dst, src = op.operands op_1 = state.read_value(dst) op_2 = state.read_value(src) if isinstance(op_1, Immediate) and isinstance(op_2, Immediate): val = Immediate(op_1.value & op_2.value) else: val = Unknown() new_state.store_value(dst, val) return new_state if __name__ == '__main__': import sys if len(sys.argv) != 2: print('Usage: {} <file>'.format(sys.argv[0])) sys.exit() e = ELF(sys.argv[1]) main_addr = e.symbols['main'] cfg = CFG(e, main_addr) start = MachineState() start.regs[X86_REG_RSP] = StackPointer(0) vars = ConstantAnalysis(cfg, entry_state=start) for op_addr in sorted(cfg.ops): op = cfg.ops[op_addr] print('{:120s} -- {}'.format(vars.before_states[op], op_str(op)))
def show_state(self, op, state): print('{}: esp = {}'.format(op_str(op), hex(state[0][0])))
def show_state(self, op, state): print('{}: {}'.format(op_str(op), state))
if len(stack) != 0: ebp = stack[0] stack = stack[1:] else: ebp = lattice.top if op.id == X86_INS_PUSH and op.operands[ 0].type == X86_OP_REG and op.operands[0].reg == X86_REG_RBP: stack = (ebp, ) + stack return ((flow_esp(esp), ebp), stack) def show_state(self, op, state): print('{}: esp = {}'.format(op_str(op), hex(state[0][0]))) if __name__ == '__main__': import sys if len(sys.argv) != 2: print('Usage: {} <file>'.format(sys.argv[0])) sys.exit() e = ELF(sys.argv[1]) main_addr = e.symbols['main'] cfg = CFG(e, main_addr) esp = EspAnalysis(cfg, entry_state=0) for op_addr in sorted(cfg.ops): op = cfg.ops[op_addr] print('{} -- esp = {}'.format(op_str(op), esp.before_states[op]))