Esempio n. 1
0
    def setUp(self):
        self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)

        self._emulator = ReilEmulator(self._arch_info)

        self._asm_parser = X86Parser(ARCH_X86_MODE_32)
        self._translator = X86Translator(ARCH_X86_MODE_32)
Esempio n. 2
0
    def setUp(self):
        self.arch_mode = ARCH_X86_MODE_64

        self.arch_info = X86ArchitectureInformation(self.arch_mode)

        self.x86_parser = X86Parser(self.arch_mode)
        self.x86_translator = X86Translator(self.arch_mode)
        self.reil_emulator = ReilEmulator(self.arch_info)

        self.context_filename = "failing_context.data"
Esempio n. 3
0
    def __init__(self, architecture_mode):
        super(X86Disassembler, self).__init__()

        arch_mode_map = {
            ARCH_X86_MODE_32: CS_MODE_32,
            ARCH_X86_MODE_64: CS_MODE_64
        }

        self._arch_mode = architecture_mode
        self._arch_info = X86ArchitectureInformation(architecture_mode)

        self._parser = X86Parser(architecture_mode)
        self._disassembler = Cs(CS_ARCH_X86, arch_mode_map[architecture_mode])
Esempio n. 4
0
    def setUp(self):
        self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)

        self._smt_solver = SmtSolver()

        self._smt_translator = SmtTranslator(self._smt_solver,
                                             self._arch_info.address_size)
        self._smt_translator.set_arch_alias_mapper(
            self._arch_info.alias_mapper)
        self._smt_translator.set_arch_registers_size(
            self._arch_info.registers_size)

        self._x86_parser = X86Parser(ARCH_X86_MODE_32)

        self._x86_translator = X86Translator(ARCH_X86_MODE_32)

        self._code_analyzer = CodeAnalyzer(self._smt_solver,
                                           self._smt_translator,
                                           self._arch_info)
Esempio n. 5
0
def main():
    # Process program arguments.
    parser = init_parser()
    args = parser.parse_args()

    # Open binary.
    binary = BinaryFile(args.binary)

    # Check binary arch and mode.
    if binary.architecture != ARCH_X86 or \
            binary.architecture_mode not in [ARCH_X86_MODE_32, ARCH_X86_MODE_64]:
        print("[!] Architecture not supported.")
        sys.exit(1)

    # Load architecture information for the binary.
    arch_info = X86ArchitectureInformation(binary.architecture_mode)

    # Extract entrypoint (in case a starting address was not provided.)
    start_address = int(args.start_address,
                        16) if args.start_address else binary.entry_point

    # Prepare options.
    options = DotDict({})
    options.abort = args.abort
    options.color = args.color
    options.verbose = args.verbose

    print("[+] Loading trace...")
    asm_trace = parse_trace(args.trace,
                            X86Parser(arch_info.architecture_mode),
                            start_address=start_address)

    print("[+] Replaying trace...")
    analyzer = AsmReplayAnalyzer(arch_info, asm_trace, start_address, options)

    analyzer.run()
Esempio n. 6
0
 def setUp(self):
     self._parser = X86Parser(ARCH_X86_MODE_32)
     self._translator = X86Translator(ARCH_X86_MODE_32)
Esempio n. 7
0
 def setUp(self):
     self._parser = X86Parser(ARCH_X86_MODE_64)
def barf_classify(gadget_map, printout=True):
    arch_mode = ARCH_X86_MODE_32
    arch_info = X86ArchitectureInformation(arch_mode)
    translator = X86Translator(arch_mode)
    instruction_parser = X86Parser(arch_mode)
    ir_emulator = ReilEmulator(arch_info)
    classifier = GadgetClassifier(ir_emulator, arch_info)
    raw_gadgets = {}
    typed_gadgets = []
    for _, gadget in gadget_map.items():

        # Translation cycle: from my emulator to BARF representation
        classifiable = False
        barf_instr_list = []
        for _, instr in gadget.instructions.items():
            # Parse a ROPInstruction into the BARF representation of an x86 instruction
            barf_instr = instruction_parser.parse("{} {}".format(
                instr.mnemonic, instr.op_str))
            barf_instr.address = instr.address
            try:
                # Translate an x86 instruction into a list of REIL instructions
                reil_transl_instrs = translator.translate(barf_instr)
                barf_instr.ir_instrs = reil_transl_instrs
                classifiable = True
            except TranslationError:
                classifiable = False
            finally:
                barf_instr_list.append(barf_instr)

        # Classification of the gadgets
        barf_g = RawGadget(barf_instr_list)
        raw_gadgets[barf_g.address] = barf_g
        if classifiable:
            classified = classifier.classify(barf_g)
            for tg in classified:
                typed_gadgets.append(tg)
    if printout:
        print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr', True,
                          'Raw Gadgets', False)
        verified = []
        unverified = []
        solver = Z3Solver()
        translator = SmtTranslator(solver, arch_info.address_size)
        code_analyzer = CodeAnalyzer(solver, translator, arch_info)
        verifier = GadgetVerifier(code_analyzer, arch_info)
        for tg in typed_gadgets:
            if verifier.verify(tg):
                verified.append(tg)
            else:
                unverified.append(tg)
        print_gadgets_typed(verified, sys.stdout, arch_info.address_size,
                            'Verified classification')
        print_gadgets_typed(unverified, sys.stdout, arch_info.address_size,
                            'Unverified classification')
        for tg in typed_gadgets:
            if tg.address in raw_gadgets:
                raw_gadgets.pop(tg.address)
        print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr',
                          False, 'Not classified', False)

    return {tg.address: tg for tg in typed_gadgets}