help="Apply simplifications rules (liveness, graph simplification, ...)")
args = parser.parse_args()
machine = Machine("x86_32")
loc_db = LocationDB()
cont = Container.from_stream(open(args.filename, 'rb'), loc_db)
mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)
ir_arch = machine.ira(mdis.loc_db)
addr = int(args.address, 0)
deadrm = DeadRemoval(ir_arch)
asmcfg = mdis.dis_multiblock(addr)
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
entry_points = set([mdis.loc_db.get_offset_location(addr)])
init_infos = ir_arch.arch.regs.regs_init
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
if args.simplify:
ircfg.simplify(expr_simp)
modified = True
while modified:
modified = False
modified |= deadrm(ircfg)
modified |= remove_empty_assignblks(ircfg)
modified |= merge_blocks(ircfg, entry_points)
open("%s.propag.dot" % args.filename, 'w').write(ircfg.dot())
def analyse_function():
# Get settings
settings = TypePropagationForm()
ret = settings.Execute()
if not ret:
return
end = None
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
# Init
machine = guess_machine(addr=addr)
mn, dis_engine, lifter_model_call = machine.mn, machine.dis_engine, machine.lifter_model_call
bs = bin_stream_ida()
loc_db = LocationDB()
mdis = dis_engine(bs, loc_db=loc_db, dont_dis_nulstart_bloc=True)
if end is not None:
mdis.dont_dis = [end]
lifter_model_callCallStackFixer = get_lifter_model_call_call_fixer(
lifter_model_call)
lifter = lifter_model_callCallStackFixer(loc_db)
asmcfg = mdis.dis_multiblock(addr)
# Generate IR
ircfg = lifter.new_ircfg_from_asmcfg(asmcfg)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {lifter.sp: lifter.arch.regs.regs_init[lifter.sp]}
cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print('=' * 20)
print(expr, objc)
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = loc_db.get_offset_location(addr)
lbl_head = loc_db.get_or_create_name_location("start")
first_block = asmcfg.loc_key_to_block(lbl_real_start)
assignblk_head = AssignBlock([
ExprAssign(lifter.IRDst, ExprLoc(lbl_real_start, lifter.IRDst.size)),
ExprAssign(lifter.sp, lifter.arch.regs.regs_init[lifter.sp])
], first_block.lines[0])
irb_head = IRBlock(loc_db, lbl_head, [assignblk_head])
ircfg.blocks[lbl_head] = irb_head
ircfg.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ircfg.blocks:
continue
symbexec_engine = TypePropagationEngine(lifter, types_mngr, state)
symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(lifter.sp)
sons = ircfg.successors(lbl)
for son in sons:
add_state(ircfg, todo, states, son, symbexec_engine.get_state())
for lbl, state in viewitems(states):
if lbl not in ircfg.blocks:
continue
symbexec_engine = CTypeEngineFixer(lifter, types_mngr, state,
cst_propag_link)
symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(lifter.sp)
help="Apply simplifications rules (liveness, graph simplification, ...)")
args = parser.parse_args()
machine = Machine("x86_32")
loc_db = LocationDB()
cont = Container.from_stream(open(args.filename, 'rb'), loc_db)
mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)
lifter = machine.lifter_model_call(mdis.loc_db)
addr = int(args.address, 0)
deadrm = DeadRemoval(lifter)
asmcfg = mdis.dis_multiblock(addr)
ircfg = lifter.new_ircfg_from_asmcfg(asmcfg)
entry_points = set([mdis.loc_db.get_offset_location(addr)])
init_infos = lifter.arch.regs.regs_init
cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos)
if args.simplify:
ircfg.simplify(expr_simp)
modified = True
while modified:
modified = False
modified |= deadrm(ircfg)
modified |= remove_empty_assignblks(ircfg)
modified |= merge_blocks(ircfg, entry_points)
open("%s.propag.dot" % args.filename, 'w').write(ircfg.dot())
# Disassemble blocks of the function at 'offset'
mdis = mn.dis_engine(bin_stream)
disasm = mdis.dis_multiblock(offset)
ircfg = ira.new_ircfg_from_asmcfg(disasm)
entry_points = set([mdis.loc_db.get_offset_location(offset)])
# Create target IR object and add all basic blocks to it
ir = ir_a_x86_64(mdis.symbol_pool)
for bbl in disasm.blocks:
print(bbl.to_string(disasm.loc_db))
ira.add_asmblock_to_ircfg(bbl, ircfg)
init_infos = ira.arch.regs.regs_init
propagate_cst_expr(ira, ircfg, offset, init_infos)
ircfg.simplify(expr_simp)
modified = True
iteration = 0
while modified:
print("Applying simplification pass " + str(iteration))
modified = False
modified |= dead_simp(ira, ircfg)
modified |= remove_empty_assignblks(ircfg)
modified |= merge_blocks(ircfg, entry_points)
iteration += 1
for lbl, irblock in ircfg.blocks.items():
print(irblock.to_string(loc_db))
loc_db.set_location_offset(loc_db.get_name_location("main"), 0x0)
for block in asmcfg.blocks:
print(block)
print("symbols:")
print(loc_db)
patches = asmblock.asm_resolve_final(mn_x86, asmcfg, loc_db)
# Translate to IR
ir_arch = ir_a_x86_32(loc_db)
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
# Display IR
for lbl, irblock in viewitems(ircfg.blocks):
print(irblock)
# Dead propagation
open('graph.dot', 'w').write(ircfg.dot())
print('*' * 80)
init_infos = ir_arch.arch.regs.regs_init
propagate_cst_expr(ir_arch, ircfg, 0, init_infos)
ircfg.simplify(expr_simp)
dead_simp(ir_arch, ircfg)
open('graph2.dot', 'w').write(ircfg.dot())
# Display new IR
print('new ir blocks')
for lbl, irblock in viewitems(ircfg.blocks):
print(irblock)
help="Apply simplifications rules (liveness, graph simplification, ...)")
args = parser.parse_args()
machine = Machine("x86_32")
cont = Container.from_stream(open(args.filename, 'rb'))
mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
ir_arch = machine.ira(mdis.loc_db)
addr = int(args.address, 0)
asmcfg = mdis.dis_multiblock(addr)
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
entry_points = set([mdis.loc_db.get_offset_location(addr)])
init_infos = ir_arch.arch.regs.regs_init
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
if args.simplify:
ircfg.simplify(expr_simp)
modified = True
while modified:
modified = False
modified |= dead_simp(ir_arch, ircfg)
modified |= remove_empty_assignblks(ircfg)
modified |= merge_blocks(ircfg, entry_points)
open("%s.propag.dot" % args.filename, 'w').write(ircfg.dot())
def analyse_function():
# Get settings
settings = TypePropagationForm()
ret = settings.Execute()
if not ret:
return
end = None
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
# Init
machine = guess_machine(addr=addr)
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
if end is not None:
mdis.dont_dis = [end]
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.loc_db)
asmcfg = mdis.dis_multiblock(addr)
# Generate IR
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] }
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(
ctype_str
)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0])
objc = types_mngr.get_objc(ctype)
print('=' * 20)
print(expr, objc)
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.loc_db.get_offset_location(addr)
lbl_head = ir_arch.loc_db.get_or_create_name_location("start")
first_block = asmcfg.label2block(lbl_real_start)
assignblk_head = AssignBlock(
[
ExprAssign(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)),
ExprAssign(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
],
first_block.lines[0]
)
irb_head = IRBlock(lbl_head, [assignblk_head])
ircfg.blocks[lbl_head] = irb_head
ircfg.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ircfg.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
sons = ircfg.successors(lbl)
for son in sons:
add_state(
ircfg, todo, states, son,
symbexec_engine.get_state()
)
for lbl, state in viewitems(states):
if lbl not in ircfg.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link)
symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)