def setUp(self):
self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)
self._emulator = ReilEmulator(self._arch_info)
self._asm_parser = X86Parser(ARCH_X86_MODE_32)
self._translator = X86Translator(ARCH_X86_MODE_32)
def setUp(self):
self.arch_mode = ARCH_X86_MODE_64
self.arch_info = X86ArchitectureInformation(self.arch_mode)
self.x86_parser = X86Parser(self.arch_mode)
self.x86_translator = X86Translator(self.arch_mode)
self.reil_emulator = ReilEmulator(self.arch_info)
self.context_filename = "failing_context.data"
def __init__(self, architecture_mode):
super(X86Disassembler, self).__init__()
arch_mode_map = {
ARCH_X86_MODE_32: CS_MODE_32,
ARCH_X86_MODE_64: CS_MODE_64
}
self._arch_mode = architecture_mode
self._arch_info = X86ArchitectureInformation(architecture_mode)
self._parser = X86Parser(architecture_mode)
self._disassembler = Cs(CS_ARCH_X86, arch_mode_map[architecture_mode])
def setUp(self):
self._arch_info = X86ArchitectureInformation(ARCH_X86_MODE_32)
self._smt_solver = SmtSolver()
self._smt_translator = SmtTranslator(self._smt_solver,
self._arch_info.address_size)
self._smt_translator.set_arch_alias_mapper(
self._arch_info.alias_mapper)
self._smt_translator.set_arch_registers_size(
self._arch_info.registers_size)
self._x86_parser = X86Parser(ARCH_X86_MODE_32)
self._x86_translator = X86Translator(ARCH_X86_MODE_32)
self._code_analyzer = CodeAnalyzer(self._smt_solver,
self._smt_translator,
self._arch_info)
def main():
# Process program arguments.
parser = init_parser()
args = parser.parse_args()
# Open binary.
binary = BinaryFile(args.binary)
# Check binary arch and mode.
if binary.architecture != ARCH_X86 or \
binary.architecture_mode not in [ARCH_X86_MODE_32, ARCH_X86_MODE_64]:
print("[!] Architecture not supported.")
sys.exit(1)
# Load architecture information for the binary.
arch_info = X86ArchitectureInformation(binary.architecture_mode)
# Extract entrypoint (in case a starting address was not provided.)
start_address = int(args.start_address,
16) if args.start_address else binary.entry_point
# Prepare options.
options = DotDict({})
options.abort = args.abort
options.color = args.color
options.verbose = args.verbose
print("[+] Loading trace...")
asm_trace = parse_trace(args.trace,
X86Parser(arch_info.architecture_mode),
start_address=start_address)
print("[+] Replaying trace...")
analyzer = AsmReplayAnalyzer(arch_info, asm_trace, start_address, options)
analyzer.run()
def setUp(self):
self._parser = X86Parser(ARCH_X86_MODE_32)
self._translator = X86Translator(ARCH_X86_MODE_32)
def setUp(self):
self._parser = X86Parser(ARCH_X86_MODE_64)
def barf_classify(gadget_map, printout=True):
arch_mode = ARCH_X86_MODE_32
arch_info = X86ArchitectureInformation(arch_mode)
translator = X86Translator(arch_mode)
instruction_parser = X86Parser(arch_mode)
ir_emulator = ReilEmulator(arch_info)
classifier = GadgetClassifier(ir_emulator, arch_info)
raw_gadgets = {}
typed_gadgets = []
for _, gadget in gadget_map.items():
# Translation cycle: from my emulator to BARF representation
classifiable = False
barf_instr_list = []
for _, instr in gadget.instructions.items():
# Parse a ROPInstruction into the BARF representation of an x86 instruction
barf_instr = instruction_parser.parse("{} {}".format(
instr.mnemonic, instr.op_str))
barf_instr.address = instr.address
try:
# Translate an x86 instruction into a list of REIL instructions
reil_transl_instrs = translator.translate(barf_instr)
barf_instr.ir_instrs = reil_transl_instrs
classifiable = True
except TranslationError:
classifiable = False
finally:
barf_instr_list.append(barf_instr)
# Classification of the gadgets
barf_g = RawGadget(barf_instr_list)
raw_gadgets[barf_g.address] = barf_g
if classifiable:
classified = classifier.classify(barf_g)
for tg in classified:
typed_gadgets.append(tg)
if printout:
print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr', True,
'Raw Gadgets', False)
verified = []
unverified = []
solver = Z3Solver()
translator = SmtTranslator(solver, arch_info.address_size)
code_analyzer = CodeAnalyzer(solver, translator, arch_info)
verifier = GadgetVerifier(code_analyzer, arch_info)
for tg in typed_gadgets:
if verifier.verify(tg):
verified.append(tg)
else:
unverified.append(tg)
print_gadgets_typed(verified, sys.stdout, arch_info.address_size,
'Verified classification')
print_gadgets_typed(unverified, sys.stdout, arch_info.address_size,
'Unverified classification')
for tg in typed_gadgets:
if tg.address in raw_gadgets:
raw_gadgets.pop(tg.address)
print_gadgets_raw(list(raw_gadgets.values()), sys.stdout, 'addr',
False, 'Not classified', False)
return {tg.address: tg for tg in typed_gadgets}