def checkIns(self, sa, ins):
res = None
status = False
op = operations.operation(ins)
disasm_str = op.removeLockPrefix()
solver = sa.state.solver
if self.debug:
self.imm.log("check_ins (%s): %s" % \
(hex(ins.getAddress()), disasm_str),
ins.getAddress())
if disasm_str == "ADD":
dst = sa.buildState(ins.operand[0])
src = sa.buildState(ins.operand[1])
dst_val = sa.getValueFromState(dst)
src_val = sa.getValueFromState(src)
res_64 = solver.addExpr(dst_val, src_val, 64)
# Check if the result temporarily saved as 64 bit int is
# greater than 2**32-1
gt_expr = solver.gtExpr(res_64, solver.constExpr(MAX_INT_32))
status = solver.checkSat(gt_expr)
elif disasm_str == "ADC":
pass
elif disasm_str == "SUB":
pass
elif disasm_str == "INC":
pass
elif disasm_str == "DEC":
pass
elif disasm_str == "MUL":
pass
elif disasm_str == "LEA":
pass
if status:
if self.debug:
self.imm.log("check_ins (%s): Bug found" % \
hex(ins.getAddress()))
res = BugCheckResults(ins.getAddress(),
solver.getConcreteModel())
return res
def gadgetCandidate(self, addr, length):
"""returns True or False as to whether the length bytes starting at addr
decode to a gadget that ends in ret or ret xx. No analysis is done.
"""
e = 0
num = 0
retoffset = 0
foundret = False
while (e <= length):
op = operations.operation(self.imm.disasmFile(addr + e))
if not op.validateInstruction():
break
if self.filter_calls and op.isCall():
break
if self.filter_jumps and (op.isJmp() or \
op.isConditionalJmp()):
break
opsize = op.getOpSize()
num += 1
if num > self.maxbackward: #stop here
return 0
if op.isRet():
retoffset = op.op1Constant()
#ignore stupidly large ESP moves and RETNs that are not the one we want
if retoffset > 0x100 or e != length:
foundret = False
else:
foundret = True
break #we might find a RETN while disasm backward that's not the RETN we were expecting,
#but it cuts our gadget anyway
#self.imm.log('%x, %d bytes til return'%(addr,e+opsize))
e += opsize
if not foundret:
num = 0
return num
def gadgetCandidate(self, addr, length):
"""returns True or False as to whether the length bytes starting at addr
decode to a gadget that ends in ret or ret xx. No analysis is done.
"""
e=0
num=0
retoffset=0
foundret = False
while (e<=length):
op = operations.operation(self.imm.disasmFile(addr+e))
if not op.validateInstruction():
break
if self.filter_calls and op.isCall():
break
if self.filter_jumps and (op.isJmp() or \
op.isConditionalJmp()):
break
opsize = op.getOpSize()
num += 1
if num > self.maxbackward: #stop here
return 0
if op.isRet():
retoffset = op.op1Constant()
#ignore stupidly large ESP moves and RETNs that are not the one we want
if retoffset > 0x100 or e!= length:
foundret = False
else:
foundret = True
break #we might find a RETN while disasm backward that's not the RETN we were expecting,
#but it cuts our gadget anyway
#self.imm.log('%x, %d bytes til return'%(addr,e+opsize))
e += opsize
if not foundret:
num = 0
return num
def test_operation(self):
# operation_handler(a_in, b_in, dot_1, dot_2, op_code='a'):
# return result, new_dot
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 'a'),
[1, 7, 2, 4, 0, 3])
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 's'),
[0, 7, 7, 8, 7, 7])
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 'a'),
[1, 7, 2, 4, 0, 3])
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 's'),
[0, 7, 7, 8, 7, 7])
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 'a'),
[1, 7, 2, 4, 0, 3])
self.assertEqual(
operations.operation([1, 2, 5, 1, 4, 0], [0, 4, 7, 2, 6, 3], 's'),
[0, 7, 7, 8, 7, 7])
import operations as op
print('\n--- Calculator ---')
while True:
print("\nUnfortunelly we just can calculate two numbers for time.\n")
exc = input('Insert two real numbers for the calculus: ').split(' ')
num1 = float(exc[0])
num2 = float(exc[1])
rec = input('Wich operation do you wanna do (Sum = +, Subtration = -, Multiplication = x , Division = /) : ')
op.operation(rec, num1, num2)
cho = input('\nDo you wanna realize another calculus? ')
if cho == 'yes' or cho == 'y' or cho == 'YES' or cho == 'Y':
pass
else:
break
print('\nThank you! Hope see you next time')
