from miasm2.expression.parser import str_to_expr
from miasm2.expression.expression import ExprInt, ExprId, ExprSlice, ExprMem, \
ExprCond, ExprCompose, ExprOp, ExprAff, ExprLoc, LocKey
for expr_test in [ExprInt(0x12, 32),
ExprId('test', 32),
ExprLoc(LocKey(12), 32),
ExprSlice(ExprInt(0x10, 32), 0, 8),
ExprMem(ExprInt(0x10, 32), 32),
ExprCond(ExprInt(0x10, 32), ExprInt(0x11, 32), ExprInt(0x12, 32)),
ExprCompose(ExprInt(0x10, 16), ExprInt(0x11, 8), ExprInt(0x12, 8)),
ExprInt(0x11, 8) + ExprInt(0x12, 8),
ExprAff(ExprId('EAX', 32), ExprInt(0x12, 32)),
]:
print 'Test: %s' % expr_test
assert str_to_expr(repr(expr_test)) == expr_test
def analyse_function():
# Init
machine = guess_machine()
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.symbol_pool)
# Get the current function
func = ida_funcs.get_func(idc.ScreenEA())
addr = func.startEA
blocks = mdis.dis_multiblock(addr)
# Generate IR
for block in blocks:
ir_arch.add_block(block)
# Get settings
settings = TypePropagationForm(ir_arch)
ret = settings.Execute()
if not ret:
return
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]}
cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
for line in settings.strTypesInfo.value.split('\n'):
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
assignblk_head = AssignBlock([
ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ir_arch.blocks[lbl_head] = irb_head
ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ir_arch.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.emul_ir_block(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch._graph = None
sons = ir_arch.graph.successors(lbl)
for son in sons:
add_state(ir_arch, todo, states, son, symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ir_arch.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state,
cst_propag_link)
addr = symbexec_engine.emul_ir_block(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch = ir_arch
types_mngr = get_types_mngr(settings.headerFile.value)
mychandler = MyCHandler(types_mngr, {})
#print 'Expr', settings.iStr1.value
#print 'Type', settings.iStr2.value
#print 'Header', settings.headerFile.value
print 'InfoTypes', settings.strTypesInfo.value
infos_types = {}
for line in settings.strTypesInfo.value.split('\n'):
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.type_analyzer.types_mngr.types_ast.parse_c_type(
ctype_str)
ctype = mychandler.type_analyzer.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = objc
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
def analyse_function():
# Get settings
settings = TypePropagationForm()
ret = settings.Execute()
if not ret:
return
end = None
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
# Init
machine = guess_machine(addr=addr)
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
if end is not None:
mdis.dont_dis = [end]
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.loc_db)
asmcfg = mdis.dis_multiblock(addr)
# Generate IR
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp]}
cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(
ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.loc_db.get_offset_location(addr)
lbl_head = ir_arch.loc_db.get_or_create_name_location("start")
first_block = asmcfg.label2block(lbl_real_start)
assignblk_head = AssignBlock([
ExprAff(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ircfg.blocks[lbl_head] = irb_head
ircfg.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ircfg.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
sons = ircfg.successors(lbl)
for son in sons:
add_state(ircfg, todo, states, son, symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ircfg.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state,
cst_propag_link)
addr = symbexec_engine.run_block_at(ircfg, lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
types_mngr = get_types_mngr(settings.headerFile.value)
mychandler = MyCHandler(types_mngr, {})
#print 'Expr', settings.iStr1.value
#print 'Type', settings.iStr2.value
#print 'Header', settings.headerFile.value
print 'InfoTypes', settings.strTypesInfo.value
infos_types = {}
for line in settings.strTypesInfo.value.split('\n'):
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.type_analyzer.types_mngr.types_ast.parse_c_type(ctype_str)
ctype = mychandler.type_analyzer.types_mngr.types_ast.ast_parse_declaration(ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '='*20
print expr, objc
infos_types[expr] = objc
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
from miasm2.expression.parser import str_to_expr
from miasm2.expression.expression import ExprInt, ExprId, ExprSlice, ExprMem, \
ExprCond, ExprCompose, ExprOp, ExprAff, ExprLoc, LocKey
for expr_test in [
ExprInt(0x12, 32),
ExprId('test', 32),
ExprLoc(LocKey(12), 32),
ExprSlice(ExprInt(0x10, 32), 0, 8),
ExprMem(ExprInt(0x10, 32), 32),
ExprCond(ExprInt(0x10, 32), ExprInt(0x11, 32), ExprInt(0x12, 32)),
ExprCompose(ExprInt(0x10, 16), ExprInt(0x11, 8), ExprInt(0x12, 8)),
ExprInt(0x11, 8) + ExprInt(0x12, 8),
ExprAff(ExprId('EAX', 32), ExprInt(0x12, 32)),
]:
print 'Test: %s' % expr_test
assert str_to_expr(repr(expr_test)) == expr_test
def analyse_function():
# Init
machine = guess_machine()
mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira
bs = bin_stream_ida()
mdis = dis_engine(bs, dont_dis_nulstart_bloc=True)
iraCallStackFixer = get_ira_call_fixer(ira)
ir_arch = iraCallStackFixer(mdis.symbol_pool)
# Get settings
settings = TypePropagationForm(ir_arch)
ret = settings.Execute()
if not ret:
return
if settings.cScope.value == 0:
addr = settings.functionAddr.value
else:
addr = settings.startAddr.value
if settings.cScope.value == 2:
end = settings.endAddr
mdis.dont_dis = [end]
blocks = mdis.dis_multiblock(addr)
# Generate IR
for block in blocks:
ir_arch.add_block(block)
cst_propag_link = {}
if settings.cUnalias.value:
init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] }
cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos)
types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value)
mychandler = MyCHandler(types_mngr, {})
infos_types = {}
infos_types_raw = []
if settings.cTypeFile.value:
infos_types_raw = open(settings.typeFile.value).read().split('\n')
else:
infos_types_raw = settings.strTypesInfo.value.split('\n')
for line in infos_types_raw:
if not line:
continue
expr_str, ctype_str = line.split(':')
expr_str, ctype_str = expr_str.strip(), ctype_str.strip()
expr = str_to_expr(expr_str)
ast = mychandler.types_mngr.types_ast.parse_c_type(
ctype_str)
ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0])
objc = types_mngr.get_objc(ctype)
print '=' * 20
print expr, objc
infos_types[expr] = set([objc])
# Add fake head
lbl_real_start = ir_arch.symbol_pool.getby_offset(addr)
lbl_head = ir_arch.symbol_pool.getby_name_create("start")
first_block = blocks.label2block(lbl_real_start)
assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)),
ExprAff(
ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp])
], first_block.lines[0])
irb_head = IRBlock(lbl_head, [assignblk_head])
ir_arch.blocks[lbl_head] = irb_head
ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start)
state = TypePropagationEngine.StateEngine(infos_types)
states = {lbl_head: state}
todo = set([lbl_head])
done = set()
while todo:
lbl = todo.pop()
state = states[lbl]
if (lbl, state) in done:
continue
done.add((lbl, state))
if lbl not in ir_arch.blocks:
continue
symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state)
addr = symbexec_engine.run_block_at(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
ir_arch._graph = None
sons = ir_arch.graph.successors(lbl)
for son in sons:
add_state(ir_arch, todo, states, son,
symbexec_engine.get_state())
for lbl, state in states.iteritems():
if lbl not in ir_arch.blocks:
continue
symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link)
addr = symbexec_engine.run_block_at(lbl)
symbexec_engine.del_mem_above_stack(ir_arch.sp)
