CMOVZ EAX, EBX
ADD EAX, ECX
JZ loop
RET
''')
symbol_pool.set_offset(symbol_pool.getby_name("main"), 0x0)
for b in blocs:
print b
print "symbols:"
print symbol_pool
patches = asmbloc.asm_resolve_final(mn_x86, blocs, symbol_pool)
# Translate to IR
ir_arch = ir_a_x86_32(symbol_pool)
for b in blocs:
print 'add bloc'
print b
ir_arch.add_bloc(b)
# Display IR
for lbl, b in ir_arch.blocs.items():
print b
# Dead propagation
open('graph.dot', 'w').write(ir_arch.graph.dot())
print '*' * 80
ir_arch.dead_simp()
open('graph2.dot', 'w').write(ir_arch.graph.dot())
# graph_qt(flow_graph)
open('data.dot', 'w').write(flow_graph.dot())
data = open(args.filename).read()
ad = int(args.addr, 16)
print 'disasm...'
mdis = dis_x86_32(data)
mdis.follow_call = True
ab = mdis.dis_multibloc(ad)
print 'ok'
print 'generating dataflow graph for:'
ir_arch = ir_a_x86_32(mdis.symbol_pool)
blocs = ab
for bloc in blocs:
print bloc
ir_arch.add_bloc(bloc)
for irbloc in ir_arch.blocs.values():
print irbloc
if irbloc.label.offset != 0:
continue
if args.symb:
block_flow_cb = intra_bloc_flow_symb
else:
block_flow_cb = intra_bloc_flow_raw
JZ loop
RET
''')
symbol_pool.set_offset(symbol_pool.getby_name("main"), 0x0)
for block in asmcfg.blocks:
print block
print "symbols:"
print symbol_pool
patches = asmblock.asm_resolve_final(mn_x86, asmcfg, symbol_pool)
# Translate to IR
ir_arch = ir_a_x86_32(symbol_pool)
for block in asmcfg.blocks:
print 'add block'
print block
ir_arch.add_block(block)
# Display IR
for lbl, irblock in ir_arch.blocks.items():
print irblock
# Dead propagation
open('graph.dot', 'w').write(ir_arch.graph.dot())
print '*' * 80
dead_simp(ir_arch)
open('graph2.dot', 'w').write(ir_arch.graph.dot())
# graph_qt(flow_graph)
open('data.dot', 'w').write(flow_graph.dot())
data = open(args.filename).read()
ad = int(args.addr, 16)
print 'disasm...'
mdis = dis_x86_32(data)
mdis.follow_call = True
asmcfg = mdis.dis_multiblock(ad)
print 'ok'
print 'generating dataflow graph for:'
ir_arch = ir_a_x86_32(mdis.loc_db)
ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
for irblock in ircfg.blocks.values():
print irblock
if args.symb:
block_flow_cb = intra_block_flow_symb
else:
block_flow_cb = intra_block_flow_raw
gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb)
print '*' * 40
print """
from miasm2.arch.x86.arch import mn_x86
from miasm2.expression.expression import get_rw
from miasm2.arch.x86.ira import ir_a_x86_32
print """
Simple expression manipulation demo.
Get read/written registers for a given instruction
"""
arch = mn_x86
ir_arch = ir_a_x86_32()
l = arch.fromstring("LODSB", 32)
l.offset, l.l = 0, 15
ir_arch.add_instr(l)
print "*" * 80
for lbl, b in ir_arch.blocs.items():
print b
for irs in b.irs:
o_r, o_w = get_rw(irs)
print "read: ", [str(x) for x in o_r]
print "written:", [str(x) for x in o_w]
print
ir_arch.gen_graph()
g = ir_arch.graph()
open("graph_instr.dot", "w").write(g)
from miasm2.arch.x86.arch import mn_x86
from miasm2.expression.expression import get_rw
from miasm2.arch.x86.ira import ir_a_x86_32
print """
Simple expression manipulation demo.
Get read/written registers for a given instruction
"""
arch = mn_x86
ir_arch = ir_a_x86_32()
l = arch.fromstring('LODSB', 32)
l.offset, l.l = 0, 15
ir_arch.add_instr(l)
print '*' * 80
for lbl, irblock in ir_arch.blocks.items():
print irblock
for assignblk in irblock:
o_r, o_w = get_rw(assignblk)
print 'read: ', [str(x) for x in o_r]
print 'written:', [str(x) for x in o_w]
print
open('graph_instr.dot', 'w').write(ir_arch.graph.dot())
# from graph_qt import graph_qt
# graph_qt(flow_graph)
open('data.dot', 'w').write(flow_graph.dot())
data = open(args.filename).read()
ad = int(args.addr, 16)
print 'disasm...'
mdis = dis_x86_32(data)
mdis.follow_call = True
asmcfg = mdis.dis_multiblock(ad)
print 'ok'
print 'generating dataflow graph for:'
ir_arch = ir_a_x86_32(mdis.loc_db)
for block in asmcfg.blocks:
print block
ir_arch.add_block(block)
for irblock in ir_arch.blocks.values():
print irblock
if args.symb:
block_flow_cb = intra_block_flow_symb
else:
block_flow_cb = intra_block_flow_raw
gen_block_data_flow_graph(ir_arch, ad, block_flow_cb)
print '*' * 40
from miasm2.core.bin_stream import bin_stream_str
from miasm2.arch.x86.arch import mn_x86
from miasm2.arch.x86.ira import ir_a_x86_32
from miasm2.arch.x86.regs import all_regs_ids, all_regs_ids_init
from miasm2.ir.symbexec import symbexec
from miasm2.arch.x86.disasm import dis_x86_32 as dis_engine
import miasm2.expression.expression as m2_expr
l = mn_x86.fromstring("MOV EAX, EBX", 32)
asm = mn_x86.asm(l)[0]
bin_stream = bin_stream_str(asm)
mdis = dis_engine(bin_stream)
disasm = mdis.dis_multibloc(0)
ir = ir_a_x86_32(mdis.symbol_pool)
for bbl in disasm: ir.add_bloc(bbl)
symbols_init = {}
for i, r in enumerate(all_regs_ids):
symbols_init[r] = all_regs_ids_init[i]
symb = symbexec(ir, symbols_init)
block = ir.get_bloc(0)
cur_addr = symb.emulbloc(block)
assert(symb.symbols[m2_expr.ExprId("EAX")] == symbols_init[m2_expr.ExprId("EBX")])
print 'modified registers:'
symb.dump_id()
from miasm2.arch.x86.arch import mn_x86
from miasm2.expression.expression import get_rw
from miasm2.arch.x86.ira import ir_a_x86_32
from miasm2.core.locationdb import LocationDB
loc_db = LocationDB()
print """
Simple expression manipulation demo.
Get read/written registers for a given instruction
"""
arch = mn_x86
ir_arch = ir_a_x86_32(loc_db)
ircfg = ir_arch.new_ircfg()
instr = arch.fromstring('LODSB', loc_db, 32)
instr.offset, instr.l = 0, 15
ir_arch.add_instr_to_ircfg(instr, ircfg)
print '*' * 80
for lbl, irblock in ircfg.blocks.iteritems():
print irblock
for assignblk in irblock:
rw = assignblk.get_rw()
for dst, reads in rw.iteritems():
print 'read: ', [str(x) for x in reads]
print 'written:', dst
print
open('graph_instr.dot', 'w').write(ircfg.dot())
from miasm2.arch.x86.arch import mn_x86
from miasm2.expression.expression import get_rw
from miasm2.arch.x86.ira import ir_a_x86_32
from miasm2.core.locationdb import LocationDB
loc_db = LocationDB()
print """
Simple expression manipulation demo.
Get read/written registers for a given instruction
"""
arch = mn_x86
ir_arch = ir_a_x86_32(loc_db)
ircfg = ir_arch.new_ircfg()
instr = arch.fromstring('LODSB', loc_db, 32)
instr.offset, instr.l = 0, 15
ir_arch.add_instr_to_ircfg(instr, ircfg)
print '*' * 80
for lbl, irblock in ircfg.blocks.iteritems():
print irblock
for assignblk in irblock:
rw = assignblk.get_rw()
for dst, reads in rw.iteritems():
print 'read: ', [str(x) for x in reads]
print 'written:', dst
print
open('graph_instr.dot', 'w').write(ircfg.dot())