def get_dw_at_location_offset_dw_form_sec_offset(structs, expression): visitor = ExprDumper(structs) visitor.process_expr(expression) print "Full DW_AT_location as string: ", print visitor.get_str() dw_at_location_as_string = visitor.get_str() parts = dw_at_location_as_string.split() first_part = parts[0] assert first_part == 'DW_OP_fbreg:' second_part = parts[1].strip(';') return int(second_part)
def get_dw_at_location_offset(structs, expression): visitor = ExprDumper(structs) visitor.process_expr(expression) print "Full DW_AT_location as string: ", print visitor.get_str() dw_at_location_as_string = visitor.get_str() first_part, second_part = dw_at_location_as_string.split() #print first_part # 'DW_OP_fbreg:' assert first_part == 'DW_OP_fbreg:' #print "Second part of DW_AT_location: ", #print second_part # e.g. '-20' return int(second_part)
def extract_DWARF_expr(expr, structs): """ Textual description of a DWARF expression encoded in 'expr'. structs should come from the entity encompassing the expression - it's needed to be able to parse it correctly. """ # Since this function can be called a lot, initializing a fresh new # ExprDumper per call is expensive. So a rudimentary caching scheme is in # place to create only one such dumper per instance of structs. cache_key = id(structs) if cache_key not in _DWARF_EXPR_DUMPER_CACHE: _DWARF_EXPR_DUMPER_CACHE[cache_key] = \ ExprDumper(structs) dwarf_expr_dumper = _DWARF_EXPR_DUMPER_CACHE[cache_key] dwarf_expr_dumper.clear() dwarf_expr_dumper.process_expr(expr) return dwarf_expr_dumper
def setUp(self): self.visitor = ExprDumper(self.structs32) set_global_machine_arch('x64')
class TestExprDumper(unittest.TestCase): structs32 = DWARFStructs( little_endian=True, dwarf_format=32, address_size=4) def setUp(self): self.visitor = ExprDumper(self.structs32) set_global_machine_arch('x64') def test_basic_single(self): self.visitor.process_expr([0x1b]) self.assertEqual(self.visitor.get_str(), 'DW_OP_div') self.setUp() self.visitor.process_expr([0x74, 0x82, 0x01]) self.assertEqual(self.visitor.get_str(), 'DW_OP_breg4 (rsi): 130') self.setUp() self.visitor.process_expr([0x91, 0x82, 0x01]) self.assertEqual(self.visitor.get_str(), 'DW_OP_fbreg: 130') self.setUp() self.visitor.process_expr([0x51]) self.assertEqual(self.visitor.get_str(), 'DW_OP_reg1 (rdx)') self.setUp() self.visitor.process_expr([0x90, 16]) self.assertEqual(self.visitor.get_str(), 'DW_OP_regx: 16 (rip)') self.setUp() self.visitor.process_expr([0x9d, 0x8f, 0x0A, 0x90, 0x01]) self.assertEqual(self.visitor.get_str(), 'DW_OP_bit_piece: 1295 144') def test_basic_sequence(self): self.visitor.process_expr([0x03, 0x01, 0x02, 0, 0, 0x06, 0x06]) self.assertEqual(self.visitor.get_str(), 'DW_OP_addr: 201; DW_OP_deref; DW_OP_deref') self.setUp() self.visitor.process_expr([0x15, 0xFF, 0x0b, 0xf1, 0xff]) self.assertEqual(self.visitor.get_str(), 'DW_OP_pick: 255; DW_OP_const2s: -15') self.setUp() self.visitor.process_expr([0x1d, 0x1e, 0x1d, 0x1e, 0x1d, 0x1e]) self.assertEqual(self.visitor.get_str(), 'DW_OP_mod; DW_OP_mul; DW_OP_mod; DW_OP_mul; DW_OP_mod; DW_OP_mul')
class TestExprDumper(unittest.TestCase): structs32 = DWARFStructs(little_endian=True, dwarf_format=32, address_size=4) def setUp(self): self.visitor = ExprDumper(self.structs32) set_global_machine_arch('x64') def test_basic_single(self): self.assertEqual(self.visitor.dump_expr([0x1b]), 'DW_OP_div') self.assertEqual(self.visitor.dump_expr([0x74, 0x82, 0x01]), 'DW_OP_breg4 (rsi): 130') self.assertEqual(self.visitor.dump_expr([0x91, 0x82, 0x01]), 'DW_OP_fbreg: 130') self.assertEqual(self.visitor.dump_expr([0x51]), 'DW_OP_reg1 (rdx)') self.assertEqual(self.visitor.dump_expr([0x90, 16]), 'DW_OP_regx: 16 (rip)') self.assertEqual( self.visitor.dump_expr([0x9d, 0x8f, 0x0A, 0x90, 0x01]), 'DW_OP_bit_piece: 1295 144') self.assertEqual( self.visitor.dump_expr( [0x0e, 0xff, 0x00, 0xff, 0x00, 0xff, 0x00, 0xff, 0x00]), 'DW_OP_const8u: 71777214294589695') def test_basic_sequence(self): self.assertEqual( self.visitor.dump_expr([0x03, 0x01, 0x02, 0, 0, 0x06, 0x06]), 'DW_OP_addr: 201; DW_OP_deref; DW_OP_deref') self.assertEqual( self.visitor.dump_expr([0x15, 0xFF, 0x0b, 0xf1, 0xff]), 'DW_OP_pick: 255; DW_OP_const2s: -15') self.assertEqual( self.visitor.dump_expr([0x1d, 0x1e, 0x1d, 0x1e, 0x1d, 0x1e]), 'DW_OP_mod; DW_OP_mul; DW_OP_mod; DW_OP_mul; DW_OP_mod; DW_OP_mul') self.assertEqual(self.visitor.dump_expr([0x08, 0x0f, 0xe0]), 'DW_OP_const1u: 15; DW_OP_GNU_push_tls_address')
def get_dw_at_location_offset_0x54(structs, expression): visitor = ExprDumper(structs) visitor.process_expr(expression) print "Full DW_AT_location as string: ", print visitor.get_str() dw_at_location_as_string = visitor.get_str()