Exemplo n.º 1
0
    def _simulate(self):

        # get branches
        branches = dasmutil.find_inst_addr(self.binary, ['br'], 0)
        # get fallthrough addresses
        fallthrough = dasmutil.find_inst_addr(self.binary, ['br'], 3)

        # map: branch -> fallthrough addr
        brf = {b: f for b, f in zip(branches, fallthrough)}
        print brf

        # main iteration:
        try:
            await = []
            for i, addr in enumerate(simutil.trace(self.binary)):
                if addr in brf:
                    # initialize with empty list
                    if addr not in self.bittraces: self.bittraces[addr] = []
                    await .append((i + 3, addr, brf[addr]))
                if len(await) > 0 and await [0][0] == i:
                    x = await .pop(0)
                    self.bittraces[x[1]].append(1 if x[2] != addr else 0)
        except simutil.SimError:
            # ignore exit code (if the application returns other than 0)
            pass
Exemplo n.º 2
0
  def _simulate(self):

    # get branches
    branches    = dasmutil.find_inst_addr(self.binary, ['br'], 0)
    # get fallthrough addresses
    fallthrough = dasmutil.find_inst_addr(self.binary, ['br'], 3)

    # map: branch -> fallthrough addr
    brf = { b:f for b, f in zip(branches, fallthrough) }
    print brf

    # main iteration:
    try:
      await = []
      for i, addr in enumerate(simutil.trace(self.binary)):
        if addr in brf:
          # initialize with empty list
          if addr not in self.bittraces: self.bittraces[addr] = []
          await.append( (i+3, addr, brf[addr]) )
        if len(await)>0 and await[0][0]==i:
          x = await.pop(0)
          self.bittraces[x[1]].append(1 if x[2]!=addr else 0)
    except simutil.SimError:
      # ignore exit code (if the application returns other than 0)
      pass
Exemplo n.º 3
0
 def __init__(self, binary):
   self.binary = binary
   self.Hist = dict() # addresses
   self.total = 0
   self.maxcnt = 0
   self.maxaddrlen = 0
   self.checksum = checksum(binary)
   for addr in simutil.trace(self.binary):
     self._put(addr)
Exemplo n.º 4
0
 def __init__(self, binary):
     self.binary = binary
     self.Hist = dict()  # addresses
     self.total = 0
     self.maxcnt = 0
     self.maxaddrlen = 0
     self.checksum = checksum(binary)
     for addr in simutil.trace(self.binary):
         self._put(addr)
Exemplo n.º 5
0
  def _simulate(self):
    bbs_a = self.bb_map()
    funcs_a = self.func_map()
    funcs_lst = sorted(funcs_a.keys())

    # temporary pointers for the iteration
    last_bb = None
    last_func = None
    callstack = []
    # main iteration: build up tables (adjacency lists, special sets)
    try:
      for addr in simutil.trace(self.binary):
        iaddr = int(addr,16)
        if iaddr in bbs_a:
          cur_bb = iaddr
          # function call?
          # - no need to check if last inst was a call point:
          #   loops don't target function entries (prologue)
          if iaddr in funcs_a:
            callstack.append( (last_func, last_bb) )
            cur_func = iaddr
            cur_func_name = funcs_a[cur_func][1]
            if cur_func_name in self.observe_list and \
               cur_func not in self.edges:
              self.edges[cur_func] = dict()
            self.call_edges.add( (last_bb, cur_bb) )
        else:
          # check if function changed, if so then it must be a RET
          cur_func = find_le(funcs_lst, iaddr)
          if cur_func == last_func:
            # normal inst, nothing to update
            continue
          assert( cur_func == callstack[-1][0] )
          cur_func, cur_bb = callstack.pop()
          self.ret_edges.add( (last_bb, cur_bb) )

        # update transitions
        if last_func in self.edges:
          self._update_edge(last_func, last_bb, cur_bb)
        last_bb = cur_bb
        last_func = cur_func
    except simutil.SimError:
      # ignore exit code (if the application returns other than 0)
      pass
Exemplo n.º 6
0
    def _simulate(self):
        bbs_a = self.bb_map()
        funcs_a = self.func_map()
        funcs_lst = sorted(funcs_a.keys())

        # temporary pointers for the iteration
        last_bb = None
        last_func = None
        callstack = []
        # main iteration: build up tables (adjacency lists, special sets)
        try:
            for addr in simutil.trace(self.binary):
                iaddr = int(addr, 16)
                if iaddr in bbs_a:
                    cur_bb = iaddr
                    # function call?
                    # - no need to check if last inst was a call point:
                    #   loops don't target function entries (prologue)
                    if iaddr in funcs_a:
                        callstack.append((last_func, last_bb))
                        cur_func = iaddr
                        cur_func_name = funcs_a[cur_func][1]
                        if cur_func_name in self.observe_list and \
                           cur_func not in self.edges:
                            self.edges[cur_func] = dict()
                        self.call_edges.add((last_bb, cur_bb))
                else:
                    # check if function changed, if so then it must be a RET
                    cur_func = find_le(funcs_lst, iaddr)
                    if cur_func == last_func:
                        # normal inst, nothing to update
                        continue
                    assert (cur_func == callstack[-1][0])
                    cur_func, cur_bb = callstack.pop()
                    self.ret_edges.add((last_bb, cur_bb))

                # update transitions
                if last_func in self.edges:
                    self._update_edge(last_func, last_bb, cur_bb)
                last_bb = cur_bb
                last_func = cur_func
        except simutil.SimError:
            # ignore exit code (if the application returns other than 0)
            pass