class SimCCRISCV(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5']
FP_ARG_REGS = [] # expand in case the floating point extension is added
STACK_ALIGNMENT = 16
RETURN_ADDR = SimRegArg('ra', 4)
RETURN_VAL = SimRegArg('a0', 4)
ARCH = ArchRISCV
def test_fauxware():
amd64 = archinfo.arch_from_id('amd64')
args = {
'i386': [
('authenticate', SimCCCdecl(
archinfo.arch_from_id('i386'),
args=[SimStackArg(4, 4), SimStackArg(8, 4)], sp_delta=4, ret_val=SimRegArg('eax', 4),
)
),
],
'x86_64': [
('authenticate', SimCCSystemVAMD64(
amd64,
args=[SimRegArg('rdi', 8), SimRegArg('rsi', 8)],
sp_delta=8,
ret_val=SimRegArg('rax', 8),
)
),
],
}
for arch, lst in args.items():
yield run_fauxware, arch, lst
class SimCCSH4LinuxSyscall(SimCC):
# TODO: Make sure all the information is correct
ARG_REGS = [ 'r4', 'r5', 'r6', 'r7' ]
FP_ARG_REGS = [ 'fr4', 'fr5','fr6','fr7','fr8','fr9','fr10','fr11']
RETURN_ADDR = SimRegArg('pr', 4)
RETURN_VAL = SimRegArg('r0', 4)
@classmethod
def _match(cls, arch, args, sp_delta): # pylint: disable=unused-argument
# never appears anywhere except syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.r0
class SimCCBPF(SimCC):
ARG_REGS = []
FP_ARG_REGS = []
STACKARG_SP_DIFF = 0
RETURN_ADDR = SimStackArg(0, 4)
RETURN_VAL = SimRegArg('acc', 4)
ARCH = ArchBPF
def test_array_ffi(self):
# NOTE: if this test is failing and you think it is wrong, you might be right :)
p = load_shellcode(b'\xc3', arch='amd64')
s = p.factory.blank_state()
s.regs.rdi = 123
s.regs.rsi = 456
s.regs.rdx = 789
execve = parse_file(
'int execve(const char *pathname, char *const argv[], char *const envp[]);'
)[0]['execve']
cc = p.factory.cc()
assert all((x == y).is_true()
for x, y in zip(cc.get_args(s, execve), (123, 456, 789)))
# however, this is defintely right
assert [list(loc.get_footprint()) for loc in cc.arg_locs(execve)] \
== [[SimRegArg('rdi', 8)], [SimRegArg('rsi', 8)], [SimRegArg('rdx', 8)]]
class SimCCMSP430(SimCC):
ARG_REGS = ['r15', 'r14', 'r13', 'r12']
FP_ARG_REGS = [] # TODO: ???
STACKARG_SP_DIFF = 2
RETURN_ADDR = SimStackArg(0, 2)
RETURN_VAL = SimRegArg('r15', 2)
ARCH = ArchMSP430
class SimCCRISCV(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7']
FP_ARG_REGS = [] # TODO: ???
STACK_ALIGNMENT = 16
RETURN_ADDR = SimStackArg(4, 4)
RETURN_VAL = SimRegArg('ra', 4)
ARCH = ArchRISCV
def test_from_argument_instanciate_a_Register_when_given_a_SimRegArg(self):
argument = SimRegArg('r0', 4)
registers = {'r0': (8, 4)}
result = Atom.from_argument(argument, registers)
self.assertTrue(isinstance(result, Register))
self.assertEqual(result.reg_offset, 8)
self.assertEqual(result.size, 4)
class SimRISCVSyscall(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5']
RETURN_VAL = SimRegArg('a0', 4)
RETURN_ADDR = SimStackArg(4, 4)
ARCH = ArchRISCV
@staticmethod
def _match(arch, args, sp_delta): # pylint: disable=unused-argument
# doesn't appear anywhere but syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.a7
class SimBFSyscall(SimCC):
"""
This defines our syscall format.
Obviously this is pretty dumb, for BrainFuck
This is really just here to make the two simprocedures work.
"""
# No need to pull the regs out, we always just want ptr straight up.
# THis is usually a list of string register names.
ARG_REGS = [ 'ptr' ]
# We never return anything to registers, but if we did, we'd use a RegArg object here.
#RETURN_VAL = ""
ARCH = ArchBF
RETURN_ADDR = SimRegArg('ip_at_syscall', 8)
@staticmethod
def _match(arch, args, sp_delta): # pylint: disable=unused-argument
# doesn't appear anywhere but syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.inout
class SimCCSH4(SimCC):
ARG_REGS = [ 'r4', 'r5', 'r6', 'r7' ]
FP_ARG_REGS = [ 'fr4', 'fr5','fr6','fr7','fr8','fr9','fr10','fr11']
RETURN_ADDR = SimRegArg('pr', 4)
RETURN_VAL = SimRegArg('r0', 4)
ARCH = ArchSH4