def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + " | " + str(src2val) if src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg("warning", "or: some operand is undefined: " + expr) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_literal and src2val.is_literal: v1 = SV.mk_simvalue(src1val.literal_value) v2 = SV.mk_simvalue(src2val.literal_value) result = v1.bitwise_or(v2) else: result = SV.simUndefinedDW simstate.add_logmsg("warning", "or: some operand not recognized: " + expr) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand immop = self.imm_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.to_unsigned_int() expr = str(srcval) + ' >> ' + str(immval) result: SV.SimValue = SV.simUndefinedDW if srcval.is_undefined: simstate.add_logmsg("warning", "srl: operand is undefined: " + str(srcop)) elif srcval.is_literal: srcval = SV.mk_simvalue(srcval.literal_value) result = (SV.mk_simvalue(srcval.literal_value)).bitwise_srl(immval) elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif srcval.is_address: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) else: simstate.add_logmsg("warning", "srl: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcop = self.src_operand immop = self.imm_operand dstop = self.dst_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.to_unsigned_int() imm = SV.SimDoubleWordValue(immval) expr = str(srcval) + ' | ' + str(immval) if srcval.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg( "warning", "ori: operand is undefined: " + str(srcop)) elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) if srcval.is_literal: result = SV.mk_simvalue(srcval.literal_value).bitwise_or(imm) else: result = SV.simUndefinedDW simstate.add_logmsg( "warning", "ori: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def json_to_simval(d: Dict[str, Any]) -> SV.SimValue: id = d["i"] # SimValue (generic, covers all cases with jsonval implementation) if id == "x": return SSV.SimSymbolicValue(0, defined=False) # SimByteValue elif id == "b": if "d" in d: data = d["d"] v: int = data.get("v", 0) defined: bool = data.get("d", True) return SV.SimByteValue(v, defined) else: return SV.SimByteValue(0) # SimDoubleWordValue elif id == "d": if "d" in d: data = d["d"] v = data.get("v", 0) defined = data.get("d", True) b1defined: bool = data.get("db1", True) b2defined: bool = data.get("db2", True) b3defined: bool = data.get("db3", True) b4defined: bool = data.get("db4", True) return SV.SimDoubleWordValue(v, defined=defined, b1defined=b1defined, b2defined=b2defined, b3defined=b3defined, b4defined=b4defined) else: return SV.SimDoubleWordValue(0) # SimGlobalAddress elif id == "sga": data = d["d"] modulename: str = data.get("m", "?") offset = cast(SV.SimDoubleWordValue, json_to_simval(data["o"])) return SSV.SimGlobalAddress(modulename, offset) # SimReturnAddress elif id == "sra": data = d["d"] modulename = data.get("m", "?") functionaddr: str = data["f"] offset = cast(SV.SimDoubleWordValue, json_to_simval(data["o"])) return SSV.SimReturnAddress(modulename, functionaddr, offset) # SimMemoryByteLink elif id == "bl": data = d["d"] linkedto = cast(SSV.SimSymbolicValue, json_to_simval(data["l"])) position: int = cast(int, data["p"]) return SimMemoryByteLink(linkedto, position) else: raise UF.CHBError("No deserialization implemented yet for id = " + id)
def rhs(self, iaddr: str, op: Operand, opsize: int = 4) -> SV.SimValue: if op.is_register: return self.regval(iaddr, op.register, opsize=opsize) elif op.is_immediate: return SV.mk_simvalue(op.value, size=opsize) elif op.is_indirect_register: regval = self.regval(iaddr, op.indirect_register) offset = op.offset if not regval.is_defined: return SV.mk_undefined_simvalue(opsize) if regval.is_string_address and opsize == 1: regval = cast(SSV.SimStringAddress, regval) return self.rhs_string_char(iaddr, regval, offset) elif regval.is_symbol: regval = cast(SSV.SimSymbol, regval) return self.rhs_symbol(iaddr, regval, offset, opsize) elif regval.is_address: regval = cast(SSV.SimAddress, regval) return self.memval(iaddr, regval.add_offset(offset), opsize) elif regval.is_literal: regval = cast(SV.SimLiteralValue, regval) return self.rhs_literal_address(iaddr, regval.value, offset, opsize) else: raise SU.CHBSimError( self, iaddr, "Unable to resolve indirect register operand: " + str(op)) else: raise SU.CHBSimError( self, iaddr, "Operand " + str(op) + " not recognized in rhs")
def toupper_result(self) -> SV.SimLiteralValue: if self.name == "ctype_toupper": if self.offset1 >= 97 and self.offset2 <= 122: return SV.mk_simvalue(self.offset1 // 2) else: return SV.mk_simvalue(self.offset1) else: return SV.simUndefinedDW
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: """Subtraction with trap on overflow (trap not currently implemented).""" dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) if src1val.is_undefined or src2val.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) elif src1val.is_symbol or src2val.is_symbol: expr = str(src1val) + ' - ' + str(src2val) raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) elif src1val.is_string_address and src2val.is_string_address: src1val = cast(SSV.SimStringAddress, src1val) src2val = cast(SSV.SimStringAddress, src2val) diff = src2val.stringval.find(src1val.stringval) result = SV.mk_simvalue(diff) elif src1val.is_stack_address and src2val.is_stack_address: src1val = cast(SSV.SimStackAddress, src1val) src2val = cast(SSV.SimStackAddress, src2val) diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_stack_address and src2val.is_literal: src1val = cast(SSV.SimStackAddress, src1val) result = cast(SV.SimValue, src1val.add_offset(-src2val.literal_value)) elif src1val.is_global_address and src2val.is_global_address: src1val = cast(SSV.SimGlobalAddress, src1val) src2val = cast(SSV.SimGlobalAddress, src2val) diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_global_address and src2val.is_literal: src1val = cast(SSV.SimGlobalAddress, src1val) diff = (src1val.offsetvalue - src2val.literal_value) % (SU.max32 + 1) result = SV.mk_simvalue(diff) elif src1val.is_literal and src2val.is_literal: diff = (src1val.literal_value - src2val.literal_value) % (SU.max32 + 1) result = SV.mk_simvalue(diff) else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, ('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' + str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = SV.mk_simvalue(srcop.value) lhs = simstate.set(iaddr, dstop, srcval) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, srcval)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = simstate.rhs(iaddr, srcop) result: SV.SimValue if srcval.is_undefined: result = SV.simUndefinedDW if srcval.is_global_address: val = cast(SV.SimDoubleWordValue, SV.mk_simvalue(srcval.literal_value)) srcval = cast(SSV.SimGlobalAddress, srcval) name = srcval.modulename resultval = val.swap_bytes_within_halfwords() result = SSV.mk_global_address(resultval.literal_value, name) elif srcval.is_literal: val = cast(SV.SimDoubleWordValue, srcval) result = val.swap_bytes_within_halfwords() else: raise SU.CHBSimError( simstate, iaddr, "wsbh: operand not recognized: " + str(srcop) + ": " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, intermediates=str(srcval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand srcval = srcop.to_unsigned_int() v = 256 * 256 * srcval try: result = cast(SV.SimValue, simstate.resolve_literal_address(iaddr, v)) except SU.CHBSimError: result = SV.mk_simvalue(v) if result.is_undefined: result = SV.mk_simvalue(v) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, "")
def b_result(self) -> SV.SimLiteralValue: if self.name == "ctype_b": result = 0 print("ctype_b deref table value: " + str(self.offset1) + ", " + str(chr(self.offset1 // 2))) c = str(chr(self.offset1 // 2)) if c.isupper(): result += 1 if c.islower(): result += 2 if c.isalpha(): result += 4 if c.isnumeric(): result += 8 if c.isspace() or c == '\r' or c == '\n': result += 32 if c.isprintable(): result += 64 if c.isspace(): result += 256 if not c.isprintable(): result += 512 if c in string.punctuation: result += 1024 if c.isalnum(): result += 2048 return SV.mk_simvalue(result) else: return SV.simZero
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcop = self.src_operand immop = self.imm_operand dstop = self.dst_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.value expr = str(srcval) + " < " + str(immval) if srcval.is_undefined: result = SV.simUndefinedDW simstate.add_logmsg("warning", "slti: operand not defined: " + str(srcop)) elif srcval.is_literal: v = SV.mk_simvalue(srcval.literal_value) if v.to_signed_int() < immval: result = SV.simOne else: result = SV.simZero elif srcval.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result, expr)
def big_endian(self, iaddr: str, offset: int, size: int) -> SV.SimLiteralValue: if size == 2: b1 = self.byte(iaddr, offset + 1) b2 = self.byte(iaddr, offset) return SV.compose_simvalue([b1, b2]) elif size == 4: b1 = self.byte(iaddr, offset + 3) b2 = self.byte(iaddr, offset + 2) b3 = self.byte(iaddr, offset + 1) b4 = self.byte(iaddr, offset) return SV.compose_simvalue([b1, b2, b3, b4]) else: raise SU.CHBSimError( self.simstate, iaddr, ("Size of memory value request not supported: " + str(size)))
def get_patched_global(self, address: SSV.SimAddress) -> SV.SimDoubleWordValue: if self.has_patched_global(address): hexval = self.patched_globals[hex(address.offsetvalue)] return cast(SV.SimDoubleWordValue, SV.mk_simvalue(int(hexval, 16))) else: raise UF.CHBError('No patched global found for ' + str(address))
def mk_mapped_address(base: str, offset: int, buffersize: int) -> "SimMappedAddress": """Makes an address within a memory-mapped region.""" return SimMappedAddress( base, cast(SV.SimDoubleWordValue, SV.mk_simvalue(offset, size=4)), buffersize)
def get(self, iaddr: str, address: SSV.SimAddress, size: int) -> SV.SimValue: try: for base in self.baseoffsets: if ( address.offsetvalue >= base and address.offsetvalue < base + self.buffersize): address = address.add_offset(-base) try: memval = SimMemory.get(self, iaddr, address, size) except SU.CHBSimError: memval = SV.mk_simvalue(0, size=size) return memval else: raise SU.CHBSimError( self.simstate, iaddr, "invalid shared memory address: " + str(address)) except SU.CHBSimError as e: print("Error in shared memory: " + str(e)) name = (self.name + '[' + str(address.offsetvalue) + ']' + ' (value not retrieved: ' + str(e) + ')') return SSV.SimSymbol(name)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None: srcop = self.src_operand dstop = self.dst_operand srcptrop = self.srcptr_operand dstptrop = self.dstptr_operand srcval = simstate.get_rhs(iaddr, srcop) srcptrval = simstate.get_rhs(iaddr, srcptrop) dstptrval = simstate.get_rhs(iaddr, dstptrop) dflag = simstate.get_flag_value(iaddr, 'DF') incr = SV.mk_simvalue(srcptrop.size, self.size) simstate.set(iaddr, dstop, srcval) if (srcptrval.is_literal and srcptrval.is_defined and dstptrval.is_literal and dstptrval.is_defined): srcptrval = cast(SV.SimLiteralValue, srcptrval) dstptrval = cast(SV.SimLiteralValue, dstptrval) if dflag == 0: simstate.set(iaddr, srcptrop, srcptrval.add(incr)) simstate.set(iaddr, dstptrop, dstptrval.add(incr)) elif dflag == 1: simstate.set(iaddr, srcptrop, srcptrval.sub(incr)) simstate.set(iaddr, dstptrop, dstptrval.sub(incr)) else: raise SU.CHBSimError( simstate, iaddr, 'Unexpected value for direction flag: ' + str(dflag)) else: raise SU.CHBSimError( simstate, iaddr, ("Movs not supported for " + str(srcptrop) + ":" + str(srcptrval) + ", " + str(dstptrop) + ":" + str(dstptrval)))
def bitwise_and(self, other: SV.SimLiteralValue) -> SV.SimValue: if other.is_literal: if other.value < self.value: newval = self.value & other.value return SV.mk_simvalue(newval) else: return mk_simbasevalue('unknown', self.value & other.value) else: return SV.simUndefinedDW
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand srcop = self.src_operand immop = self.imm_operand srcval = simstate.rhs(iaddr, srcop) immval = immop.opkind.to_unsigned_int() if srcval.is_undefined: result = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg( "warning", "sll: operand is not defined: " + str(srcop)) elif srcval.is_literal: v = SV.mk_simvalue(srcval.literal_value) result = v.bitwise_sll(immval) elif srcval.is_symbol: srcval = cast(SSV.SimSymbol, srcval) if srcval.value is not None: v = SV.mk_simvalue(srcval.value) result = v.bitwise_sll(immval) else: raise SU.CHBSymbolicExpression( simstate, iaddr, dstop, str(srcval) + " << " + str(immval) + " (val(" + str(srcop) + "))") else: result = SV.simUndefinedDW simstate.add_logmsg( "warning", "sll: operand not recognized: " + str(srcval)) lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign( iaddr, simstate, lhs, result, "(val(" + str(srcop) + ") = " + str(srcval) + ")")
def b_result(self) -> SV.SimLiteralValue: if self.name == "ctype_b": result = 0 print("ctype_b: " + str(self.offset) + ', ' + str(chr(self.offset // 2))) c = chr(self.offset // 2) if c.isspace(): result += 32 return SV.mk_simvalue(result) else: return SV.simZero
def mk_base_address(base: str, offset: int = 0, buffersize: Optional[int] = None, tgttype: Optional[str] = None) -> "SimBaseAddress": """Makes a base address with offset (int) and buffer size (simvalue).""" return SimBaseAddress(base, cast(SV.SimDoubleWordValue, SV.mk_simvalue(offset, size=4)), buffersize=buffersize, tgttype=tgttype)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: srcop = self.src_operand dstop = self.dst_operand srcval = simstate.rhs(iaddr, srcop) if srcval.is_literal: result = SV.mk_simvalue(srcval.literal_value).leading_zeroes else: result = SV.simUndefinedDW lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhs, result)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstlo = self.dstlo_operand dsthi = self.dsthi_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) expr = str(src1val) + " * " + str(src2val) if src1val.is_undefined or src2val.is_undefined: loval = cast(SV.SimValue, SV.simUndefinedDW) hival = cast(SV.SimValue, SV.simUndefinedDW) simstate.add_logmsg("warning", "mult: some operand is undefined: " + expr) elif src1val.is_symbol or src2val.is_symbol: raise SU.CHBSymbolicExpression(simstate, iaddr, dstlo, expr) elif src1val.is_literal and src2val.is_literal: v1 = SV.mk_simvalue(src1val.literal_value).to_signed_int() v2 = SV.mk_simvalue(src2val.literal_value).to_signed_int() p = v1 * v2 if p < 0: p = p + SU.max64 + 1 loval = SV.mk_simvalue(p % (SU.max32 + 1)) hival = SV.mk_simvalue(p >> 32) else: loval = SV.simUndefinedDW hival = SV.simUndefinedDW simstate.add_logmsg("warning", "mult: some operand is not a literal: " + expr) lhslo = simstate.set(iaddr, dstlo, loval) lhshi = simstate.set(iaddr, dsthi, hival) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhslo, loval, intermediates=str(lhshi) + ' := ' + str(hival))
def get_from_section(self, iaddr: str, address: SSV.SimAddress, size: int) -> SV.SimValue: if address.is_defined: offset = address.offsetvalue # address has been patched by user if self.has_patched_global(address): return self.get_patched_global(address) # try to get the value from the file image else: sectionindex = self.elfheader.get_elf_section_index(offset) if sectionindex is None: # address is not in file image self.simstate.add_logmsg("global memory", str(address) + " uninitialized") return SV.mk_simvalue(0, size=size) # store in global memory data structure for i in range(offset, offset + size): byteval = self.elfheader.get_memory_value(sectionindex, i) if byteval is not None: self.set_byte(iaddr, i, SV.SimByteValue(byteval)) else: raise UF.CHBError("No value found for " + hex(i) + " in section " + str(sectionindex)) # retrieve from global memory data structure memval = SimMemory.get(self, iaddr, address, size) if not memval.is_defined: memval = SV.mk_simvalue(0, size=size) self.simstate.add_logmsg('global memory', str(address) + ' uninitialized') self._accesses.setdefault(str(address), []) self._accesses[str(address)].append( str(iaddr) + ':' + str(memval)) return memval else: raise UF.CHBError("Address is not defined: " + str(address))
def rhs_string_char(self, iaddr: str, addr: SSV.SimStringAddress, offset: int) -> SV.SimValue: regstr = addr.stringval if offset == len(regstr): return SV.simZerobyte elif offset < len(regstr): return SV.mk_simbytevalue(ord(regstr[offset])) else: raise SU.CHBSimError( self, iaddr, ("Access of string value out of bounds. String: " + regstr + "; offset: " + str(offset)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dsthi = self.dsthi_operand dstlo = self.dstlo_operand srcrs = self.rs_operand srcrt = self.rt_operand src1val = simstate.rhs(iaddr, srcrs) src2val = simstate.rhs(iaddr, srcrt) if src1val.is_undefined or src2val.is_undefined: resultlo = SV.simUndefinedDW resulthi = SV.simUndefinedDW simstate.add_logmsg( "warning", "some operand of division not defined: " + str(src1val) + " / " + str(src2val)) elif src1val.is_symbol or src2val.is_symbol: expr = str(src1val) + " / " + str(src2val) raise SU.CHBSymbolicExpression(simstate, iaddr, dstlo, expr) elif src1val.is_literal and src2val.is_literal: v1 = src1val.literal_value v2 = src2val.literal_value resultlo = cast(SV.SimDoubleWordValue, SV.mk_simvalue(v1 // v2)) resulthi = cast(SV.SimDoubleWordValue, SV.mk_simvalue(v1 % v2)) else: resultlo = SV.simUndefinedDW resulthi = SV.simUndefinedDW simstate.add_logmsg( "warning", "some operand of division not recognized: " + str(src1val) + " / " + str(src2val)) lhslo = simstate.set(iaddr, dstlo, resultlo) lhshi = simstate.set(iaddr, dsthi, resulthi) simstate.increment_programcounter() return SU.simassign(iaddr, simstate, lhslo, resultlo, intermediates=str(lhshi) + ' := ' + str(resulthi))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str: dstop = self.dst_operand src1op = self.src1_operand src2op = self.src2_operand src1val = simstate.rhs(iaddr, src1op) src2val = simstate.rhs(iaddr, src2op) def do_assign(result: SV.SimValue) -> str: lhs = simstate.set(iaddr, dstop, result) simstate.increment_programcounter() return SU.simassign( iaddr, simstate, lhs, result, ('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' + str(src2op) + ') = ' + str(src2val))) if src1val.is_undefined or src2val.is_undefined: return do_assign(SV.simUndefinedDW) elif src1val.is_symbol or src2val.is_symbol: expr = str(src1val) + ' + ' + str(src2val) raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr) # two global addresses, one of which is spurious elif (src1val.is_address and src2val.is_address and src1val.is_literal and src2val.is_literal): if src1val.literal_value > src2val.literal_value: src1addr = cast(SSV.SimAddress, src1val) result = cast(SV.SimValue, src1addr.add_offset(src2val.literal_value)) else: src2addr = cast(SSV.SimAddress, src2val) result = src2addr.add_offset(src1val.literal_value) return do_assign(result) elif src2val.is_address and src1val.is_literal: src2addr = cast(SSV.SimAddress, src2val) result = src2addr.add_offset(src1val.literal_value) return do_assign(result) elif src1val.is_address and src2val.is_literal: src1addr = cast(SSV.SimAddress, src1val) result = src1addr.add_offset(src2val.literal_value) return do_assign(result) elif src1val.is_literal and src2val.is_literal: v1 = src1val.literal_value v2 = src2val.literal_value result = cast(SV.SimValue, SV.mk_simvalue(v1 + v2)) return do_assign(result) else: return do_assign(SV.simUndefinedDW)
def mk_address(self, offset: int) -> SSV.SimAddress: addr = cast(SV.SimDoubleWordValue, SV.mk_simvalue(offset, size=4)) if self.name.startswith("global"): names = self.name.split(":") if len(names) == 2: image = names[1] else: image = "mainx" return SSV.SimGlobalAddress(image, addr) elif self.name == "stack": return SSV.SimStackAddress(addr) else: return SSV.SimBaseAddress(self.name, addr)
def initialize_cmdline_arguments(self, simstate: "SimulationState") -> None: simstate.registers["a0"] = SV.mk_simvalue(len(self.cmdlineargs)) simstate.registers["a1"] = SSV.mk_stack_address(16) aoffset = 100 # offset of information block on the initial process stack for (i, arg) in enumerate(self.cmdlineargs): argptr = SSV.mk_stack_address((i * 4) + 16) argvalptr = SSV.mk_stack_address(aoffset) simstate.set_memval(simstate.startaddr, argptr, argvalptr) for c in arg: addr = SSV.mk_stack_address(aoffset) cval = SV.mk_simcharvalue(c) simstate.set_memval(simstate.startaddr, addr, cval) aoffset += 1 addr = SSV.mk_stack_address(aoffset) simstate.set_memval(simstate.startaddr, addr, SV.simZerobyte) aoffset += 1 # null-terminate the list of arguments argptr = SSV.mk_stack_address((len(self.cmdlineargs) * 4) + 16) simstate.set_memval(simstate.startaddr, argptr, SV.simZero)
def get_patched_global(self, address: SSV.SimAddress) -> SV.SimValue: if self.has_patched_global(address): glbval = self.patched_globals[hex(address.offsetvalue)] result: SV.SimValue if glbval == "stderr": result = SFU.sim_openfile("/stderr", "w") result = cast(SV.SimValue, result) else: result = cast(SV.SimValue, SV.mk_simvalue(int(glbval, 16))) return result else: raise UF.CHBError('No patched global found for ' + str(address))