from miasm2.expression.parser import str_to_expr from miasm2.expression.expression import ExprInt, ExprId, ExprSlice, ExprMem, \ ExprCond, ExprCompose, ExprOp, ExprAff, ExprLoc, LocKey for expr_test in [ExprInt(0x12, 32), ExprId('test', 32), ExprLoc(LocKey(12), 32), ExprSlice(ExprInt(0x10, 32), 0, 8), ExprMem(ExprInt(0x10, 32), 32), ExprCond(ExprInt(0x10, 32), ExprInt(0x11, 32), ExprInt(0x12, 32)), ExprCompose(ExprInt(0x10, 16), ExprInt(0x11, 8), ExprInt(0x12, 8)), ExprInt(0x11, 8) + ExprInt(0x12, 8), ExprAff(ExprId('EAX', 32), ExprInt(0x12, 32)), ]: print 'Test: %s' % expr_test assert str_to_expr(repr(expr_test)) == expr_test
def analyse_function(): # Init machine = guess_machine() mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira bs = bin_stream_ida() mdis = dis_engine(bs, dont_dis_nulstart_bloc=True) iraCallStackFixer = get_ira_call_fixer(ira) ir_arch = iraCallStackFixer(mdis.symbol_pool) # Get the current function func = ida_funcs.get_func(idc.ScreenEA()) addr = func.startEA blocks = mdis.dis_multiblock(addr) # Generate IR for block in blocks: ir_arch.add_block(block) # Get settings settings = TypePropagationForm(ir_arch) ret = settings.Execute() if not ret: return cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]} cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) mychandler = MyCHandler(types_mngr, {}) infos_types = {} for line in settings.strTypesInfo.value.split('\n'): if not line: continue expr_str, ctype_str = line.split(':') expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str) ctype = mychandler.types_mngr.types_ast.ast_parse_declaration( ast.ext[0]) objc = types_mngr.get_objc(ctype) print '=' * 20 print expr, objc infos_types[expr] = set([objc]) # Add fake head lbl_real_start = ir_arch.symbol_pool.getby_offset(addr) lbl_head = ir_arch.symbol_pool.getby_name_create("start") first_block = blocks.label2block(lbl_real_start) assignblk_head = AssignBlock([ ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)), ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) ], first_block.lines[0]) irb_head = IRBlock(lbl_head, [assignblk_head]) ir_arch.blocks[lbl_head] = irb_head ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start) state = TypePropagationEngine.StateEngine(infos_types) states = {lbl_head: state} todo = set([lbl_head]) done = set() while todo: lbl = todo.pop() state = states[lbl] if (lbl, state) in done: continue done.add((lbl, state)) if lbl not in ir_arch.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) addr = symbexec_engine.emul_ir_block(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) ir_arch._graph = None sons = ir_arch.graph.successors(lbl) for son in sons: add_state(ir_arch, todo, states, son, symbexec_engine.get_state()) for lbl, state in states.iteritems(): if lbl not in ir_arch.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) addr = symbexec_engine.emul_ir_block(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch = ir_arch types_mngr = get_types_mngr(settings.headerFile.value) mychandler = MyCHandler(types_mngr, {}) #print 'Expr', settings.iStr1.value #print 'Type', settings.iStr2.value #print 'Header', settings.headerFile.value print 'InfoTypes', settings.strTypesInfo.value infos_types = {} for line in settings.strTypesInfo.value.split('\n'): if not line: continue expr_str, ctype_str = line.split(':') expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.type_analyzer.types_mngr.types_ast.parse_c_type( ctype_str) ctype = mychandler.type_analyzer.types_mngr.types_ast.ast_parse_declaration( ast.ext[0]) objc = types_mngr.get_objc(ctype) print '=' * 20 print expr, objc infos_types[expr] = objc # Add fake head lbl_real_start = ir_arch.symbol_pool.getby_offset(addr) lbl_head = ir_arch.symbol_pool.getby_name_create("start") first_block = blocks.label2block(lbl_real_start)
def analyse_function(): # Get settings settings = TypePropagationForm() ret = settings.Execute() if not ret: return end = None if settings.cScope.value == 0: addr = settings.functionAddr.value else: addr = settings.startAddr.value if settings.cScope.value == 2: end = settings.endAddr # Init machine = guess_machine(addr=addr) mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira bs = bin_stream_ida() mdis = dis_engine(bs, dont_dis_nulstart_bloc=True) if end is not None: mdis.dont_dis = [end] iraCallStackFixer = get_ira_call_fixer(ira) ir_arch = iraCallStackFixer(mdis.loc_db) asmcfg = mdis.dis_multiblock(addr) # Generate IR ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]} cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) mychandler = MyCHandler(types_mngr, {}) infos_types = {} infos_types_raw = [] if settings.cTypeFile.value: infos_types_raw = open(settings.typeFile.value).read().split('\n') else: infos_types_raw = settings.strTypesInfo.value.split('\n') for line in infos_types_raw: if not line: continue expr_str, ctype_str = line.split(':') expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str) ctype = mychandler.types_mngr.types_ast.ast_parse_declaration( ast.ext[0]) objc = types_mngr.get_objc(ctype) print '=' * 20 print expr, objc infos_types[expr] = set([objc]) # Add fake head lbl_real_start = ir_arch.loc_db.get_offset_location(addr) lbl_head = ir_arch.loc_db.get_or_create_name_location("start") first_block = asmcfg.label2block(lbl_real_start) assignblk_head = AssignBlock([ ExprAff(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)), ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) ], first_block.lines[0]) irb_head = IRBlock(lbl_head, [assignblk_head]) ircfg.blocks[lbl_head] = irb_head ircfg.add_uniq_edge(lbl_head, lbl_real_start) state = TypePropagationEngine.StateEngine(infos_types) states = {lbl_head: state} todo = set([lbl_head]) done = set() while todo: lbl = todo.pop() state = states[lbl] if (lbl, state) in done: continue done.add((lbl, state)) if lbl not in ircfg.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) sons = ircfg.successors(lbl) for son in sons: add_state(ircfg, todo, states, son, symbexec_engine.get_state()) for lbl, state in states.iteritems(): if lbl not in ircfg.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp)
types_mngr = get_types_mngr(settings.headerFile.value) mychandler = MyCHandler(types_mngr, {}) #print 'Expr', settings.iStr1.value #print 'Type', settings.iStr2.value #print 'Header', settings.headerFile.value print 'InfoTypes', settings.strTypesInfo.value infos_types = {} for line in settings.strTypesInfo.value.split('\n'): if not line: continue expr_str, ctype_str = line.split(':') expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.type_analyzer.types_mngr.types_ast.parse_c_type(ctype_str) ctype = mychandler.type_analyzer.types_mngr.types_ast.ast_parse_declaration(ast.ext[0]) objc = types_mngr.get_objc(ctype) print '='*20 print expr, objc infos_types[expr] = objc # Add fake head lbl_real_start = ir_arch.symbol_pool.getby_offset(addr) lbl_head = ir_arch.symbol_pool.getby_name_create("start") first_block = blocks.label2block(lbl_real_start) assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)), ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
from miasm2.expression.parser import str_to_expr from miasm2.expression.expression import ExprInt, ExprId, ExprSlice, ExprMem, \ ExprCond, ExprCompose, ExprOp, ExprAff, ExprLoc, LocKey for expr_test in [ ExprInt(0x12, 32), ExprId('test', 32), ExprLoc(LocKey(12), 32), ExprSlice(ExprInt(0x10, 32), 0, 8), ExprMem(ExprInt(0x10, 32), 32), ExprCond(ExprInt(0x10, 32), ExprInt(0x11, 32), ExprInt(0x12, 32)), ExprCompose(ExprInt(0x10, 16), ExprInt(0x11, 8), ExprInt(0x12, 8)), ExprInt(0x11, 8) + ExprInt(0x12, 8), ExprAff(ExprId('EAX', 32), ExprInt(0x12, 32)), ]: print 'Test: %s' % expr_test assert str_to_expr(repr(expr_test)) == expr_test
def analyse_function(): # Init machine = guess_machine() mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira bs = bin_stream_ida() mdis = dis_engine(bs, dont_dis_nulstart_bloc=True) iraCallStackFixer = get_ira_call_fixer(ira) ir_arch = iraCallStackFixer(mdis.symbol_pool) # Get settings settings = TypePropagationForm(ir_arch) ret = settings.Execute() if not ret: return if settings.cScope.value == 0: addr = settings.functionAddr.value else: addr = settings.startAddr.value if settings.cScope.value == 2: end = settings.endAddr mdis.dont_dis = [end] blocks = mdis.dis_multiblock(addr) # Generate IR for block in blocks: ir_arch.add_block(block) cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) mychandler = MyCHandler(types_mngr, {}) infos_types = {} infos_types_raw = [] if settings.cTypeFile.value: infos_types_raw = open(settings.typeFile.value).read().split('\n') else: infos_types_raw = settings.strTypesInfo.value.split('\n') for line in infos_types_raw: if not line: continue expr_str, ctype_str = line.split(':') expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.types_mngr.types_ast.parse_c_type( ctype_str) ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0]) objc = types_mngr.get_objc(ctype) print '=' * 20 print expr, objc infos_types[expr] = set([objc]) # Add fake head lbl_real_start = ir_arch.symbol_pool.getby_offset(addr) lbl_head = ir_arch.symbol_pool.getby_name_create("start") first_block = blocks.label2block(lbl_real_start) assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)), ExprAff( ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) ], first_block.lines[0]) irb_head = IRBlock(lbl_head, [assignblk_head]) ir_arch.blocks[lbl_head] = irb_head ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start) state = TypePropagationEngine.StateEngine(infos_types) states = {lbl_head: state} todo = set([lbl_head]) done = set() while todo: lbl = todo.pop() state = states[lbl] if (lbl, state) in done: continue done.add((lbl, state)) if lbl not in ir_arch.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) addr = symbexec_engine.run_block_at(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) ir_arch._graph = None sons = ir_arch.graph.successors(lbl) for son in sons: add_state(ir_arch, todo, states, son, symbexec_engine.get_state()) for lbl, state in states.iteritems(): if lbl not in ir_arch.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) addr = symbexec_engine.run_block_at(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp)