def test(data): # Digest C informations text = """ struct human { unsigned short age; unsigned int height; char name[50]; }; struct ll_human { struct ll_human* next; struct human human; }; """ my_types = CTypeAMD64_unk() types_mngr = CTypesManagerNotPacked(my_types.types) types_mngr.add_c_decl(text) # Analyze binary cont = Container.fallback_container(data, None, addr=0) machine = Machine("x86_64") dis_engine, ira = machine.dis_engine, machine.ira mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool) addr_head = 0 blocks = mdis.dis_multibloc(addr_head) lbl_head = mdis.symbol_pool.getby_offset(addr_head) ir_arch_a = ira(mdis.symbol_pool) for block in blocks: ir_arch_a.add_bloc(block) open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot()) # Main function's first argument's type is "struct ll_human*" void_ptr = types_mngr.void_ptr ll_human = types_mngr.get_type(('ll_human',)) ptr_llhuman = ObjCPtr('noname', ll_human, void_ptr.align, void_ptr.size) arg0 = ExprId('ptr', 64) ctx = {ir_arch_a.arch.regs.RDI: arg0} expr_types = {arg0.name: ptr_llhuman} mychandler = MyCHandler(types_mngr, expr_types) for expr in get_funcs_arg0(ctx, ir_arch_a, lbl_head): print "Access:", expr target_types = mychandler.expr_to_types(expr) for target_type in target_types: print '\tType:', target_type c_strs = mychandler.expr_to_c(expr) for c_str in c_strs: print "\tC access:", c_str print
'-d', "--defuse", action="store_true", help="Dump the def-use graph in file 'defuse.dot'." "The defuse is dumped after simplifications if -s option is specified") args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) log.info('Load binary') if args.rawbinary: shift = args.shiftoffset if args.shiftoffset is not None else 0 cont = Container.fallback_container(open(args.filename).read(), None, addr=shift) else: with open(args.filename) as fdesc: cont = Container.from_stream(fdesc, addr=args.shiftoffset) default_addr = cont.entry_point bs = cont.bin_stream e = cont.executable log.info('ok') log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: print "Architecture recognition fail. Please specify it in arguments"
}; struct ll_human { struct ll_human* next; struct human human; }; """ base_types = CTypeAMD64_unk() types_ast = CAstTypes() types_ast.add_c_decl(text) types_mngr = CTypesManagerNotPacked(types_ast, base_types) # Analyze binary cont = Container.fallback_container(data, None, addr=0) machine = Machine("x86_64") dis_engine, ira = machine.dis_engine, machine.ira mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool) addr_head = 0 blocks = mdis.dis_multiblock(addr_head) lbl_head = mdis.symbol_pool.getby_offset(addr_head) ir_arch_a = ira(mdis.symbol_pool) for block in blocks: ir_arch_a.add_block(block) open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot())
help="Display image representation of disasm") parser.add_argument('-c', "--rawbinary", default=False, action="store_true", help="Don't interpret input as ELF/PE/...") parser.add_argument('-d', "--defuse", action="store_true", help="Dump the def-use graph in file 'defuse.dot'." "The defuse is dumped after simplifications if -s option is specified") args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) log.info('Load binary') if args.rawbinary: shift = args.shiftoffset if args.shiftoffset is not None else 0 cont = Container.fallback_container(open(args.filename).read(), None, addr=shift) else: with open(args.filename) as fdesc: cont = Container.from_stream(fdesc, addr=args.shiftoffset) default_addr = cont.entry_point bs = cont.bin_stream e = cont.executable log.info('ok') log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: print "Architecture recognition fail. Please specify it in arguments" exit(-1)
}; struct ll_human { struct ll_human* next; struct human human; }; """ base_types = CTypeAMD64_unk() types_ast = CAstTypes() types_ast.add_c_decl(text) types_mngr = CTypesManagerNotPacked(types_ast, base_types) # Analyze binary cont = Container.fallback_container(data, None, addr=0) machine = Machine("x86_64") dis_engine, ira = machine.dis_engine, machine.ira mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool) addr_head = 0 asmcfg = mdis.dis_multiblock(addr_head) lbl_head = mdis.symbol_pool.getby_offset(addr_head) ir_arch_a = ira(mdis.symbol_pool) for block in asmcfg.blocks: ir_arch_a.add_block(block) open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot())
help="Dump the def-use graph in file 'defuse.dot'." "The defuse is dumped after simplifications if -s option is specified") parser.add_argument('-p', "--ssa", action="store_true", help="Generate the ssa form in 'ssa.dot'.") args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) log.info('Load binary') if args.rawbinary: cont = Container.fallback_container(open(args.filename, "rb").read(), vm=None, addr=args.shiftoffset) else: with open(args.filename, "rb") as fdesc: cont = Container.from_stream(fdesc, addr=args.shiftoffset) default_addr = cont.entry_point bs = cont.bin_stream e = cont.executable log.info('ok') log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: print "Architecture recognition fail. Please specify it in arguments"
"Use only with --propagexpr option. " "WARNING: not reliable, may fail.") parser.add_argument('-e', "--loadint", action="store_true", help="Load integers from binary in fixed memory lookup.") parser.add_argument('-j', "--calldontmodstack", action="store_true", help="Consider stack high is not modified in subcalls") args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) log.info('Load binary') if args.rawbinary: cont = Container.fallback_container(open(args.filename, "rb").read(), vm=None, addr=args.base_address) else: with open(args.filename, "rb") as fdesc: cont = Container.from_stream(fdesc, addr=args.base_address) default_addr = cont.entry_point bs = cont.bin_stream e = cont.executable log.info('ok') log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: print "Architecture recognition fail. Please specify it in arguments" exit(-1)
parser.add_argument('-x', "--propagexpr", action="store_true", help="Do Expression propagation.") parser.add_argument('-y', "--stack2var", action="store_true", help="*Try* to do transform stack accesses into variables. " "Use only with --propagexpr option. " "WARNING: not reliable, may fail.") args = parser.parse_args() if args.verbose: log_asmblock.setLevel(logging.DEBUG) log.info('Load binary') if args.rawbinary: cont = Container.fallback_container(open(args.filename, "rb").read(), vm=None, addr=args.shiftoffset) else: with open(args.filename, "rb") as fdesc: cont = Container.from_stream(fdesc, addr=args.shiftoffset) default_addr = cont.entry_point bs = cont.bin_stream e = cont.executable log.info('ok') log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: print "Architecture recognition fail. Please specify it in arguments" exit(-1)