def get_dangerous_args(self, ea):
"""
Find the dangerous function arguments
Ex. "call strncpy" find the third push,
which should correspond to the size argument
@returns: list of arguments (may be empty)
"""
# TODO: x86 only at the moment, x64 at least
# TODO: the algo as a whole is flaky...
# which paths are being considered?
if misc.is_64bit():
raise NotImplementedError
prev_addr = ea
dang_args = []
dang_name = GetOpnd(ea, 0)
dang_arg_idx = 0
for pat, arg_idx in self.dangerous_patterns.iteritems():
if pat in dang_name:
dang_arg_idx = arg_idx
while dang_arg_idx > 0:
pi = DecodePreviousInstruction(prev_addr)
# DecodePreviousInstruction returns None if we try
# to decode past the beginning of the function
if not pi:
return []
if pi.get_canon_mnem() == 'push':
dang_arg_idx -= 1
push_op = GetOpnd(pi.ea, 0)
dang_args.append(push_op)
prev_addr = pi.ea
return dang_args
def get_dangerous_args(self, ea):
"""
Find the dangerous function arguments
Ex. "call strncpy" find the third push,
which should correspond to the size argument
@returns: list of arguments (may be empty)
"""
# TODO: x86 only at the moment, x64 at least
# TODO: the algo as a whole is flaky...
# which paths are being considered?
if misc.is_64bit():
raise NotImplementedError
prev_addr = ea
dang_args = []
dang_name = GetOpnd(ea, 0)
dang_arg_idx = 0
for pat, arg_idx in self.dangerous_patterns.iteritems():
if pat in dang_name:
dang_arg_idx = arg_idx
while dang_arg_idx > 0:
pi = DecodePreviousInstruction(prev_addr)
# DecodePreviousInstruction returns None if we try
# to decode past the beginning of the function
if not pi:
return []
if pi.get_canon_mnem() == 'push':
dang_arg_idx -= 1
push_op = GetOpnd(pi.ea, 0)
dang_args.append(push_op)
prev_addr = pi.ea
return dang_args
def get_dangerous_args(self, ea):
"""
Find the dangerous function arguments
Ex. "call strncpy" find the third push,
which should correspond to the size argument
@returns: list of arguments (may be empty)
"""
dang_name = GetOpnd(ea, 0)
dang_arg_idx = 0
#x86_64_regs = ['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'] # System V AMD64 ABI
x86_64_regs = ['rcx', 'rdx', 'r8', 'r9'] # Microsoft x64
# TODO: the algo as a whole is flaky...
# which paths are being considered?
for pat, arg_idx in self.dangerous_patterns.iteritems():
if pat in dang_name:
dang_arg_idx = arg_idx
if misc.is_64bit():
return x86_64_regs[:dang_arg_idx]
prev_addr = ea
dang_args = []
while dang_arg_idx > 0:
pi = DecodePreviousInstruction(prev_addr)
# DecodePreviousInstruction returns None if we try
# to decode past the beginning of the function
if not pi:
return []
if pi.get_canon_mnem() == 'push':
dang_arg_idx -= 1
push_op = GetOpnd(pi.ea, 0)
dang_args.append(push_op)
prev_addr = pi.ea
return dang_args
