def __init__(self, num, addr, raw):
"""
(raw) is the raw string of the instructions of the gadget
"""
# irsb is an array of BARF instructions
# ins is an array of Assembly instructions
try:
(irsb, ins) = Analysis.getIR(raw, addr)
except Exception as e:
raise GadgetException(str(e.msg))
# Some strings representations
self.asmStr = "; ".join(str(i) for i in ins)
self.hexStr = "\\x" + "\\x".join("{:02x}".format(ord(c)) for c in raw)
# Initializing the memory in Z3 for this gadget
memorySMT = Array("MEM", BitVecSort(REGSIZE.size), BitVecSort(8))
self.addr = addr # int
# Get the string for the address, depends on the architecture size
self.addrStr = '0x' + format(
addr, '0' + str(Analysis.ArchInfo.bits / 4) + 'x')
self.graph = Graph()
self.regCount = {
} # Keys are integers, values are integers. regCount[2] = 0 <=> R2_0 have appeared but R2_1 not yet
self.spInc = None # How much have Stack Pointer been incremented by
self.num = num # Identifier or the gadget
self.normalRet = None # True iff the gadgets ends up by a normal ret; instruction
self.nbInstr = 0 # Number of REIL instructions of this gadget
self.dep = None
self.valuesTable = {} # Used dinamically when building graph
# Building graph and computing the dependencies
self.buildGraph(irsb)
self.getDependencies()
def __init__(self, num, addr, raw):
"""
(raw) is the raw string of the instructions of the gadget
"""
# irsb is an array of BARF instructions
# ins is an array of Assembly instructions
if (raw in analyzed_raw_to_gadget):
self._copy_gadget(num, addr, analyzed_raw_to_gadget[raw])
else:
# Check for 'int 0x80' gadgets
if (raw == '\xcd\x80'):
self.num = num
self.sort = GadgetSort.INT80
self.asmStr = 'int 0x80'
self.hexStr = '\\xcd\\x80'
self.addr = addr
self.addrStr = '0x' + format(
addr, '0' + str(Analysis.ArchInfo.bits / 4) + 'x')
self.dep = GadgetDependencies()
return
# Check for 'syscall' gadgets
elif (raw == '\x0f\x05'):
self.num = num
self.sort = GadgetSort.SYSCALL
self.asmStr = 'syscall'
self.hexStr = '\\x0f\\x05'
self.addr = addr
self.addrStr = '0x' + format(
addr, '0' + str(Analysis.ArchInfo.bits / 4) + 'x')
self.dep = GadgetDependencies()
return
# Build regular gadget
try:
(irsb, ins) = Analysis.getIR(raw, addr)
except Analysis.AnalysisException as e:
raise GadgetException(str(e))
self.sort = GadgetSort.REGULAR
self.duplicate = None # If the gadget is a copy of another gadget, then self.duplicate = pointer to the original gadget !
# Some strings representations
self.ins = ins # List of instructions
self.asmStr = "; ".join(str(i) for i in ins)
self.hexStr = "\\x" + "\\x".join("{:02x}".format(ord(c))
for c in raw)
self.addr = addr # int
# Get the string for the address, depends on the architecture size
self.addrStr = '0x' + format(
addr, '0' + str(Analysis.ArchInfo.bits / 4) + 'x')
self.regCount = {
} # Keys are integers, values are integers. regCount[2] = 0 <=> R2_0 have appeared but R2_1 not yet
self.spInc = None # How much have Stack Pointer been incremented by
self.num = num # Identifier or the gadget
self.ret = RetType.UNKNOWN # Type of the last instruction of the gadget (ret, call, ... )
self.retValue = None # (int) register to jmp to if ret is CALL_REG or JMP_REG
self.nbInstr = 0 # Number of REIL instructions of this gadget
self.dep = None
self.valuesTable = {} # Used dinamically when building graph
self.validPreConstraint = None # If the preconstraint is valid or not
self.preConstraint = None
# Building graph and computing the dependencies
self.graph = Graph()
self.buildGraph(irsb)
self.getDependencies()
analyzed_raw_to_gadget[raw] = self