示例#1
0
    def __init__(self, process, mm):
        ip = process.getInstrPointer()
        fp = process.getFramePointer()

        self.module = FindModule(ip, mm)

        self.fp_type = RefinePType(Type("Ptr32", 4), fp, process, mm)
        # print "fp:",hex(fp_type[1]), str(fp_type[0])
        if not process.no_frame_pointer:  # str(self.fp_type[0]) == "SPtr32":
            self.bt = getBacktrace(process, max_args=0, max_depth=20)
        else:
            self.bt = Backtrace()
        frames = []

        if CPU_X86_64:
            # detection of stack frame disabled, python-ptrace does not support
            # ...
            pass
        if CPU_I386:

            for i, frame in enumerate(self.bt.frames):
                print "frame", frame, hex(frame.ip)
                r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
                frames.append(r_type)
                # print "ip:", str(r_type[0])
                if not (str(r_type[0]) == "GxPtr32"):
                    break

        self.bt.frames = frames
        self.eip_type = RefinePType(
            Type("Ptr32", 4), process.getInstrPointer(), process, mm)
示例#2
0
  def __init__(self, process, mm):
    ip = process.getInstrPointer()
    fp = process.getFramePointer()

    self.module = FindModule(ip,mm)
    
    self.fp_type = RefinePType(Type("Ptr32",4), fp, process, mm)
 
    #print "fp:",hex(fp_type[1]), str(fp_type[0])
    if not process.no_frame_pointer: #str(self.fp_type[0]) == "SPtr32": 
      self.bt =  getBacktrace(process,max_args=0, max_depth=20)
    else: 
      self.bt = Backtrace()
    frames = []

    for i,frame in enumerate(self.bt.frames):
      r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
      frames.append(r_type)
      #print "ip:", str(r_type[0])
      if not (str(r_type[0])  == "GxPtr32"):
        break

      #if str(r_type[0]) == "DPtr32":
      #  break
     
     
    self.bt.frames = frames
    self.eip_type = RefinePType(Type("Ptr32",4), process.getInstrPointer(), process, mm)
示例#3
0
    def __init__(self, process, mm):
        self.name = "Abort"
        ip = process.getInstrPointer()

        self.bt = process.getBacktrace(max_args=0, max_depth=20)
        self.module = FindModule(ip, mm)
        # print self.bt, type(self.bt)
        frames = []

        if CPU_X86_64:
            # detection of stack frame disabled, python-ptrace does not support
            # ...
            pass
        if CPU_I386:

            for i, frame in enumerate(self.bt.frames):
                r_type = RefinePType(Type("Ptr32", 4), frame.ip, process, mm)
                frames.append(r_type)

                if str(r_type[0]) == "DPtr32":
                    break

        self.bt.frames = frames
        # print "frames",frames
        # print "self.bt.frames", self.bt.frames

        self.eip = RefinePType(Type("Ptr32", 4), ip, process, mm)
示例#4
0
    def __init__(self, parent: Node):
        self.scope = parent.scope
        self.target = self.scope.create_new_var(Type.generate_random_type())
        self.type = self.target.get_type()
        super().__init__(parent)

        self.expression = generate_expression_node(self)
        self.scope.add_var(self.target)
示例#5
0
  def __init__(self, name, process, mm): #_sifields = None):

    self.fields = dict()
    _sifields = process.getsiginfo()._sifields

    self.name = name

    if hasattr(_sifields, "_sigfault") and self.name == "SIGSEGV":
      self.fields["addr"] = RefinePType(Type("Ptr32",4), _sifields._sigfault._addr, process, mm)
示例#6
0
    def __init__(self, parent: Node):
        self.scope = parent.scope
        self.target = random.choice(
            self.collect_variables(Type.generate_random_type()))
        self.type = self.target.get_type()

        super().__init__(parent)

        self.type = self.target.get_type()
        self.expression = generate_expression_node(self)
示例#7
0
  def __init__(self, name, module):

    assert(name in specs)
    spec = specs[name]
    self.ret = str(spec[0])
    #fixme: void functions and non-returned values should be different!
    self.retvalue = (Type("Top32",4),None)
    self.module = module
    self.name = str(name)
    self.param_types = list(spec[1:])
    self.param_ptypes = []
    self.param_values = []
示例#8
0
  def __init__(self, process, mm):
    self.name = "Abort"
    ip = process.getInstrPointer()

    self.bt =  process.getBacktrace(max_args=0, max_depth=20)
    self.module = FindModule(ip,mm)
    #print self.bt, type(self.bt)
    frames = []

    for i,frame in enumerate(self.bt.frames):
      r_type = RefinePType(Type("Ptr32",4), frame.ip, process, mm)
      frames.append(r_type)

      if str(r_type[0]) == "DPtr32":
        break
 
    self.bt.frames = frames
    #print "frames",frames
    #print "self.bt.frames", self.bt.frames
 
    self.eip = RefinePType(Type("Ptr32",4), ip, process, mm)
示例#9
0
 def __DetectRetAddr__(self):
   addr = self.process.getreg("esp")
   bytes = self.process.readBytes(addr, 4)
   return RefinePType(Type("Ptr32",4),bytes2word(bytes), self.process, self.mm)
示例#10
0
def RefinePType(ptype, value, process, mm):

  if value is None:
    return (Type("Top32",4), value)

  if str(ptype) == "Ptr32":
    ptr = value
    if ptr == 0x0:
      return (Type("NPtr32",4), ptr)
    else:

      try:
        _ = process.readBytes(ptr, 4)
      except PtraceError:
        return (Type("DPtr32",4), ptr)

      mm.checkPtr(ptr)
      if   mm.isStackPtr(ptr):
        return (Type("SPtr32",4), ptr)
      elif mm.isHeapPtr(ptr):
        return (Type("HPtr32",4), ptr)
      elif mm.isCodePtr(ptr):
        return (Type("GxPtr32",4), ptr)
      elif mm.isFilePtr(ptr):
        return (Type("FPtr32",4), ptr)
      elif mm.isGlobalPtr(ptr):
        return (Type("GPtr32",4), ptr)
      else:
        return (Type("Ptr32",4), ptr)

  elif str(ptype) == "Num32":
    num = value
    if num == 0x0:
      return (Type("Num32B0",4), num)
    else:
      binlen = len(bin(num))-2
      binlen = int(ceil(binlen / 8.0))*8
      return (Type("Num32B"+str(binlen),4), num)

  return (Type("Top32",4), value)
示例#11
0
 def randomize_target(self):
     self.target = random.choice(
         self.collect_variables(Type.generate_random_type()))
     self.type = self.target.get_type()
     self.expression = generate_expression_node(self)