def get_funcs_arg0(ctx, ira, lbl_head):
"""Compute DependencyGraph on the func @lbl_head"""
g_dep = DependencyGraph(ira, follow_call=False)
element = ira.arch.regs.RSI
for irb, index in find_call(ira):
instr = irb[index].instr
print 'Analysing references from:', hex(instr.offset), instr
g_list = g_dep.get(irb.loc_key, set([element]), index, set([lbl_head]))
for dep in g_list:
emul_result = dep.emul(ctx)
value = emul_result[element]
yield value
if arch == "x86_32":
# StdCall example
for i in xrange(4):
e_mem = ExprMem(ExprId("ESP_init") + ExprInt32(4 * (i + 1)), 32)
init_ctx[e_mem] = ExprId("arg%d" % i)
# Disassemble the targeted function
blocks = mdis.dis_multibloc(int(args.func_addr, 0))
# Generate IR
for block in blocks:
ir_arch.add_bloc(block)
# Get the instance
dg = DependencyGraph(ir_arch, implicit=args.implicit,
apply_simp=not args.do_not_simplify,
follow_mem=not args.unfollow_mem,
follow_call=not args.unfollow_call)
# Build information
target_addr = int(args.target_addr, 0)
current_block = list(ir_arch.getby_offset(target_addr))[0]
line_nb = 0
for line_nb, line in enumerate(current_block.lines):
if line.offset == target_addr:
break
# Enumerate solutions
json_solutions = []
for sol_nb, sol in enumerate(dg.get(current_block.label, elements, line_nb, set())):
fname = "sol_%d.dot" % sol_nb
with open(fname, "w") as fdesc:
# StdCall example
for i in xrange(4):
e_mem = ExprMem(
ExprId("ESP_init", 32) + ExprInt(4 * (i + 1), 32), 32)
init_ctx[e_mem] = ExprId("arg%d" % i, 32)
# Disassemble the targeted function
asmcfg = mdis.dis_multiblock(int(args.func_addr, 0))
# Generate IR
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
# Get the instance
dg = DependencyGraph(ircfg,
implicit=args.implicit,
apply_simp=not args.do_not_simplify,
follow_mem=not args.unfollow_mem,
follow_call=not args.unfollow_call)
# Build information
target_addr = int(args.target_addr, 0)
current_block = list(ircfg.getby_offset(target_addr))[0]
assignblk_index = 0
for assignblk_index, assignblk in enumerate(current_block):
if assignblk.instr.offset == target_addr:
break
# Enumerate solutions
json_solutions = []
for sol_nb, sol in enumerate(
dg.get(current_block.loc_key, elements, assignblk_index, set())):
if arch == "x86_32":
# StdCall example
for i in xrange(4):
e_mem = ExprMem(ExprId("ESP_init", 32) + ExprInt(4 * (i + 1), 32), 32)
init_ctx[e_mem] = ExprId("arg%d" % i, 32)
# Disassemble the targeted function
asmcfg = mdis.dis_multiblock(int(args.func_addr, 0))
# Generate IR
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
# Get the instance
dg = DependencyGraph(
ircfg, implicit=args.implicit,
apply_simp=not args.do_not_simplify,
follow_mem=not args.unfollow_mem,
follow_call=not args.unfollow_call
)
# Build information
target_addr = int(args.target_addr, 0)
current_block = list(ircfg.getby_offset(target_addr))[0]
assignblk_index = 0
for assignblk_index, assignblk in enumerate(current_block):
if assignblk.instr.offset == target_addr:
break
# Enumerate solutions
json_solutions = []
for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_index, set())):
fname = "sol_%d.dot" % sol_nb
(G16_IRA, G16_INPUT),
(G17_IRA, G17_INPUT),
]):
# Extract test elements
print "[+] Test", test_nb + 1
g_ira, (depnodes, heads) = test
open("graph_%02d.dot" % (test_nb + 1), "w").write(g_ira.graph.dot())
open("graph_%02d.dot" % (test_nb + 1), "w").write(bloc2graph(g_ira))
# Different options
suffix_key_list = ["", "_nosimp", "_nomem", "_nocall",
"_implicit"]
# Test classes
for g_ind, g_dep in enumerate([DependencyGraph(g_ira),
DependencyGraph(g_ira, apply_simp=False),
DependencyGraph(g_ira, follow_mem=False),
DependencyGraph(g_ira, follow_mem=False,
follow_call=False),
# DependencyGraph(g_ira, implicit=True),
]):
# if g_ind == 4:
# TODO: Implicit specifications
# continue
print " - Class %s - %s" % (g_dep.__class__.__name__,
suffix_key_list[g_ind])
# Select the correct result key
mode_suffix = suffix_key_list[g_ind]
graph_test_key = "graph" + mode_suffix
def depgraph(self):
value = self.cMethod.value
return DependencyGraph(self.ira,
implicit=value & 4,
follow_mem=value & 1,
follow_call=value & 2)
(g4_ira, g4_input, [g4_output1]),
(g5_ira, g5_input, [g5_output1]),
(g6_ira, g6_input, [g6_output1]),
(g7_ira, g7_input, [g7_output1]),
(g8_ira, g8_input, [g8_output1, g8_output2]),
(g8_ira, g9_input, [g9_output1, g9_output2]),
(g10_ira, g10_input, [g10_output1]),
(g11_ira, g11_input, [g11_output1]),
]):
# Extract test elements
print "[+] Test", i + 1
g_ira, (depnodes, heads), g_test_list = test
open("graph_%02d.dot" % (i + 1), "w").write(g_ira.g.dot())
# Test classes
for g_dep in [
DependencyGraph(g_ira),
DependencyGraph(g_ira, apply_simp=False),
DependencyGraph(g_ira, follow_mem=False),
DependencyGraph(g_ira, follow_mem=False, follow_call=False)
]:
print " - Class %s" % g_dep.__class__.__name__
## Test public APIs
for api_i, g_list in enumerate([
g_dep.get_fromDepNodes(depnodes, heads),
g_dep.get(
list(depnodes)[0].label,
[depnode.element for depnode in depnodes],
list(depnodes)[0].line_nb, heads)
]):
print " - - API %s" % ("get_fromDepNodes" if api_i == 0 else "get")
# StdCall example
for i in xrange(4):
e_mem = ExprMem(ExprId("ESP_init") + ExprInt32(4 * (i + 1)), 32)
init_ctx[e_mem] = ExprId("arg%d" % i)
# Disassemble the targeted function
blocks = mdis.dis_multibloc(int(args.func_addr, 0))
# Generate IR
for block in blocks:
ir_arch.add_bloc(block)
# Get the instance
dg = DependencyGraph(ir_arch,
implicit=args.implicit,
apply_simp=not args.do_not_simplify,
follow_mem=not args.unfollow_mem,
follow_call=not args.unfollow_call)
# Build information
target_addr = int(args.target_addr, 0)
current_block = list(ir_arch.getby_offset(target_addr))[0]
line_nb = 0
for line_nb, line in enumerate(current_block.lines):
if line.offset == target_addr:
break
# Enumerate solutions
json_solutions = []
for sol_nb, sol in enumerate(
dg.get(current_block.label, elements, line_nb, set())):
if arch == "x86_32":
# StdCall example
for i in xrange(4):
e_mem = ExprMem(ExprId("ESP_init", 32) + ExprInt(4 * (i + 1), 32), 32)
init_ctx[e_mem] = ExprId("arg%d" % i, 32)
# Disassemble the targeted function
blocks = mdis.dis_multiblock(int(args.func_addr, 0))
# Generate IR
for block in blocks:
ir_arch.add_block(block)
# Get the instance
dg = DependencyGraph(ir_arch, implicit=args.implicit,
apply_simp=not args.do_not_simplify,
follow_mem=not args.unfollow_mem,
follow_call=not args.unfollow_call)
# Build information
target_addr = int(args.target_addr, 0)
current_block = list(ir_arch.getby_offset(target_addr))[0]
assignblk_index = 0
for assignblk_index, assignblk in enumerate(current_block):
if assignblk.instr.offset == target_addr:
break
# Enumerate solutions
json_solutions = []
for sol_nb, sol in enumerate(dg.get(current_block.label, elements, assignblk_index, set())):
fname = "sol_%d.dot" % sol_nb
with open(fname, "w") as fdesc: