def test_cfg_libc_pthread_create(self):
cbs = [CodeBlock(0x0000D218, 0x0000D268), CodeBlock(0x0000D268, 0x0000D274),
CodeBlock(0x0000D274, 0x0000D28C), CodeBlock(0x0000D28C, 0x0000D2C8),
CodeBlock(0x0000D2C8, 0x0000D2D4), CodeBlock(0x0000D2D4, 0x0000D314), CodeBlock(0x0000D314, 0x0000D32C),
CodeBlock(0x0000D32C, 0x0000D348), CodeBlock(0x0000D348, 0x0000D350), CodeBlock(0x0000D350, 0x0000D364),
CodeBlock(0x0000D364, 0x0000D378), CodeBlock(0x0000D378, 0x0000D3AC), CodeBlock(0x0000D3AC, 0x0000D3D8),
CodeBlock(0x0000D3D8, 0x0000D3E8), CodeBlock(0x0000D3E8, 0x0000D408), CodeBlock(0x0000D408, 0x0000D414),
CodeBlock(0x0000D414, 0x0000D454), CodeBlock(0x0000D454, 0x0000D468), CodeBlock(0x0000D468, 0x0000D47C),
CodeBlock(0x0000D47C, 0x0000D484), CodeBlock(0x0000D484, 0x0000D4B4), CodeBlock(0x0000D4B4, 0x0000D4C8),
CodeBlock(0x0000D4C8, 0x0000D4D8), CodeBlock(0x0000D4D8, 0x0000D518)]
with open("vfs/system/lib/libc.so", "rb") as f:
blocks = cfg.create_cfg(f, 0x0000D218, 768, False)
#print(blocks[9])
#print(blocks[9].parent)
#print(blocks[9].childs)
#print(blocks)
self.assertEqual(len(cbs), len(blocks))
for i in range(0, len(cbs)):
self.hex_addr_assert(cbs[i].start, blocks[i].start)
self.hex_addr_assert(cbs[i].end, blocks[i].end)
#
b = blocks[9]
self.hex_addr_assert(b.start, 0x0000D350)
self.hex_addr_assert(b.end, 0x0000D364)
self.assertEqual(len(b.parent), 3)
self.assertEqual(len(b.childs), 0)
out_path = sys.argv[2]
trace_path = sys.argv[3]
base_addr = int(sys.argv[4], 16)
end_addr = int(sys.argv[5], 16)
is_thumb = sys.argv[6] != "0"
of_type = "common"
if (len(sys.argv)>7):
of_type = sys.argv[7]
#
detector = _of_maps[of_type]
lib_name = os.path.basename(path)
shutil.copyfile(path, out_path)
with open(path, "rb") as f:
blocks = cfg.create_cfg(f, base_addr, end_addr - base_addr, is_thumb)
#print (blocks)
ins_mgr = IntructionManger(is_thumb)
of_b, dead_cb = detector.find_ofuse_control_block(f, blocks, base_addr, ins_mgr)
#print("cbs:%r"%of_b)
#print ("dead_cb:%r"%dead_cb)
logic_blocks = list(blocks)
list_remove(logic_blocks, of_b)
list_remove(logic_blocks, dead_cb)
print("lbs:%r"%logic_blocks)
#print (blocks)
def test_cfg_bangbang_tbb_tbh(self):
cbs = [CodeBlock(0x0001B180, 0x0001B1C4), CodeBlock(0x0001B1C4, 0x0001B1CA),
CodeBlock(0x0001B1CA, 0x0001B1CE), CodeBlock(0x0001B1CE, 0x0001B1D2),
CodeBlock(0x0001B1E0, 0x0001B1E2), CodeBlock(0x0001B1E2, 0x0001B1EC),
CodeBlock(0x0001B1EC, 0x0001B1F4), CodeBlock(0x0001B1F4, 0x0001B1FC),
CodeBlock(0x0001B1FC, 0x0001B204), CodeBlock(0x0001B204, 0x0001B208),
CodeBlock(0x0001B208, 0x0001B248), CodeBlock(0x0001B248, 0x0001B27E),
CodeBlock(0x0001B27E, 0x0001B2A8), CodeBlock(0x0001B2A8, 0x0001B2AC),
CodeBlock(0x0001B2AC, 0x0001B2B2), CodeBlock(0x0001B2B2, 0x0001B2B6),
CodeBlock(0x0001B2B6, 0x0001B2BA), CodeBlock(0x0001B2CC, 0x0001B37A),
CodeBlock(0x0001B37A, 0x0001B382), CodeBlock(0x0001B382, 0x0001B38A),
CodeBlock(0x0001B38A, 0x0001B392), CodeBlock(0x0001B392, 0x0001B39A),
CodeBlock(0x0001B39A, 0x0001B39E), CodeBlock(0x0001B39E, 0x0001B3BC),
CodeBlock(0x0001B3BC, 0x0001B3DC), CodeBlock(0x0001B3DC, 0x0001B3E8),
CodeBlock(0x0001B3E8, 0x0001B3FC), CodeBlock(0x0001B3FC, 0x0001B400),
CodeBlock(0x0001B400, 0x0001B402),
CodeBlock(0x0001B406, 0x0001B410), CodeBlock(0x0001B410, 0x0001B414),
CodeBlock(0x0001B414, 0x0001B41A), CodeBlock(0x0001B41A, 0x0001B430),
CodeBlock(0x0001B430, 0x0001B438), CodeBlock(0x0001B438, 0x0001B43A),
CodeBlock(0x0001B43A, 0x0001B442), CodeBlock(0x0001B442, 0x0001B446),
CodeBlock(0x0001B446, 0x0001B448), CodeBlock(0x0001B448, 0x0001B44C),
CodeBlock(0x0001B44C, 0x0001B450), CodeBlock(0x0001B450, 0x0001B46A),
CodeBlock(0x0001B46A, 0x0001B472), CodeBlock(0x0001B472, 0x0001B47C),
CodeBlock(0x0001B47C, 0x0001B47E), CodeBlock(0x0001B47E, 0x0001B486),
CodeBlock(0x0001B486, 0x0001B49A), CodeBlock(0x0001B49A, 0x0001B49E), CodeBlock(0x0001B49E, 0x0001B4A0),
CodeBlock(0x0001B4A4, 0x0001B4A8), CodeBlock(0x0001B4A8, 0x0001B4B8),
CodeBlock(0x0001B4B8, 0x0001B4BA), CodeBlock(0x0001B4BA, 0x0001B4BE), CodeBlock(0x0001B4BE, 0x0001B4C4),
CodeBlock(0x0001B4C4, 0x0001B4D4), CodeBlock(0x0001B4D4, 0x0001B4D6), CodeBlock(0x0001B4D6, 0x0001B4E4),
CodeBlock(0x0001B4FC, 0x0001B500), CodeBlock(0x0001B500, 0x0001B502),
CodeBlock(0x0001B502, 0x0001B506), CodeBlock(0x0001B506, 0x0001B514),
CodeBlock(0x0001B54C, 0x0001B638), CodeBlock(0x0001B638, 0x0001B64A), CodeBlock(0x0001B64A, 0x0001B65C),
CodeBlock(0x0001B65C, 0x0001B66C), CodeBlock(0x0001B66C, 0x0001B7E4), CodeBlock(0x0001B7E4, 0x0001B93E),
CodeBlock(0x0001B93E, 0x0001B940), CodeBlock(0x0001B960, 0x0001BA0E),
CodeBlock(0x0001BA0E, 0x0001BA96), CodeBlock(0x0001BA96, 0x0001BDB4), CodeBlock(0x0001BDB4, 0x0001BDCA),
CodeBlock(0x0001BDCA, 0x0001BDDA), CodeBlock(0x0001BDDA, 0x0001BDE8), CodeBlock(0x0001BDE8, 0x0001BDEE),
CodeBlock(0x0001BDEE, 0x0001BF26), CodeBlock(0x0001BF30, 0x0001CC78),
CodeBlock(0x0001CC78, 0x0001CD5E), CodeBlock(0x0001CD5E, 0x0001CDCC), CodeBlock(0x0001CDCC, 0x0001CDCE),
CodeBlock(0x0001CDE4, 0x0001CDEA), CodeBlock(0x0001CDEA, 0x0001CDEC),
CodeBlock(0x0001CDEC, 0x0001CE76), CodeBlock(0x0001CE76, 0x0001CE86), CodeBlock(0x0001CE86, 0x0001CED0),
CodeBlock(0x0001CED0, 0x0001CEDA), CodeBlock(0x0001CEDA, 0x0001D022), CodeBlock(0x0001D022, 0x0001D024),
CodeBlock(0x0001D024, 0x0001D058), CodeBlock(0x0001D058, 0x0001D05E), CodeBlock(0x0001D05E, 0x0001D08C),
CodeBlock(0x0001D08C, 0x0001D090), CodeBlock(0x0001D090, 0x0001D094), CodeBlock(0x0001D094, 0x0001D098),
CodeBlock(0x0001D0A4, 0x0001D0B2), CodeBlock(0x0001D0B2, 0x0001D0D0), CodeBlock(0x0001D0D0, 0x0001D0F0),
CodeBlock(0x0001D0F0, 0x0001D108), CodeBlock(0x0001D108, 0x0001D114), CodeBlock(0x0001D114, 0x0001D116),
CodeBlock(0x0001D116, 0x0001D126), CodeBlock(0x0001D126, 0x0001D136), CodeBlock(0x0001D136, 0x0001D150),
CodeBlock(0x0001D150, 0x0001D156), CodeBlock(0x0001D156, 0x0001D162), CodeBlock(0x0001D162, 0x0001D164),
CodeBlock(0x0001D164, 0x0001D168), CodeBlock(0x0001D168, 0x0001D16E), CodeBlock(0x0001D16E, 0x0001D172),
CodeBlock(0x0001D172, 0x0001D178), CodeBlock(0x0001D178, 0x0001D17C), CodeBlock(0x0001D17C, 0x0001D186),
CodeBlock(0x0001D186, 0x0001D18A), CodeBlock(0x0001D18A, 0x0001D194), CodeBlock(0x0001D194, 0x0001D198),
CodeBlock(0x0001D198, 0x0001D19A), CodeBlock(0x0001D19A, 0x0001D1A0), CodeBlock(0x0001D1A0, 0x0001D1FC),
CodeBlock(0x0001D1FC, 0x0001D20A), CodeBlock(0x0001D20A, 0x0001D21C), CodeBlock(0x0001D21C, 0x0001D22C),
CodeBlock(0x0001D22C, 0x0001D244), CodeBlock(0x0001D244, 0x0001D246), CodeBlock(0x0001D246, 0x0001D24C),
CodeBlock(0x0001D24C, 0x0001D260), CodeBlock(0x0001D260, 0x0001D276), CodeBlock(0x0001D276, 0x0001D288),
CodeBlock(0x0001D288, 0x0001D28C), CodeBlock(0x0001D28C, 0x0001D296), CodeBlock(0x0001D296, 0x0001D356),
CodeBlock(0x0001D356, 0x0001D360), CodeBlock(0x0001D360, 0x0001D364), CodeBlock(0x0001D364, 0x0001D376),
CodeBlock(0x0001D376, 0x0001D380), CodeBlock(0x0001D380, 0x0001D38C), CodeBlock(0x0001D38C, 0x0001D3A0),
CodeBlock(0x0001D3A0, 0x0001D3A4), CodeBlock(0x0001D3A4, 0x0001D3A6),
CodeBlock(0x0001D3A8, 0x0001D3B8), CodeBlock(0x0001D3B8, 0x0001D3CE), CodeBlock(0x0001D3CE, 0x0001D3D4),
CodeBlock(0x0001D3D4, 0x0001D3D8), CodeBlock(0x0001D3D8, 0x0001D3DC), CodeBlock(0x0001D406, 0x0001D418),
CodeBlock(0x0001D418, 0x0001D446), CodeBlock(0x0001D446, 0x0001D460), CodeBlock(0x0001D460, 0x0001D490),
CodeBlock(0x0001D490, 0x0001D494), CodeBlock(0x0001D508, 0x0001D522),
CodeBlock(0x0001D522, 0x0001D526), CodeBlock(0x0001D526, 0x0001D564), CodeBlock(0x0001D564, 0x0001D578),
CodeBlock(0x0001D578, 0x0001D582), CodeBlock(0x0001D582, 0x0001D59A), CodeBlock(0x0001D59A, 0x0001D5A0),
CodeBlock(0x0001D5A0, 0x0001D5E0), CodeBlock(0x0001D5E0, 0x0001D5E2), CodeBlock(0x0001D5E2, 0x0001D5E6),
CodeBlock(0x0001D5E6, 0x0001D5EA), CodeBlock(0x0001D5EA, 0x0001D5EE), CodeBlock(0x0001D5F6, 0x0001D5FE),
CodeBlock(0x0001D5FE, 0x0001D60A), CodeBlock(0x0001D60A, 0x0001D618), CodeBlock(0x0001D618, 0x0001D63A),
CodeBlock(0x0001D63A, 0x0001D646), CodeBlock(0x0001D646, 0x0001D64A), CodeBlock(0x0001D64A, 0x0001D64E),
CodeBlock(0x0001D64E, 0x0001D65C), CodeBlock(0x0001D65C, 0x0001D66A), CodeBlock(0x0001D66A, 0x0001D66E),
CodeBlock(0x0001D66E, 0x0001D672), CodeBlock(0x0001D672, 0x0001D674), CodeBlock(0x0001D674, 0x0001D678),
CodeBlock(0x0001D678, 0x0001D694), CodeBlock(0x0001D694, 0x0001D6A0), CodeBlock(0x0001D6A0, 0x0001D6A2),
CodeBlock(0x0001D6A2, 0x0001D6A6), CodeBlock(0x0001D6A6, 0x0001D6AA), CodeBlock(0x0001D6AA, 0x0001D6B0),
CodeBlock(0x0001D6B0, 0x0001D6B8), CodeBlock(0x0001D6B8, 0x0001D6BA), CodeBlock(0x0001D6BA, 0x0001D6BE),
CodeBlock(0x0001D6BE, 0x0001D6FE), CodeBlock(0x0001D6FE, 0x0001D702), CodeBlock(0x0001D702, 0x0001D708),
CodeBlock(0x0001D708, 0x0001D734), CodeBlock(0x0001D734, 0x0001D74A), CodeBlock(0x0001D74A, 0x0001D756),
CodeBlock(0x0001D756, 0x0001D76A), CodeBlock(0x0001D76A, 0x0001D776), CodeBlock(0x0001D776, 0x0001D77A),
CodeBlock(0x0001D77A, 0x0001D784), CodeBlock(0x0001D784, 0x0001D794), CodeBlock(0x0001D794, 0x0001D7BE),
CodeBlock(0x0001D7BE, 0x0001D7CC), CodeBlock(0x0001D7CC, 0x0001D7EC), CodeBlock(0x0001D7EC, 0x0001D80A),
CodeBlock(0x0001D80A, 0x0001D80C), CodeBlock(0x0001D80C, 0x0001D93E), CodeBlock(0x0001D93E, 0x0001D944),
CodeBlock(0x0001D944, 0x0001D948), CodeBlock(0x0001D948, 0x0001D94C), CodeBlock(0x0001D96C, 0x0001D980),
CodeBlock(0x0001D980, 0x0001D99E), CodeBlock(0x0001D99E, 0x0001D9A6), CodeBlock(0x0001D9A6, 0x0001D9C0),
CodeBlock(0x0001D9C0, 0x0001D9C6), CodeBlock(0x0001D9C6, 0x0001D9CC), CodeBlock(0x0001D9CC, 0x0001D9D4),
CodeBlock(0x0001D9D4, 0x0001D9FA), CodeBlock(0x0001D9FA, 0x0001DA5C), CodeBlock(0x0001DA5C, 0x0001DA66),
CodeBlock(0x0001DA66, 0x0001DA6E), CodeBlock(0x0001DA6E, 0x0001DA76), CodeBlock(0x0001DA76, 0x0001DA7E),
CodeBlock(0x0001DA7E, 0x0001DA82), CodeBlock(0x0001DA82, 0x0001DAA6), CodeBlock(0x0001DAA6, 0x0001DABA),
CodeBlock(0x0001DABA, 0x0001DAFE), CodeBlock(0x0001DAFE, 0x0001DB04), CodeBlock(0x0001DB04, 0x0001DB08),
CodeBlock(0x0001DB08, 0x0001DB0C), CodeBlock(0x0001DB16, 0x0001DB2E), CodeBlock(0x0001DB2E, 0x0001DB34),
CodeBlock(0x0001DB34, 0x0001DB3A), CodeBlock(0x0001DB3A, 0x0001DB66), CodeBlock(0x0001DB66, 0x0001DB6E),
CodeBlock(0x0001DB6E, 0x0001DB8E), CodeBlock(0x0001DB8E, 0x0001DB9C), CodeBlock(0x0001DB9C, 0x0001DB9E),
CodeBlock(0x0001DB9E, 0x0001DBA2), CodeBlock(0x0001DBA2, 0x0001DBAC), CodeBlock(0x0001DBAC, 0x0001DBCA),
CodeBlock(0x0001DBCA, 0x0001DC00), CodeBlock(0x0001DC00, 0x0001DC06), CodeBlock(0x0001DC06, 0x0001DC0A),
CodeBlock(0x0001DC0A, 0x0001DC0E), CodeBlock(0x0001DC0E, 0x0001DC10), CodeBlock(0x0001DC10, 0x0001DC14),
CodeBlock(0x0001DC14, 0x0001DC2C), CodeBlock(0x0001DC2C, 0x0001DC30), CodeBlock(0x0001DC30, 0x0001DC36),
CodeBlock(0x0001DC36, 0x0001DC3C), CodeBlock(0x0001DC3C, 0x0001DC50), CodeBlock(0x0001DC50, 0x0001DC64),
CodeBlock(0x0001DC64, 0x0001DC94), CodeBlock(0x0001DC94, 0x0001DCA6), CodeBlock(0x0001DCA6, 0x0001DCC4),
CodeBlock(0x0001DCC4, 0x0001DCDC), CodeBlock(0x0001DCDC, 0x0001DCE2), CodeBlock(0x0001DCE2, 0x0001DCE6),
CodeBlock(0x0001DCE6, 0x0001DCEE), CodeBlock(0x0001DCEE, 0x0001DCF0), CodeBlock(0x0001DCF0, 0x0001DCF4),
CodeBlock(0x0001DCF4, 0x0001DCFE), CodeBlock(0x0001DCFE, 0x0001DD02), CodeBlock(0x0001DD02, 0x0001DD0A),
CodeBlock(0x0001DD0A, 0x0001DD0E), CodeBlock(0x0001DD0E, 0x0001DD1C), CodeBlock(0x0001DD1C, 0x0001DD20),
CodeBlock(0x0001DD20, 0x0001DD26), CodeBlock(0x0001DD26, 0x0001DD60), CodeBlock(0x0001DD60, 0x0001DD7E),
CodeBlock(0x0001DD7E, 0x0001DD86), CodeBlock(0x0001DD86, 0x0001DDB4), CodeBlock(0x0001DDB4, 0x0001DDEA),
CodeBlock(0x0001DDEA, 0x0001DDF0), CodeBlock(0x0001DDF0, 0x0001DDF6), CodeBlock(0x0001DDF6, 0x0001DDFA),
CodeBlock(0x0001DDFA, 0x0001DE82), CodeBlock(0x0001DE82, 0x0001DE8A), CodeBlock(0x0001DE8A, 0x0001DE8E),
CodeBlock(0x0001DE94, 0x0001DEB8), CodeBlock(0x0001DEB8, 0x0001DEBC), CodeBlock(0x0001DEBC, 0x0001DECA),
CodeBlock(0x0001DECA, 0x0001DF02), CodeBlock(0x0001DF02, 0x0001DF14), CodeBlock(0x0001DF14, 0x0001DF26),
CodeBlock(0x0001DF26, 0x0001DF30), CodeBlock(0x0001DF30, 0x0001DF34), CodeBlock(0x0001DF34, 0x0001DF40),
CodeBlock(0x0001DF40, 0x0001DF44), CodeBlock(0x0001DF44, 0x0001DF4C)]
with open("tests/bin/libSecShell.so", "rb") as f:
blocks = cfg.create_cfg(f, 0x0001B180, 11724, True)
self.assertEqual(len(cbs), len(blocks))
for b in cbs:
self.assertTrue(self.cb_in_cbs(b, blocks), "expect block %r not in result"%b)