo.entryPoint)
self.bindAsmLinear()
self.hexView = HexView(BinaryAnalysis.rawData)
self.mainTab.addTab(self.hexView, "Hex View")
self.stringView = StringView(BinaryAnalysis.binaryInfo.strings)
self.stringView.clicked.connect(self.gotoAddress)
self.mainTab.addTab(self.stringView, "String List")
self.importView = ImportView(BinaryAnalysis.binaryInfo.imports)
self.importView.clicked.connect(self.gotoLibFunc)
self.mainTab.addTab(self.importView, "Imports")
self.exportView = ExportView(BinaryAnalysis.binaryInfo.exports)
self.exportView.clicked.connect(self.gotoLibFunc)
self.mainTab.addTab(self.exportView, "Exports")
leftRightSplitter.addWidget(leftTopBottomSplitter)
leftRightSplitter.addWidget(self.mainTab)
leftRightSplitter.setStretchFactor(0, 2)
leftRightSplitter.setStretchFactor(1, 8)
topBottomSplitter = QSplitter(Qt.Vertical)
topBottomSplitter.addWidget(leftRightSplitter)
topBottomSplitter.addWidget(self.outputLog)
topBottomSplitter.setStretchFactor(0, 8)
topBottomSplitter.setStretchFactor(1, 2)
allLayout.addWidget(topBottomSplitter)
self.asmLinear.setFocus()