def test_fauxware():
amd64 = archinfo.arch_from_id('amd64')
args = {
'i386': [
('authenticate', SimCCCdecl(
archinfo.arch_from_id('i386'),
args=[SimStackArg(4, 4), SimStackArg(8, 4)], sp_delta=4, ret_val=SimRegArg('eax', 4),
)
),
],
'x86_64': [
('authenticate', SimCCSystemVAMD64(
amd64,
args=[SimRegArg('rdi', 8), SimRegArg('rsi', 8)],
sp_delta=8,
ret_val=SimRegArg('rax', 8),
)
),
],
}
for arch, lst in args.items():
yield run_fauxware, arch, lst
def test_x86_saved_regs():
# Calling convention analysis should be able to determine calling convention of functions with registers saved on
# the stack.
binary_path = os.path.join(test_location, "tests", "cgc", "NRFIN_00036")
proj = angr.Project(binary_path, auto_load_libs=False)
cfg = proj.analyses.CFG()
func = cfg.functions[0x80494f0] # int2str
proj.analyses.VariableRecoveryFast(func)
cca = proj.analyses.CallingConvention(func)
cc = cca.cc
assert cc is not None, "Calling convention analysis failed to determine the calling convention of function " \
"0x80494f0."
assert isinstance(cc, SimCCCdecl)
assert len(cc.args) == 3
assert cc.args[0] == SimStackArg(4, 4)
assert cc.args[1] == SimStackArg(8, 4)
assert cc.args[2] == SimStackArg(12, 4)
func_exit = cfg.functions[0x804a1a9] # exit
proj.analyses.VariableRecoveryFast(func_exit)
cca = proj.analyses.CallingConvention(func_exit)
cc = cca.cc
assert func_exit.returning is False
assert cc is not None, "Calling convention analysis failed to determine the calling convention of function " \
"0x804a1a9."
assert isinstance(cc, SimCCCdecl)
assert len(cc.args) == 1
assert cc.args[0] == SimStackArg(4, 4)
class SimCCBPF(SimCC):
ARG_REGS = []
FP_ARG_REGS = []
STACKARG_SP_DIFF = 0
RETURN_ADDR = SimStackArg(0, 4)
RETURN_VAL = SimRegArg('acc', 4)
ARCH = ArchBPF
class SimCCMSP430(SimCC):
ARG_REGS = ['r15', 'r14', 'r13', 'r12']
FP_ARG_REGS = [] # TODO: ???
STACKARG_SP_DIFF = 2
RETURN_ADDR = SimStackArg(0, 2)
RETURN_VAL = SimRegArg('r15', 2)
ARCH = ArchMSP430
class SimCCRISCV(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7']
FP_ARG_REGS = [] # expand in case the floating point extension is added
STACK_ALIGNMENT = 16
RETURN_ADDR = SimStackArg(4, 4)
RETURN_VAL = SimRegArg('ra', 4)
ARCH = ArchRISCV
class SimCCRISCV(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7']
FP_ARG_REGS = [] # TODO: ???
STACK_ALIGNMENT = 16
RETURN_ADDR = SimStackArg(4, 4)
RETURN_VAL = SimRegArg('ra', 4)
ARCH = ArchRISCV
class SimRISCVSyscall(SimCC):
ARG_REGS = ['a0', 'a1', 'a2', 'a3', 'a4', 'a5']
RETURN_VAL = SimRegArg('a0', 4)
RETURN_ADDR = SimStackArg(4, 4)
ARCH = ArchRISCV
@staticmethod
def _match(arch, args, sp_delta): # pylint: disable=unused-argument
# doesn't appear anywhere but syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.a7
