def test_coverage(self):
'''
((mem[piva_global(0xbfbfee08):1] | (mem[(arg0 + 72):4] & 0xffffff00)) + piva_global())
'''
ids = []
piva1 = vsc.Var('piva_global', 4)
ids.append(piva1._sym_id)
arg = vsc.Const(0xbfbfee08, 4)
ids.append(arg._sym_id)
call = vsc.Call(piva1, 4, argsyms=[arg])
ids.append(call._sym_id)
con = vsc.Const(1, 4)
ids.append(con._sym_id)
mem1 = vsc.Mem(call, con)
ids.append(mem1._sym_id)
arg = vsc.Arg(0, 4)
ids.append(arg._sym_id)
addop = vsc.Const(72, 4)
ids.append(addop._sym_id)
add = vsc.o_add(arg, addop, 4)
ids.append(add._sym_id)
con = vsc.Const(4, 4)
ids.append(con._sym_id)
memac = vsc.Mem(add, con)
ids.append(memac._sym_id)
andop = vsc.Const(0xffffff00, 4)
ids.append(andop._sym_id)
mem2 = vsc.o_and(memac, andop, 4)
ids.append(mem2._sym_id)
memor = vsc.o_or(mem1, mem2, 4)
ids.append(memor._sym_id)
piva2 = vsc.Var('piva_global', 4)
ids.append(piva2._sym_id)
call2 = vsc.Call(piva2, 4, argsyms=[])
ids.append(call2._sym_id)
add = vsc.o_add(memor, call2, 4)
ids.append(add._sym_id)
traveled_ids = []
def walkerTest(path, symobj, ctx):
traveled_ids.append(symobj._sym_id)
add.walkTree(walkerTest)
self.assertEqual(traveled_ids, ids)
self.assertEqual(
'((mem[piva_global(0xbfbfee08):1] | (mem[(arg0 + 72):4] & 0xffffff00)) + piva_global())',
str(add))
def test_wipeAstArch_wipeva(self):
vw = viv.VivWorkspace()
vw.addMemoryMap(0x410000, e_mem.MM_RWX, 'code',
[0 for x in range(0x10000)])
vw.addLocation(0x41b2ac, 47, viv_const.LOC_POINTER)
vw.addLocation(0x4149b3, 28, viv_const.LOC_POINTER)
vw.addLocation(0x41ac93, 83, viv_const.LOC_POINTER)
vw.setMeta('Architecture', 'i386')
symctx = vsym_analysis.SymbolikAnalysisContext(vw)
cons = vsc.Const(0x41b2ac, 4)
func1 = vsc.Call(cons, 4, argsyms=[vsc.Var('edx', 4)])
func2 = vsc.Call(
vsc.Const(0x4149b3, 4),
4,
argsyms=[vsc.Const(0, 4),
vsc.Const(1, 4),
vsc.Const(0x41b2ac, 4)])
func3 = vsc.Call(vsc.Const(0x41ac93, 4),
4,
argsyms=[vsc.Const(0, 4),
vsc.Var('ecx', 4)])
wiped = vsym_archind.wipeAstArch(symctx, [func1 + func2, func3],
wipeva=True)
self.assertEqual(2, len(wiped))
self.assertEqual('(2archindva(1indreg) + 1archindva(0,1,2archindva))',
str(wiped[0]))
self.assertEqual('0archindva(0,0indreg)', str(wiped[1]))
def test_wipeAstArch(self):
vw = viv.VivWorkspace()
vw.addMemoryMap(0x00, e_mem.MM_RWX, 'code', [0 for x in range(256)])
vw.addLocation(0x40, 47, viv_const.LOC_POINTER)
vw.setMeta('Architecture', 'i386')
symctx = vsym_analysis.SymbolikAnalysisContext(vw)
func = vsc.Var('eax', 4)
call = vsc.Call(func, 4)
addr = vsc.Var('arg0', 4) + call
mem = vsc.Mem(addr, vsc.Const(4, 4))
op = mem + vsc.Var('edx', 4)
final = op * vsc.Var('edx', 4)
wiped = vsym_archind.wipeAstArch(symctx, [final])
self.assertEquals(1, len(wiped))
self.assertEquals('((mem[(arg0 + 1indreg()):4] + 0indreg) * 0indreg)', str(wiped[0]))
def test_basic_substitution(self):
symobj = vsc.Var('x', 4) + vsc.Const(3, 4) + vsc.Var('y', 4)
x = vss.srange('x', 4)
y = vss.sset('y', [1, 2, 4, 7, 99])
#addAnswers = []
# TODO: The nature of AddSubState feels completely wrong
# also, x+y and y+x produce *very* different results that don't really line up
#for idx, vals in enumerate((x + y)):
#for idx, vals in enumerate((y + x)):
#self.assertEqual(symobj.solve(vals=vals), addAnswers[idx])
#print(vals, str(symobj), symobj.solve(vals=vals))
mulAnswers = [
4, 5, 6, 7, 5, 6, 7, 8, 7, 8, 9, 10, 10, 11, 12, 13, 102, 103, 104,
105
]
for vals in (x * y):
self.assertEqual(symobj.solve(vals=vals), mulAnswers.pop(0))
self.assertEqual(len(mulAnswers), 0)
def test_basic(self):
vw = viv.VivWorkspace()
vw.addMemoryMap(0x56560000, 7, 'woot', b'A' * 8192)
vw.setMeta('Architecture', 'i386')
symctx = vsym_analysis.getSymbolikAnalysisContext(vw)
base = vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(
4, 4)) - (vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) * (
vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(9999, 4)
eqs = [
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ebx', 4)) *
(vsc.Var('ecx', 4) + vsc.Var('ecx', 4)) + vsc.Const(9999, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('eax', 4) + vsc.Var('eax', 4)) *
(vsc.Var('edx', 4) + vsc.Var('arg0', 4)) + vsc.Const(9999, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(9999, 4),
vsc.Mem(vsc.Const(0x56560056, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(9999, 4),
]
nes = [
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ebx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ecx', 4)) + vsc.Const(9999, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('eax', 4) + vsc.Var('arg1', 4)) *
(vsc.Var('edx', 4) + vsc.Var('arg0', 4)) + vsc.Const(9999, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(8888, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(0x56560020, 4),
vsc.Mem(vsc.Const(0x56560020, 4), vsc.Const(4, 4)) -
(vsc.Var('arg0', 4) + vsc.Var('ecx', 4)) *
(vsc.Var('ebx', 4) + vsc.Var('ebx', 4)) + vsc.Const(0x56560040, 4),
]
post_eqs = [
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 0x0000270f)',
'((mem[0archindva:4] - ((1indreg + 1indreg) * (0indreg + arg0))) + 0x0000270f)',
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 0x0000270f)',
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 0x0000270f)',
]
post_nes = [
'((mem[0archindva:4] - ((arg0 + 0indreg) * (0indreg + 1indreg))) + 0x0000270f)',
'((mem[0archindva:4] - ((1indreg + arg1) * (0indreg + arg0))) + 0x0000270f)',
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 0x000022b8)',
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 0archindva)',
'((mem[0archindva:4] - ((arg0 + 0indreg) * (1indreg + 1indreg))) + 1archindva)',
]
for i in range(len(post_eqs)):
eq = vsym_archind.wipeAstArch(symctx, [eqs[i]], wipeva=True)[0]
self.assertEqual(post_eqs[i], str(eq))
for i in range(len(post_nes)):
ne = vsym_archind.wipeAstArch(symctx, [nes[i]], wipeva=True)[0]
self.assertEqual(post_nes[i], str(ne))
base = vsym_archind.wipeAstArch(symctx, [
base,
], wipeva=True)[0]
baseval = base.solve(emu=None)
for match in eqs:
self.assertEqual(match.solve(emu=None), baseval)
for nonmatch in nes:
self.assertNotEqual(nonmatch.solve(emu=None), baseval)
