def dis(mn_hex):
"""Disassembly helper"""
mn_bin = decode_hex(mn_hex)
try:
return mn_mep.dis(mn_bin, "b")
except Disasm_Exception:
assert(False) # miasm don't know what to do
def exec_instruction(hex_asm, init_values):
"""Symbolically execute an instruction"""
print("Hex:", hex_asm)
# Disassemble an instruction
mn = mn_mep.dis(decode_hex(hex_asm), "b")
print("Dis:", mn)
loc_db = LocationDB()
# Get the IR
im = ir_mepb(loc_db)
iir, eiir, = im.get_ir(mn)
print("\nInternal representation:", iir)
# Symbolic execution
sb = SymbolicExecutionEngine(ir_a_mepb(loc_db), regs_init)
# Assign register values before symbolic evaluation
for reg_expr_id, reg_expr_value in init_values:
sb.symbols[reg_expr_id] = reg_expr_value
print("\nModified registers:", [reg for reg in sb.modified(mems=False)])
print("Modified memories:", [mem for mem in sb.modified()])
print("\nFinal registers:")
sb.dump(mems=False)
print("\nFinal mems:")
sb.dump()
def test(self):
# Disassemble & assemble unit tests
unit_tests = [("ADD R1, 2", "6108")]
unit_tests += [("JMP 0xC3FA38", "d9c8c3fa")]
unit_tests += [("SLT3 R0, R8, R10", "08a2")]
unit_tests += [("SB R9, (R4)", "0948")]
unit_tests += [("SSARB 3(GP)", "13ec")]
unit_tests += [("SWCPI C13, (R2+)", "3d20")]
unit_tests += [("ADD3 R2, SP, 0x1C", "421c")]
unit_tests += [("SW R7, 0x50(SP)", "4752")]
for mn_str, mn_hex in unit_tests:
print("-" * 49) # Tests separation
# Disassemble
mn_bin = decode_hex(mn_hex)
mn = mn_mep.dis(mn_bin, "b")
print("dis: %s -> %s" % (mn_hex.rjust(20), str(mn).rjust(20)))
assert (str(mn) == mn_str) # disassemble assertion
# Assemble and return all possible candidates
instr = mn_mep.fromstring(str(mn), "b")
instr.mode = "b"
asm_list = [encode_hex(i).decode() for i in mn_mep.asm(instr)]
# Print the results
print("asm: %s -> %s" %
(mn_str.rjust(20), ", ".join(asm_list).rjust(20)))
assert (mn_hex in asm_list) # assemble assertion
def test(self):
# Disassemble & assemble unit tests
unit_tests = [("ADD R1, 2", "6108")]
unit_tests += [("JMP 0xC3FA38", "d9c8c3fa")]
unit_tests += [("SLT3 R0, R8, R10", "08a2")]
unit_tests += [("SB R9, (R4)", "0948")]
unit_tests += [("SSARB 3(GP)", "13ec")]
unit_tests += [("SWCPI C13, (R2+)", "3d20")]
unit_tests += [("ADD3 R2, SP, 0x1C", "421c")]
unit_tests += [("SW R7, 0x50(SP)", "4752")]
for mn_str, mn_hex in unit_tests:
print("-" * 49) # Tests separation
# Dissassemble
mn_bin = decode_hex(mn_hex)
mn = mn_mep.dis(mn_bin, "b")
print("dis: %s -> %s" % (mn_hex.rjust(20), str(mn).rjust(20)))
assert(str(mn) == mn_str) # dissassemble assertion
# Assemble and return all possible candidates
instr = mn_mep.fromstring(str(mn), "b")
instr.mode = "b"
asm_list = [encode_hex(i).decode() for i in mn_mep.asm(instr)]
# Print the results
print("asm: %s -> %s" % (
mn_str.rjust(20),
", ".join(asm_list).rjust(20))
)
assert(mn_hex in asm_list) # assemble assertion
def exec_instruction(mn_str, init_values, results, index=0, offset=0):
"""Symbolically execute an instruction and check the expected results."""
# Assemble and disassemble the instruction
instr = mn_mep.fromstring(mn_str, "b")
instr.mode = "b"
mn_bin = mn_mep.asm(instr)[index]
try:
instr = mn_mep.dis(mn_bin, "b")
except Disasm_Exception:
assert (False) # miasm don't know what to do
# Specify the instruction offset and compute the destination label
instr.offset = offset
loc_db = LocationDB()
if instr.dstflow():
instr.dstflow2label(loc_db)
# Get the IR
im = Lifter_MEPb(loc_db)
iir, eiir = im.get_ir(instr)
# Filter out IRDst
iir = [
ir for ir in iir
if not (isinstance(ir, ExprAssign) and isinstance(ir.dst, ExprId)
and ir.dst.name == "IRDst")
]
# Prepare symbolic execution
sb = SymbolicExecutionEngine(LifterModelCallMepb(loc_db), regs_init)
# Assign int values before symbolic evaluation
for expr_id, expr_value in init_values:
sb.symbols[expr_id] = expr_value
# Execute the IR
ab = AssignBlock(iir)
sb.eval_updt_assignblk(ab)
# Check if expected expr_id were modified
matched_results = 0
for expr_id, expr_value in results:
result = sb.eval_expr(expr_id)
if isinstance(result, ExprLoc):
addr = loc_db.get_location_offset(result.loc_key)
if expr_value.arg == addr:
matched_results += 1
continue
elif result == expr_value:
matched_results += 1
continue
# Ensure that all expected results were verified
if len(results) is not matched_results:
print("Expected:", results)
print("Modified:", [r for r in sb.modified(mems=False)])
assert (False)
def exec_instruction(mn_str, init_values, results, index=0, offset=0):
"""Symbolically execute an instruction and check the expected results."""
# Assemble and disassemble the instruction
instr = mn_mep.fromstring(mn_str, "b")
instr.mode = "b"
mn_bin = mn_mep.asm(instr)[index]
try:
instr = mn_mep.dis(mn_bin, "b")
except Disasm_Exception:
assert(False) # miasm don't know what to do
# Specify the instruction offset and compute the destination label
instr.offset = offset
loc_db = LocationDB()
if instr.dstflow():
instr.dstflow2label(loc_db)
# Get the IR
im = ir_mepb(loc_db)
iir, eiir = im.get_ir(instr)
# Filter out IRDst
iir = [ir for ir in iir if not (isinstance(ir, ExprAssign) and
isinstance(ir.dst, ExprId) and
ir.dst.name == "IRDst")]
# Prepare symbolic execution
sb = SymbolicExecutionEngine(ir_a_mepb(loc_db), regs_init)
# Assign int values before symbolic evaluation
for expr_id, expr_value in init_values:
sb.symbols[expr_id] = expr_value
# Execute the IR
ab = AssignBlock(iir)
sb.eval_updt_assignblk(ab)
# Check if expected expr_id were modified
matched_results = 0
for expr_id, expr_value in results:
result = sb.eval_expr(expr_id)
if isinstance(result, ExprLoc):
addr = loc_db.get_location_offset(result.loc_key)
if expr_value.arg == addr:
matched_results += 1
continue
elif result == expr_value:
matched_results += 1
continue
# Ensure that all expected results were verified
if len(results) is not matched_results:
print("Expected:", results)
print("Modified:", [r for r in sb.modified(mems=False)])
assert(False)