def main(): ''' Main function that implements main algorithm ''' # a file where some log will be created which says how many functions are discovered etc. logFile=raw_input("Enter the name of log file") # this is provided as an extra file which is a pickled file comtains a list of functions # that are found to be BOP. Its main purpose is: if you want to use these functions for some # other analysis, just load this file and viola!!! fileBOP=raw_input("Enter the file name (full path) to store (Pickled) BOP function's name: ") interestingFuncs={} # dictionary of interesting functions interestingFuncsLOC={} # dictionary of LOC in interesting functions binNaviProxy = StandAlone.getPluginInterface() ################## place to set database connectivity parameter ######### binNaviProxy.databaseManager.addDatabase("","org.postgresql.Driver","localhost","DataBase_name","user","password",False,False) ######################################################################## db=binNaviProxy.databaseManager.databases[0] db.connect() db.load() mods=db.getModules() ### initiate dialogBox to setect the module that should be used. ###################################################### frame = JFrame('BinNavi Module Selector',layout=BorderLayout(), defaultCloseOperation = JFrame.EXIT_ON_CLOSE, size = (500, 500) ) frame2 = JFrame('Function Selector',layout=BorderLayout(), defaultCloseOperation = JFrame.EXIT_ON_CLOSE, size = (30, 30) ) #convert the module list into the string to be used in the TextBox. ## This gives a very ugly box to select the required function (yes, I am bit lazy to learn Java Swing!!). textTemp = map((lambda x,y:"[%d]%s"%(x,y)),range(len(mods)),mods) textStr=''.join(textTemp) tx=JTextArea(textStr) tx.setLineWrap(True); tx.setWrapStyleWord(True); frame.add(tx,BorderLayout.PAGE_START) frame.visible = True modInd = JOptionPane.showInputDialog(frame2, "Enter the index of the chosen module", "Module selector"); #Open the module returned by the index bfname=mods[int(modInd)] # this modules correxponds to the chosen module bfname.load() funcViews=bfname.views frame2.setVisible(False) dispose(frame2) ###################################################### analyzedFunctions = 0 totalDiscoveredLoops=0 totalInterestingLoops=0 time.clock() for funcInd in range(1,len(funcViews)): BBnum=funcViews[funcInd].getNodeCount() if BBnum <4: print "skipped" continue #do not analyse function if num of BB less than 4 print 'analyzing %s'%funcViews[funcInd].getName() dominatingSets={}#dictionary to keep dominating nodes of a node bffunc=bfname.views[int(funcInd)] #this is the view of the buildfname function bffunc.load() try: bfReil=bffunc.getReilCode() # this is the REIL code of the function except: print "error in getReilCode()" bffunc.close() gc.collect() continue bfReilGraph=bfReil.getGraph() try: #dominatorTree = GraphAlgorithms.getDominatorTree(bfReilGraph, findRoot(bfReilGraph.getNodes())) #only for BinNavi v 3.0 dominatorTree = GraphAlgorithms.getDominatorTree(bfReilGraph, findRoot(bfReilGraph.getNodes()),None) except: print "dominator tree problem.. continue with the next function" bffunc.close() gc.collect() continue fillDominatingSets(dominatorTree.getRootNode(), dominatingSets, None) # let us find loops in this function finalLoops=findLoops(bfReilGraph,dominatingSets) if finalLoops ==None: bffunc.close() gc.collect() continue analyzedFunctions = analyzedFunctions +1 totalDiscoveredLoops = totalDiscoveredLoops + len(finalLoops) # check if the loops are potential candidates for being interesting. # this is done by checking if there are atleast 2 STM statements in each loop. #print "privious length", len(finalLoops) if len(finalLoops)== 0: bffunc.close() gc.collect() continue for lp in finalLoops.keys(): countSTM=0 for lpn in finalLoops[lp]: inst=lpn.getInstructions() for i in inst: if i.getMnemonic() == 'stm': countSTM=countSTM+1 if countSTM >0: break if countSTM <= 0: del finalLoops[lp] #print "latest length", len(finalLoops) if len(finalLoops)== 0: bffunc.close() gc.collect() continue instGraph = InstructionGraph.create(bfReilGraph) interestingFuncs[funcViews[funcInd].getName()]=[] for k in finalLoops.keys(): print 'analysing loop at %s-%s'%(k[0],k[1]) if k[0] == k[1]: print "skipping this loop as src= dest" continue #check to skip very big loops i.e. loops having 100 BB if len(finalLoops[k]) > 100: print "very big loop, skipping!" continue if isInteresting(finalLoops[k],instGraph) ==True: totalInterestingLoops = totalInterestingLoops + 1 interestingFuncs[funcViews[funcInd].getName()].append(k) interestingFuncsLOC[str(funcViews[funcInd].getName())]=sum([len(x.getInstructions()) for x in (getCodeNodes(bffunc.getGraph()))]) print 'loop at %s IS interesting.'%k[0] else: print 'loop at %s is NOT interesting.'%k[0] #finally close the view of the function bffunc.close() gc.collect() #print bffunc.isLoaded() #junky=raw_input("function closed. enter any charater") totalTime=time.clock() # remove the function entries that do not have any interesting loops for ky in interestingFuncs.keys(): if len(interestingFuncs[ky]) == 0: del interestingFuncs[ky] # write the results in a file # outFile=open(logFile,'w') outFile.write('########## Global Results ###########\n') outFile.write('Total Functions in the module: ') outFile.write(str(len(funcViews))) outFile.write('\nTotal Analyzed Functions in the module: ') outFile.write(str(analyzedFunctions)) outFile.write('\nTotal Interesting Functions in the module: ') outFile.write(str(len(interestingFuncs))) outFile.write('\nTotal loops discovered in the module: ') outFile.write(str(totalDiscoveredLoops)) outFile.write('\nTotal INTERESTING loops discovered in the module: ') outFile.write(str(totalInterestingLoops)) outFile.write('\nTotal Time: ') outFile.write(str(totalTime)) outFile.write('\n') outFile.write('########## Global Results ###########\n') for k in interestingFuncs.keys(): outFile.write("%s: %s: %d"%(str(k), "LOC", interestingFuncsLOC[k])) outFile.write('\n') for l in interestingFuncs[k]: outFile.write('\t') outFile.write(str(l)) outFile.write('\n') outFile.close() # before we save these BOPS, we include few widely known BOPs which are given int eh following list knownBOPs = ['strcpy', 'strncpy', 'memcpy','wcscpy'] for fn in knownBOPs: interestingFuncs[fn] = [] # save the function name as pickled objects fileBOPFd=open(fileBOP+'.pkl', 'w') pickle.dump(interestingFuncs.keys(), fileBOPFd) fileBOPFd.close() print "[*] Pickled in the file %s"%fileBOP+'.pkl' print "Done! Closing the module selector window" frame.setVisible(False) dispose(frame)
def main(): binNaviProxy = StandAlone.getPluginInterface() binNaviProxy.databaseManager.addDatabase("","com.mysql.jdbc.Driver","localhost","BINNAVI1","binnavi","binnavi",False,False) db=binNaviProxy.databaseManager.databases[0] db.connect() db.load() mods=db.getModules() ### initiate dialogBox to setect the module that should be used. ###################################################### frame = JFrame('BinNavi Module Selector',layout=BorderLayout(), defaultCloseOperation = JFrame.EXIT_ON_CLOSE, size = (1500, 800) ) frame2 = JFrame('Function Selector',layout=BorderLayout(), defaultCloseOperation = JFrame.EXIT_ON_CLOSE, size = (30, 30) ) frame2.setFocusableWindowState(False) frame2.setFocusable(False) frame2.setAlwaysOnTop(False) #convert the module list into the string to be used in the TextBox. textTemp = map((lambda x,y:"[%d]%s"%(x,y)),range(len(mods)),mods) textStr=''.join(textTemp) tx=JTextArea(textStr) tx.setLineWrap(True); tx.setWrapStyleWord(True); frame.add(tx,BorderLayout.PAGE_START) frame.visible = True modInd = JOptionPane.showInputDialog(frame2, "Enter the index of the chosen module", "Module selector"); #Open the module returned by the index bfname=mods[int(modInd)] # this modules correxponds to the chosen module bfname.load() funcViews=bfname.views #textTemp2 = ["[%d]%s"%(i,j) for i in range(len(funcViews)) for j in funcViews] textTemp2=map((lambda x,y:"[%d]%s"%(x,y.toString()[5:18])),range(len(funcViews)),funcViews) textStr1=''.join(textTemp2) ## remove the older text from the frame view frame.remove(tx) frame.update(frame.getGraphics()) frame.visible = False ## create a new textArea with the string made from all the functions' name txStr=JTextArea(textStr1) #tx.setsrcollOffset(20) txStr.setLineWrap(True); txStr.setWrapStyleWord(True); frame.add(txStr,BorderLayout.PAGE_START) frame.update(frame.getGraphics()) frame.visible = True funcInd = JOptionPane.showInputDialog(frame2, "Enter the index of the function", "Function selector"); ###################################################### bffunc=bfname.views[int(funcInd)] #this is the view of the buildfname function bffunc.load() frame2.setVisible(False) dispose(frame2) bfReil=bffunc.getReilCode() # this is the REIL code of the function bfReilGraph=bfReil.getGraph() instGraph = InstructionGraph.create(bfReilGraph) time.clock() results=doAnalysis(instGraph) totalTime=time.clock() #print "resultsLen", len([r for r in results]) print "**** printing results *******\n" print "Total time:", totalTime, '\n' numNode=0 for n in instGraph: numNode+=numNode nIn=list(results.getState(n).inVal) nIn.sort(key=itemgetter(0)) nOut=list(results.getState(n).out) nOut.sort(key=itemgetter(0)) print '@@ ',n.getInstruction(),'\n' print '\t In', nIn, '\n' print '\t OUT', nOut, '\n' print '\t memory: ',results.getState(n).memoryWritten, '\n' print "++++ Total instructions: %d +++++\n"%numNode #finally close the view of the function bffunc.close() #print bffunc.isLoaded() #junky=raw_input("function closed. enter any charater") print "Done! Closing the module selector window" frame.setVisible(False) dispose(frame)
txStr.setLineWrap(True); txStr.setWrapStyleWord(True); frame.add(txStr,BorderLayout.PAGE_START) frame.update(frame.getGraphics()) frame.visible = True funcInd = JOptionPane.showInputDialog(frame2, "Enter the index of the function", "Function selector"); ###################################################### bffunc=bfname.views[int(funcInd)] #this is the view of the buildfname function bffunc.load() frame2.setVisible(False) dispose(frame2) bfReil=bffunc.getReilCode() # this is the REIL code of the function bfReilGraph=bfReil.getGraph() instGraph = InstructionGraph.create(bfReilGraph) time.clock() results=doAnalysis(instGraph) totalTime=time.clock() #print "resultsLen", len([r for r in results]) print "**** printing results *******\n" print "Total time:", totalTime, '\n' numNode=0 for n in instGraph: numNode+=numNode