def x64_temp_offsets(blk): for stmt in blk.bap.stmts: if stmt.insn is not None \ and (stmt.insn.startswith('PUSH') or stmt.insn.startswith('POP') or stmt.insn.startswith('CALL') or stmt.insn.startswith('RET')): if isinstance(stmt, DefStmt) \ and type(stmt.rhs) in (LoadExp, StoreExp): base_pointer, offset, access = mem_addr( stmt.rhs.addr, blk, stmt.pc) if base_pointer is not None and base_pointer.base_register == 'RSP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc) if isinstance(stmt, JmpStmt) \ and isinstance(stmt.kind, RetKind) \ and isinstance(stmt.kind.label, IndirectLabel): if isinstance(stmt.kind.label.exp, LoadExp): base_pointer, offset, access = mem_addr( stmt.kind.label.exp, blk, stmt.pc) if base_pointer is not None and base_pointer.base_register == 'RSP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc) elif isinstance(stmt.kind.label.exp, VirtualExp) \ and isinstance(get_virtual_exp(stmt.kind.label.exp, blk).exp, LoadExp): base_pointer, offset, access = mem_addr( stmt.kind.label.exp, blk, stmt.pc) if base_pointer is not None and base_pointer.base_register == 'RSP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc)
def arm_epilogue(blk): if len(blk.bap.stmts) > 1: last_stmt = blk.bap.stmts[-1] if isinstance(last_stmt, JmpStmt) \ and isinstance(last_stmt.kind, RetKind): stmt = blk.bap.stmts[-2] if isinstance(stmt.lhs, RegVar) \ and stmt.lhs.name == 'SP' \ and isinstance(stmt.rhs, BinOpExp) \ and isinstance(stmt.rhs.e1, RegVar) \ and isinstance(stmt.rhs.e2, IntExp) \ and stmt.rhs.e1.name == 'SP': for i in range(len(blk.bap.stmts) - 3, -1, -1): stmt = blk.bap.stmts[i] if isinstance(stmt, DefStmt) \ and isinstance(stmt.lhs, RegVar) \ and isinstance(stmt.rhs, LoadExp): base_pointer, offset, access = mem_addr( stmt.rhs.addr, blk, stmt.pc) if base_pointer is not None and base_pointer.base_register == 'SP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc) make_giv_reg(stmt.lhs.name, stmt.lhs.index, blk, stmt.pc) else: break else: break
def x86_call_args(blk): if len(blk.bap.stmts) > 0: last_stmt_bap = blk.bap.stmts[-1] if isinstance(last_stmt_bap, JmpStmt) \ and isinstance(last_stmt_bap.kind, CallKind): tmp_args = dict() call = last_stmt_bap for i in range(len(blk.bap.stmts) - 4, -1, -1): stmt = blk.bap.stmts[i] if isinstance(stmt, DefStmt): lhs = stmt.lhs rhs = stmt.rhs if isinstance(lhs, MemVar) and isinstance(rhs, StoreExp): addr = rhs.addr exp = rhs.exp base_pointer, offset, access = mem_addr( addr, blk, stmt.pc) if base_pointer is not None \ and not isinstance(exp, GivReg) \ and not isinstance(exp, VirtualVar) \ and base_pointer.base_register in ('ESP', 'RSP'): key = (base_pointer.base_register, offset) if key not in tmp_args: tmp_args[key] = (exp, stmt.pc) for base_pointer, offset in sorted(tmp_args.keys()): key = (base_pointer, offset) if offset == 0 or \ (base_pointer, offset - blk.binary.config.ADDRESS_BYTE_SIZE) in tmp_args: exp, pc = tmp_args[key] make_temp_offset(base_pointer, offset, blk, pc) call.kind.args[key] = (exp, pc) else: break
def x64_epilogue(blk): for stmt in blk.bap.stmts: if stmt.insn is not None \ and stmt.insn.startswith('POP') \ and isinstance(stmt, DefStmt) \ and isinstance(stmt.lhs, RegVar) \ and isinstance(stmt.rhs, LoadExp): base_pointer, offset, access = mem_addr(stmt.rhs.addr, blk, stmt.pc) if base_pointer is not None \ and base_pointer.base_register == 'RSP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc) make_giv_reg(stmt.lhs.name, stmt.lhs.index, blk, stmt.pc)
def arm_prologue(blk): for stmt in blk.bap.stmts: if stmt.pc is not None \ and stmt.pc == blk.function.low_pc \ and isinstance(stmt, DefStmt) \ and isinstance(stmt.lhs, MemVar) \ and isinstance(stmt.rhs, StoreExp) \ and isinstance(stmt.rhs.exp, RegVar): base_pointer, offset, access = mem_addr(stmt.rhs.addr, blk, stmt.pc) if base_pointer is not None and base_pointer.base_register == 'SP': make_temp_offset(base_pointer.base_register, offset, blk, stmt.pc) make_giv_reg(stmt.rhs.exp.name, stmt.rhs.exp.index, blk, stmt.pc) else: break