def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip, mm)
self.fp_type = RefinePType(Type("Ptr32", 4), fp, process, mm)
# print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: # str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process, max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
print "frame", frame, hex(frame.ip)
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
# print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
self.bt.frames = frames
self.eip_type = RefinePType(
Type("Ptr32", 4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
ip = process.getInstrPointer()
fp = process.getFramePointer()
self.module = FindModule(ip,mm)
self.fp_type = RefinePType(Type("Ptr32",4), fp, process, mm)
#print "fp:",hex(fp_type[1]), str(fp_type[0])
if not process.no_frame_pointer: #str(self.fp_type[0]) == "SPtr32":
self.bt = getBacktrace(process,max_args=0, max_depth=20)
else:
self.bt = Backtrace()
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
#print "ip:", str(r_type[0])
if not (str(r_type[0]) == "GxPtr32"):
break
#if str(r_type[0]) == "DPtr32":
# break
self.bt.frames = frames
self.eip_type = RefinePType(Type("Ptr32",4), process.getInstrPointer(), process, mm)
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip, mm)
# print self.bt, type(self.bt)
frames = []
if CPU_X86_64:
# detection of stack frame disabled, python-ptrace does not support
# ...
pass
if CPU_I386:
for i, frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
# print "frames",frames
# print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32", 4), ip, process, mm)
def __init__(self, parent: Node):
self.scope = parent.scope
self.target = self.scope.create_new_var(Type.generate_random_type())
self.type = self.target.get_type()
super().__init__(parent)
self.expression = generate_expression_node(self)
self.scope.add_var(self.target)
def __init__(self, name, process, mm): #_sifields = None):
self.fields = dict()
_sifields = process.getsiginfo()._sifields
self.name = name
if hasattr(_sifields, "_sigfault") and self.name == "SIGSEGV":
self.fields["addr"] = RefinePType(Type("Ptr32",4), _sifields._sigfault._addr, process, mm)
def __init__(self, parent: Node):
self.scope = parent.scope
self.target = random.choice(
self.collect_variables(Type.generate_random_type()))
self.type = self.target.get_type()
super().__init__(parent)
self.type = self.target.get_type()
self.expression = generate_expression_node(self)
def __init__(self, name, module):
assert(name in specs)
spec = specs[name]
self.ret = str(spec[0])
#fixme: void functions and non-returned values should be different!
self.retvalue = (Type("Top32",4),None)
self.module = module
self.name = str(name)
self.param_types = list(spec[1:])
self.param_ptypes = []
self.param_values = []
def __init__(self, process, mm):
self.name = "Abort"
ip = process.getInstrPointer()
self.bt = process.getBacktrace(max_args=0, max_depth=20)
self.module = FindModule(ip,mm)
#print self.bt, type(self.bt)
frames = []
for i,frame in enumerate(self.bt.frames):
r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
frames.append(r_type)
if str(r_type[0]) == "DPtr32":
break
self.bt.frames = frames
#print "frames",frames
#print "self.bt.frames", self.bt.frames
self.eip = RefinePType(Type("Ptr32",4), ip, process, mm)
def __DetectRetAddr__(self):
addr = self.process.getreg("esp")
bytes = self.process.readBytes(addr, 4)
return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)
def RefinePType(ptype, value, process, mm):
if value is None:
return (Type("Top32",4), value)
if str(ptype) == "Ptr32":
ptr = value
if ptr == 0x0:
return (Type("NPtr32",4), ptr)
else:
try:
_ = process.readBytes(ptr, 4)
except PtraceError:
return (Type("DPtr32",4), ptr)
mm.checkPtr(ptr)
if mm.isStackPtr(ptr):
return (Type("SPtr32",4), ptr)
elif mm.isHeapPtr(ptr):
return (Type("HPtr32",4), ptr)
elif mm.isCodePtr(ptr):
return (Type("GxPtr32",4), ptr)
elif mm.isFilePtr(ptr):
return (Type("FPtr32",4), ptr)
elif mm.isGlobalPtr(ptr):
return (Type("GPtr32",4), ptr)
else:
return (Type("Ptr32",4), ptr)
elif str(ptype) == "Num32":
num = value
if num == 0x0:
return (Type("Num32B0",4), num)
else:
binlen = len(bin(num))-2
binlen = int(ceil(binlen / 8.0))*8
return (Type("Num32B"+str(binlen),4), num)
return (Type("Top32",4), value)
def randomize_target(self):
self.target = random.choice(
self.collect_variables(Type.generate_random_type()))
self.type = self.target.get_type()
self.expression = generate_expression_node(self)