ranges_to_test.append(AddressRange(lower, upper))
sa = SequenceAnalyzer(imm, r_model, f_model, m_model)
solver = sa.state.solver
sa._debug = DEBUG
sa.analyze(start_addr, stopEIP=end_addr)
total_queries = 0
start = time.time()
while True:
if timeout is not None and time.time() - start >= timeout:
imm.log("Timeout of %d seconds expired during first phase" %
timeout)
break
# Preserve solver state
sa.push()
reg_expr = sa.state.regs[output_reg]
try:
addr_range = ranges_to_test.pop()
except IndexError:
sa.pop()
break
lower = addr_range.start
upper = addr_range.end
imm.log("Checking range %s:%s" % (hex(lower), hex(upper)))
lower_expr = solver.constExpr(lower)
upper_expr = solver.constExpr(upper)
rel_expr = boundsExpr(sa, reg_expr, lower_expr, upper_expr)
ranges_to_test = []
ranges_to_test.append(AddressRange(lower, upper))
sa = SequenceAnalyzer(imm, r_model, f_model, m_model)
solver = sa.state.solver
sa._debug = DEBUG
sa.analyze(start_addr, stopEIP=end_addr)
total_queries = 0
start = time.time()
while True:
if timeout is not None and time.time() - start >= timeout:
imm.log("Timeout of %d seconds expired during first phase" % timeout)
break
# Preserve solver state
sa.push()
reg_expr = sa.state.regs[output_reg]
try:
addr_range = ranges_to_test.pop()
except IndexError:
sa.pop()
break
lower = addr_range.start
upper = addr_range.end
imm.log("Checking range %s:%s" % (hex(lower), hex(upper)))
lower_expr = solver.constExpr(lower)
upper_expr = solver.constExpr(upper)
rel_expr = boundsExpr(sa, reg_expr, lower_expr,
