Python SymbolicPropogator примеры использования

Пример #1

def resolve_argument(f, addr):
    register = currentProgram.getLanguage().getRegister("v1")

    startaddr = f.getEntryPoint()
    evaluator = ConstantPropagationContextEvaluator(True)
    symbolic = SymbolicPropogator(currentProgram)
    symbolic.flowConstants(startaddr, f.getBody(), evaluator, True, monitor)
    reg_value = symbolic.getRegisterValue(addr, register)

    return reg_value.getValue()

Пример #2

Файл: Constants.py Проект: uttaravadina/pwndra

    def getRegisterValue(self, func, call, register):

        symEval  = SymbolicPropogator(self.currentProgram)
        function = self.currentProgram.getListing().getFunctionContaining(call)
        evaluate = ConstantPropagationContextEvaluator(True)

        symEval.flowConstants(function.getEntryPoint(), function.getBody(), evaluate, False, self.monitor)

        result = symEval.getRegisterValue(call, register)
        if result is not None:
            return result.getValue()

        return None

Пример #3

Файл: SetupMSDOSSyscalls.py Проект: matthewturk/ghidra-msdos-syscalls

def resolveConstants(funcsToCalls, program, tMonitor):
    addressesToSyscalls = {}
    syscallReg = program.getLanguage().getRegister(syscallRegister)
    for func in sorted(funcsToCalls, key=lambda a: str(a)):
        start = func.getEntryPoint()
        eval_ = ConstantPropagationContextEvaluator(True)
        symEval = SymbolicPropogator(program)
        symEval.flowConstants(start, func.getBody(), eval_, True, tMonitor)
        for callSite in funcsToCalls[func]:
            val = symEval.getRegisterValue(callSite, syscallReg)
            if val is None:
                print "Couldn't resolve value of %s" % syscallReg
                continue
            print "Resolved syscall to 0x%02X" % val.getValue()
            addressesToSyscalls[callSite] = val.getValue()
    return addressesToSyscalls

Пример #4

def analyzeFunction(function, monitor):
    program = function.getProgram()
    analyzer = getConstantAnalyzer(program)
    symEval = SymbolicPropogator(program)
    symEval.setParamRefCheck(True)
    symEval.setReturnRefCheck(True)
    symEval.setStoredRefCheck(True)
    analyzer.flowConstants(program, function.getEntryPoint(),
                           function.getBody(), symEval, monitor)
    return symEval

Пример #5

def analyze_function(
    function, analyzer
):  # type: (Function, ConstantPropagationAnalyzer) -> SymbolicPropogator
    program = function.getProgram()
    sym_eval = SymbolicPropogator(program)
    sym_eval.setParamRefCheck(True)
    sym_eval.setReturnRefCheck(True)
    sym_eval.setStoredRefCheck(True)
    analyzer.flowConstants(program, function.getEntryPoint(),
                           function.getBody(), sym_eval, monitor)
    return sym_eval

Пример #6

Файл: Constants.py Проект: x0rzkov/pwndra

    def __init__(self,
                 program,
                 selection,
                 monitor,
                 state,
                 arch,
                 abi='default'):

        self.currentProgram = program
        self.currentSelection = selection
        self.monitor = monitor
        self.state = state

        if self.currentProgram.getExecutableFormat() != ElfLoader.ELF_NAME:
            popup('Not an ELF file, cannot continue')
            return

        global CONSTANTS, ARGUMENTS, FUNCTIONS
        CONSTANTS = Const(arch, abi)
        ARGUMENTS = self.loadData('arguments', arch, abi)
        FUNCTIONS = self.loadData('functions', arch, abi)

        symEval = SymbolicPropogator(self.currentProgram)
        symEval.setParamRefCheck(True)
        symEval.setDebug(True)

        for func in self.currentProgram.getListing().getFunctions(True):

            if self.monitor.isCancelled():
                return self.doCancel()

            if func.getName() not in FUNCTIONS:
                continue

            calls = self.getCalls(func)
            if calls is None:
                continue

            for call in calls:

                if self.currentSelection is not None:
                    if call < self.currentSelection.getMinAddress():
                        continue
                    if call > self.currentSelection.getMaxAddress():
                        continue

                if self.monitor.isCancelled():
                    return self.doCancel()

                for arg in FUNCTIONS[func.getName()]:

                    value = self.getParameterValue(func, call, arg[0])
                    if value is None:
                        continue

                    const = self.getConstant(arg[1], value)
                    if const is None:
                        continue

                    self.updateEquates(call, const, value)

Пример #7

Файл: regsanalyzer.py Проект: dariuszrorat/CHDK

class RegsAnalyzer:
    """Analyze register values at a given address"""
    def __init__(self, currentProgram, monitor):
        self.currentProgram = currentProgram
        self.monitor = monitor
        self.symprop = SymbolicPropogator(currentProgram)
        self.last_fn = None

    # loosely based on code from https://github.com/0xb0bb/pwndra/blob/master/scripts/lib/Syscalls.py
    def getRegs(self, regs, addr):
        fn = self.currentProgram.getListing().getFunctionContaining(addr)
        if not fn:
            return
        # don't reflow if we already did this function
        if fn != self.last_fn:
            cpce = ConstantPropagationContextEvaluator(True)
            self.symprop.flowConstants(fn.getEntryPoint(), fn.getBody(), cpce,
                                       False, self.monitor)
            self.last_fn = fn

        res = {}
        for rname in regs:
            res[rname] = self.symprop.getRegisterValue(
                addr, self.currentProgram.getRegister(rname))

        return res

    def describe(self, regvals):
        for rname in sorted(list(regvals)):
            reg = regvals[rname]
            if reg is None:
                rval = "Unknown"
            elif reg.isRegisterRelativeValue():
                rval = str(
                    reg.getRelativeRegister()) + ' %#x' % (reg.getValue())
            else:
                rval = '%#x' % (reg.getValue())

            infomsg(-1, '%s %s\n' % (rname, rval))

Пример #8

    def __init__(self, program, selection, monitor, arch, abi='default'):

        self.currentProgram = program
        self.currentSelection = selection
        self.monitor = monitor
        self.flatProgram = FlatProgramAPI(program, monitor)
        self.symEval = SymbolicPropogator(self.currentProgram)

        if self.currentProgram.getExecutableFormat() != ElfLoader.ELF_NAME:
            popup('Not an ELF file, cannot continue')
            return

        if arch not in ARCHS:
            popup('Architecture not defined')
            return

        if abi not in ARCHS[arch]:
            popup('ABI not defined')
            return

        global SYSCALLS, FUNCTIONS
        SYSCALLS = self.loadData('syscalls', arch, abi)
        FUNCTIONS = self.loadData('functions', arch, abi)

        data = ARCHS[arch][abi]
        endian = self.currentProgram.getLanguage().getLanguageDescription(
        ).getEndian().toString()

        for row in data['ins']:

            if row['endian'] != endian:
                continue

            calls = self.getSyscalls(row['opcode'], row['interrupt'])
            for call in calls:

                if self.currentSelection is not None:
                    if call < self.currentSelection.getMinAddress():
                        continue
                    if call > self.currentSelection.getMaxAddress():
                        continue

                reg = self.currentProgram.getRegister(data['reg'])
                res = self.getRegisterValue(call, reg)

                if res is None:
                    continue

                res = str(res)
                if res not in SYSCALLS:
                    continue

                syscall = SYSCALLS[res]
                comment = syscall

                if syscall in FUNCTIONS:
                    comment = self.getSignature(syscall, FUNCTIONS[syscall])
                    self.markArguments(data['arg'], call, FUNCTIONS[syscall])

                self.flatProgram.setEOLComment(call, comment)
                self.flatProgram.createBookmark(
                    call, 'Syscall', 'Found %s -- %s' % (syscall, comment))

Пример #9

Файл: regsanalyzer.py Проект: dariuszrorat/CHDK

 def __init__(self, currentProgram, monitor):
     self.currentProgram = currentProgram
     self.monitor = monitor
     self.symprop = SymbolicPropogator(currentProgram)
     self.last_fn = None