def getIR(opCodeStr, address):
"""
Get the Intermediate Representation of a piece of assembly code
Parameters :
(opCodeStr) - The string of the opcodes in hex
(address) - The address at which the first instruction is located
Return value :
(instr, ins ) - Where 'instr' in an array of BARF instructions
And 'ins' is the list of the assembly instructions
"""
arch = ArchInfo.currentArch
# Getting the translators and disassemblers for the requested architecture
if arch == "X86":
arch_mode = ARCH_X86_MODE_32
disassembler = X86Disassembler(architecture_mode=arch_mode)
ir_translator = X86Translator(architecture_mode=arch_mode)
REGSIZE.size = 32
ArchInfo.currentArchInfo = X86ArchitectureInformation(arch_mode)
ArchInfo.ip = "eip"
ArchInfo.sp = "esp"
elif arch == "X86_64":
arch_mode = ARCH_X86_MODE_64
disassembler = X86Disassembler(architecture_mode=arch_mode)
ir_translator = X86Translator(architecture_mode=arch_mode)
REGSIZE.size = 64
ArchInfo.currentArchInfo = X86ArchitectureInformation(arch_mode)
ArchInfo.ip = "rip"
ArchInfo.sp = "rsp"
else:
raise AnalysisException("Architecture %s not yet supported" % arch)
# Translating into IR
index = 0
ins = []
# disasemble -> return only one instr, so we need to iterate over the
#string gadget, using the size of the ins disassembled
while(index < len(opCodeStr)):
asm = disassembler.disassemble(opCodeStr[index:],index+address)
if asm is None:
bad_instructions = "\\x"+ "\\x".join("{:02x}".format(ord(c)) for c in opCodeStr[index:])
all_instructions = "\\x"+ "\\x".join("{:02x}".format(ord(c)) for c in opCodeStr)
raise AnalysisException("BARF unable to translate {} instructions {} in gadget {}".format(arch, bad_instructions, all_instructions))
ins.append(asm)
index = index+asm.size
irsb = []
for i in ins:
for r in ir_translator.translate(i):
irsb.append(r)
return (irsb, ins)
def __init__(self, binary):
self.__binary = binary
self.__arch_mode = self.__binary.architecture_mode
self.__arch = X86ArchitectureInformation(self.__arch_mode)
self.__disassembler = X86Disassembler(architecture_mode=self.__arch_mode)
self.__translator = X86Translator(architecture_mode=self.__arch_mode)
self.__bb_builder = BasicBlockBuilder(self.__disassembler, self.__binary.text_section, self.__translator, self.__arch)
def __init__(self, binary):
self.__binary = binary
self.__arch_mode = self.__binary.architecture_mode
self.__arch = X86ArchitectureInformation(self.__arch_mode)
self.__disassembler = X86Disassembler(architecture_mode=self.__arch_mode)
self.__translator = X86Translator(architecture_mode=self.__arch_mode)
self.__bb_builder = CFGRecoverer(RecursiveDescent(self.__disassembler, self.__binary.text_section,
self.__translator, self.__arch))
def setUp(self):
self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)
self._operand_size = self._arch_info.operand_size
self._memory = MemoryMock()
self._smt_solver = SmtSolver()
self._smt_translator = SmtTranslator(self._smt_solver, self._operand_size)
self._smt_translator.set_arch_alias_mapper(self._arch_info.alias_mapper)
self._smt_translator.set_arch_registers_size(self._arch_info.registers_size)
self._disasm = X86Disassembler()
self._ir_translator = X86Translator()
self._bb_builder = BasicBlockBuilder(self._disasm, self._memory, self._ir_translator)
def test_emulate_x86_64(self):
binary = BinaryFile(get_full_path("./samples/bin/loop-simple.x86_64"))
arch_mode = ARCH_X86_MODE_64
arch_info = X86ArchitectureInformation(arch_mode)
ir_emulator = ReilEmulator(arch_info)
disassembler = X86Disassembler(architecture_mode=ARCH_X86_MODE_64)
ir_translator = X86Translator(architecture_mode=ARCH_X86_MODE_64)
emu = Emulator(arch_info, ir_emulator, ir_translator, disassembler)
emu.load_binary(binary)
emu.emulate(0x4004d6, 0x400507, {}, None, False)
def __init__(self, binary, symbols):
self.__binary = binary
self.__arch_mode = self.__binary.architecture_mode
self.__arch = X86ArchitectureInformation(self.__arch_mode)
self.__disassembler = X86Disassembler(architecture_mode=self.__arch_mode)
self.__translator = X86Translator(architecture_mode=self.__arch_mode)
self.__bb_builder = BasicBlockBuilder(self.__disassembler, self.__binary.text_section, self.__translator, self.__arch)
self.__container = {}
self.__symbols = symbols
self.__symbols_by_addr = {}
for name, start, end in symbols:
self.__symbols_by_addr[start] = (name, end)
########################### # Supported architectures # ########################### currentArch = None # X86 ArchX86 = Architecture() ArchX86.name = "X86" ArchX86.archInfo = X86ArchitectureInformation(ARCH_X86_MODE_32) ArchX86.ip = "eip" ArchX86.sp = "esp" ArchX86.bits = 32 ArchX86.octets = 4 ArchX86.archMode = ARCH_X86_MODE_32 ArchX86.disassembler = X86Disassembler(architecture_mode=ARCH_X86_MODE_32) ArchX86.irTranslator = X86Translator(architecture_mode=ARCH_X86_MODE_32) # X86-64 ArchX64 = Architecture() ArchX64.name = "X64" ArchX64.archInfo = X86ArchitectureInformation(ARCH_X86_MODE_64) ArchX64.ip = "rip" ArchX64.sp = "rsp" ArchX64.bits = 64 ArchX64.octets = 8 ArchX64.archMode = ARCH_X86_MODE_64 ArchX64.disassembler = X86Disassembler(architecture_mode=ARCH_X86_MODE_64) ArchX64.irTranslator = X86Translator(architecture_mode=ARCH_X86_MODE_64) available = [ArchX86.name, ArchX64.name]
def setUp(self):
self._arch_mode = ARCH_X86_MODE_32
self._arch_info = X86ArchitectureInformation(
architecture_mode=self._arch_mode)
self._disassembler = X86Disassembler()
self._translator = X86Translator()