diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2020-12-25 21:37:02 +0100 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2020-12-25 21:37:02 +0100 |
| commit | 972cad3a89d2856a6969328a9870a1b472cd9fd2 (patch) | |
| tree | 65687e39ab4ce446957c73d95fd5d662b49d68ed | |
| parent | dd14b59efbd918838dcbb88c8d64bad53fcd054c (diff) | |
| download | focaccia-miasm-972cad3a89d2856a6969328a9870a1b472cd9fd2.tar.gz focaccia-miasm-972cad3a89d2856a6969328a9870a1b472cd9fd2.zip | |
Rename examples lifter
27 files changed, 213 insertions, 209 deletions
diff --git a/example/disasm/dis_binary_lift.py b/example/disasm/dis_binary_lift.py index 6ad69b05..28e37828 100644 --- a/example/disasm/dis_binary_lift.py +++ b/example/disasm/dis_binary_lift.py @@ -26,10 +26,10 @@ asmcfg = mdis.dis_multiblock(addr) ##################################### # Get a Lifter -ir_arch = machine.lifter(mdis.loc_db) +lifter = machine.lifter(mdis.loc_db) # Get the IR of the asmcfg -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks for irblock in viewvalues(ircfg.blocks): diff --git a/example/disasm/dis_binary_lift_model_call.py b/example/disasm/dis_binary_lift_model_call.py index 95b3a70b..3d5c27ba 100644 --- a/example/disasm/dis_binary_lift_model_call.py +++ b/example/disasm/dis_binary_lift_model_call.py @@ -29,10 +29,10 @@ asmcfg = mdis.dis_multiblock(addr) # Get an IRA converter # The sub call are modelised by default operators # call_func_ret and call_func_stack -ir_arch_analysis = machine.lifter_model_call(mdis.loc_db) +lifter = machine.lifter_model_call(mdis.loc_db) # Get the IR of the asmcfg -ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) +ircfg_analysis = lifter.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks for irblock in viewvalues(ircfg_analysis.blocks): diff --git a/example/expression/access_c.py b/example/expression/access_c.py index fd50a917..e2f1c6f5 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -151,21 +151,21 @@ addr_head = 0 asmcfg = mdis.dis_multiblock(addr_head) lbl_head = loc_db.get_offset_location(addr_head) -ir_arch_a = lifter_model_call(loc_db) -ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg) +lifter = lifter_model_call(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) open('graph_irflow.dot', 'w').write(ircfg.dot()) # Main function's first argument's type is "struct ll_human*" ptr_llhuman = types_mngr.get_objc(CTypePtr(CTypeStruct('ll_human'))) arg0 = ExprId('ptr', 64) -ctx = {ir_arch_a.arch.regs.RDI: arg0} +ctx = {lifter.arch.regs.RDI: arg0} expr_types = {arg0: (ptr_llhuman,), ExprInt(0x8A, 64): (ptr_llhuman,)} mychandler = MyCHandler(types_mngr, expr_types) -for expr in get_funcs_arg0(ctx, ir_arch_a, ircfg, lbl_head): +for expr in get_funcs_arg0(ctx, lifter, ircfg, lbl_head): print("Access:", expr) for c_str, ctype in mychandler.expr_to_c_and_types(expr): print('\taccess:', c_str) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 9be7d1b3..635c12c2 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -43,9 +43,9 @@ print(loc_db) patches = asmblock.asm_resolve_final(mn_x86, asmcfg) # Translate to IR -ir_arch = LifterModelCall_x86_32(loc_db) -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) -deadrm = DeadRemoval(ir_arch) +lifter = LifterModelCall_x86_32(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) +deadrm = DeadRemoval(lifter) # Display IR diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index 0ea8028c..20c2c3cc 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -30,16 +30,16 @@ machine = Machine("x86_32") loc_db = LocationDB() cont = Container.from_stream(open(args.filename, 'rb'), loc_db) mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) -ir_arch = machine.lifter_model_call(mdis.loc_db) +lifter = machine.lifter_model_call(mdis.loc_db) addr = int(args.address, 0) -deadrm = DeadRemoval(ir_arch) +deadrm = DeadRemoval(lifter) asmcfg = mdis.dis_multiblock(addr) -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) entry_points = set([mdis.loc_db.get_offset_location(addr)]) -init_infos = ir_arch.arch.regs.regs_init -cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) +init_infos = lifter.arch.regs.regs_init +cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos) if args.simplify: ircfg.simplify(expr_simp) diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index 752c4272..69bb2aac 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -16,11 +16,11 @@ Get read/written registers for a given instruction """) arch = mn_x86 -ir_arch = LifterModelCall_x86_32(loc_db) -ircfg = ir_arch.new_ircfg() +lifter = LifterModelCall_x86_32(loc_db) +ircfg = lifter.new_ircfg() instr = arch.fromstring('LODSB', loc_db, 32) instr.offset, instr.l = 0, 15 -ir_arch.add_instr_to_ircfg(instr, ircfg) +lifter.add_instr_to_ircfg(instr, ircfg) print('*' * 80) for lbl, irblock in viewitems(ircfg.blocks): diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 661d0037..f40646bc 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -26,9 +26,9 @@ def get_node_name(label, i, n): return n_name -def intra_block_flow_symb(ir_arch, _, flow_graph, irblock, in_nodes, out_nodes): - symbols_init = ir_arch.arch.regs.regs_init.copy() - sb = SymbolicExecutionEngine(ir_arch, symbols_init) +def intra_block_flow_symb(lifter, _, flow_graph, irblock, in_nodes, out_nodes): + symbols_init = lifter.arch.regs.regs_init.copy() + sb = SymbolicExecutionEngine(lifter, symbols_init) sb.eval_updt_irblock(irblock) print('*' * 40) print(irblock) @@ -85,7 +85,7 @@ def node2str(node): return out -def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): +def gen_block_data_flow_graph(lifter, ircfg, ad, block_flow_cb): for irblock in viewvalues(ircfg.blocks): print(irblock) @@ -111,7 +111,7 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): irb_out_nodes[label] = {} for label, irblock in viewitems(ircfg.blocks): - block_flow_cb(ir_arch, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) + block_flow_cb(lifter, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) for label in ircfg.blocks: print(label) @@ -119,7 +119,7 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): print('OUT', [str(x) for x in irb_out_nodes[label]]) print('*' * 20, 'interblock', '*' * 20) - inter_block_flow(ir_arch, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) + inter_block_flow(lifter, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt # graph_qt(flow_graph) @@ -139,9 +139,9 @@ print('ok') print('generating dataflow graph for:') -ir_arch_analysis = machine.lifter_model_call(loc_db) -ircfg = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) -deadrm = DeadRemoval(ir_arch_analysis) +lifter = machine.lifter_model_call(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) +deadrm = DeadRemoval(lifter) for irblock in viewvalues(ircfg.blocks): @@ -153,7 +153,7 @@ if args.symb: else: block_flow_cb = intra_block_flow_raw -gen_block_data_flow_graph(ir_arch_analysis, ircfg, ad, block_flow_cb) +gen_block_data_flow_graph(lifter, ircfg, ad, block_flow_cb) print('*' * 40) print(""" diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 3de81d0d..3dcd8b98 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -148,20 +148,20 @@ class MyCHandler(CHandler): class TypePropagationEngine(SymbExecCType): - def __init__(self, ir_arch, types_mngr, state): + def __init__(self, lifter, types_mngr, state): mychandler = MyCHandler(types_mngr, state.symbols) - super(TypePropagationEngine, self).__init__(ir_arch, + super(TypePropagationEngine, self).__init__(lifter, state.symbols, mychandler) class SymbExecCTypeFix(SymbExecCType): - def __init__(self, ir_arch, + def __init__(self, lifter, symbols, chandler, cst_propag_link, sb_expr_simp=expr_simp): - super(SymbExecCTypeFix, self).__init__(ir_arch, + super(SymbExecCTypeFix, self).__init__(lifter, symbols, chandler, sb_expr_simp=expr_simp) @@ -177,7 +177,7 @@ class SymbExecCTypeFix(SymbExecCType): offset2cmt = {} for index, assignblk in enumerate(irb): - if set(assignblk) == set([self.ir_arch.IRDst, self.ir_arch.pc]): + if set(assignblk) == set([self.lifter.IRDst, self.lifter.pc]): # Don't display on jxx continue instr = assignblk.instr @@ -187,7 +187,7 @@ class SymbExecCTypeFix(SymbExecCType): todo = set() # Replace PC with value to match IR args - pc_fixed = {self.ir_arch.pc: m2_expr.ExprInt(instr.offset + instr.l, self.ir_arch.pc.size)} + pc_fixed = {self.lifter.pc: m2_expr.ExprInt(instr.offset + instr.l, self.lifter.pc.size)} inputs = tmp_r inputs.update(arg for arg in tmp_w if arg.is_mem()) for arg in inputs: @@ -209,14 +209,14 @@ class SymbExecCTypeFix(SymbExecCType): idc.set_cmt(offset, '\n'.join(value), 0) print("%x\n" % offset, '\n'.join(value)) - return self.eval_expr(self.ir_arch.IRDst) + return self.eval_expr(self.lifter.IRDst) class CTypeEngineFixer(SymbExecCTypeFix): - def __init__(self, ir_arch, types_mngr, state, cst_propag_link): + def __init__(self, lifter, types_mngr, state, cst_propag_link): mychandler = MyCHandler(types_mngr, state.symbols) - super(CTypeEngineFixer, self).__init__(ir_arch, + super(CTypeEngineFixer, self).__init__(lifter, state.symbols, mychandler, cst_propag_link) @@ -273,16 +273,16 @@ def analyse_function(): lifter_model_callCallStackFixer = get_lifter_model_call_call_fixer(lifter_model_call) - ir_arch = lifter_model_callCallStackFixer(loc_db) + lifter = lifter_model_callCallStackFixer(loc_db) asmcfg = mdis.dis_multiblock(addr) # Generate IR - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) cst_propag_link = {} if settings.cUnalias.value: - init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } - cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) + init_infos = {lifter.sp: lifter.arch.regs.regs_init[lifter.sp] } + cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) @@ -318,8 +318,8 @@ def analyse_function(): assignblk_head = AssignBlock( [ - ExprAssign(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)), - ExprAssign(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) + ExprAssign(lifter.IRDst, ExprLoc(lbl_real_start, lifter.IRDst.size)), + ExprAssign(lifter.sp, lifter.arch.regs.regs_init[lifter.sp]) ], first_block.lines[0] ) @@ -340,9 +340,9 @@ def analyse_function(): done.add((lbl, state)) if lbl not in ircfg.blocks: continue - symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) + symbexec_engine = TypePropagationEngine(lifter, types_mngr, state) symbexec_engine.run_block_at(ircfg, lbl) - symbexec_engine.del_mem_above_stack(ir_arch.sp) + symbexec_engine.del_mem_above_stack(lifter.sp) sons = ircfg.successors(lbl) for son in sons: @@ -354,9 +354,9 @@ def analyse_function(): for lbl, state in viewitems(states): if lbl not in ircfg.blocks: continue - symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) + symbexec_engine = CTypeEngineFixer(lifter, types_mngr, state, cst_propag_link) symbexec_engine.run_block_at(ircfg, lbl) - symbexec_engine.del_mem_above_stack(ir_arch.sp) + symbexec_engine.del_mem_above_stack(lifter.sp) if __name__ == "__main__": diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 4a0fb1e9..1ab31688 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -129,9 +129,9 @@ Method to use: if value in self.stk_args: line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] - stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), ir_arch.sp.size) - stk_off = m2_expr.ExprInt(self.lifter_model_call.sp.size // 8 * arg_num, ir_arch.sp.size) - element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.lifter_model_call.sp.size) + stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), lifter.sp.size) + stk_off = m2_expr.ExprInt(self.lifter_model_call.sp.size // 8 * arg_num, lifter.sp.size) + element = m2_expr.ExprMem(self.mn.regs.regs_init[lifter.sp] + stk_high + stk_off, self.lifter_model_call.sp.size) element = expr_simp(element) # Force stack unaliasing self.stk_unalias_force = True @@ -168,7 +168,7 @@ def clean_lines(): def treat_element(): "Display an element" - global graphs, comments, sol_nb, settings, addr, ir_arch, ircfg + global graphs, comments, sol_nb, settings, addr, lifter, ircfg try: graph = next(graphs) @@ -195,7 +195,7 @@ def treat_element(): if graph.has_loop: print('Graph has dependency loop: symbolic execution is inexact') else: - print("Possible value: %s" % next(iter(viewvalues(graph.emul(ir_arch))))) + print("Possible value: %s" % next(iter(viewvalues(graph.emul(lifter))))) for offset, elements in viewitems(comments): idc.set_cmt(offset, ", ".join(map(str, elements)), 0) @@ -207,7 +207,7 @@ def next_element(): def launch_depgraph(): - global graphs, comments, sol_nb, settings, addr, ir_arch, ircfg + global graphs, comments, sol_nb, settings, addr, lifter, ircfg # Get the current function addr = idc.get_screen_ea() func = ida_funcs.get_func(addr) @@ -220,7 +220,7 @@ def launch_depgraph(): loc_db = LocationDB() mdis = dis_engine(bs, loc_db=loc_db, dont_dis_nulstart_bloc=True) - ir_arch = lifter_model_call(loc_db) + lifter = lifter_model_call(loc_db) # Populate symbols with ida names for ad, name in idautils.Names(): @@ -231,10 +231,10 @@ def launch_depgraph(): asmcfg = mdis.dis_multiblock(func.start_ea) # Generate IR - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Get settings - settings = depGraphSettingsForm(ir_arch, ircfg, mn) + settings = depGraphSettingsForm(lifter, ircfg, mn) settings.Execute() loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb @@ -245,14 +245,14 @@ def launch_depgraph(): fix_stack = offset is not None and settings.unalias_stack for assignblk in irb: if fix_stack: - stk_high = m2_expr.ExprInt(idc.get_spd(assignblk.instr.offset), ir_arch.sp.size) - fix_dct = {ir_arch.sp: mn.regs.regs_init[ir_arch.sp] + stk_high} + stk_high = m2_expr.ExprInt(idc.get_spd(assignblk.instr.offset), lifter.sp.size) + fix_dct = {lifter.sp: mn.regs.regs_init[lifter.sp] + stk_high} new_assignblk = {} for dst, src in viewitems(assignblk): if fix_stack: src = src.replace_expr(fix_dct) - if dst != ir_arch.sp: + if dst != lifter.sp: dst = dst.replace_expr(fix_dct) dst, src = expr_simp(dst), expr_simp(src) new_assignblk[dst] = src diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index c827bbe2..c7bc6201 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -103,14 +103,14 @@ def label_str(self): return "%s:%s" % (self.name, self.offset) -def color_irblock(irblock, ir_arch): +def color_irblock(irblock, lifter): out = [] - lbl = idaapi.COLSTR("%s:" % ir_arch.loc_db.pretty_str(irblock.loc_key), idaapi.SCOLOR_INSN) + lbl = idaapi.COLSTR("%s:" % lifter.loc_db.pretty_str(irblock.loc_key), idaapi.SCOLOR_INSN) out.append(lbl) for assignblk in irblock: for dst, src in sorted(viewitems(assignblk)): - dst_f = expr2colorstr(dst, loc_db=ir_arch.loc_db) - src_f = expr2colorstr(src, loc_db=ir_arch.loc_db) + dst_f = expr2colorstr(dst, loc_db=lifter.loc_db) + src_f = expr2colorstr(src, loc_db=lifter.loc_db) line = idaapi.COLSTR("%s = %s" % (dst_f, src_f), idaapi.SCOLOR_INSN) out.append(' %s' % line) out.append("") @@ -222,7 +222,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont loc_db = LocationDB() mdis = dis_engine(bs, loc_db=loc_db) - ir_arch = IRADelModCallStack(loc_db) + lifter = IRADelModCallStack(loc_db) # populate symbols with ida names @@ -247,7 +247,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont open('asm_flow.dot', 'w').write(asmcfg.dot()) print("generating IR... %x" % start_addr) - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) if verbose: print("IR ok... %x" % start_addr) @@ -271,7 +271,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont head = list(entry_points)[0] if simplify: - ircfg_simplifier = IRCFGSimplifierCommon(ir_arch) + ircfg_simplifier = IRCFGSimplifierCommon(lifter) ircfg_simplifier.simplify(ircfg, head) title += " (simplified)" @@ -302,7 +302,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont if irblock is None: continue regs = {} - for reg in ir_arch.get_out_regs(irblock): + for reg in lifter.get_out_regs(irblock): regs[reg] = reg assignblks = list(irblock) new_assiblk = AssignBlock(regs, assignblks[-1].instr) @@ -326,7 +326,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont ret = ssa.graph elif type_graph == TYPE_GRAPH_IRSSAUNSSA: ircfg = self.ssa_to_unssa(ssa, head) - ircfg_simplifier = IRCFGSimplifierCommon(self.ir_arch) + ircfg_simplifier = IRCFGSimplifierCommon(self.lifter) ircfg_simplifier.simplify(ircfg, head) ret = ircfg else: @@ -335,7 +335,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont head = list(entry_points)[0] - simplifier = CustomIRCFGSimplifierSSA(ir_arch) + simplifier = CustomIRCFGSimplifierSSA(lifter) ircfg = simplifier.simplify(ircfg, head) open('final.dot', 'w').write(ircfg.dot()) diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index 62190e6b..21c6fe45 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -52,7 +52,7 @@ for element in args.element: raise ValueError("Unknown element '%s'" % element) mdis = machine.dis_engine(cont.bin_stream, dont_dis_nulstart_bloc=True, loc_db=loc_db) -ir_arch = machine.lifter_model_call(loc_db) +lifter = machine.lifter_model_call(loc_db) # Common argument forms init_ctx = {} @@ -67,7 +67,7 @@ if args.rename_args: asmcfg = mdis.dis_multiblock(int(args.func_addr, 0)) # Generate IR -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Get the instance dg = DependencyGraph( @@ -93,7 +93,7 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i with open(fname, "w") as fdesc: fdesc.write(sol.graph.dot()) - results = sol.emul(ir_arch, ctx=init_ctx) + results = sol.emul(lifter, ctx=init_ctx) tokens = {str(k): str(v) for k, v in viewitems(results)} if not args.json: result = ", ".join("=".join(x) for x in viewitems(tokens)) diff --git a/miasm/analysis/cst_propag.py b/miasm/analysis/cst_propag.py index dd7733b0..cdb62d3c 100644 --- a/miasm/analysis/cst_propag.py +++ b/miasm/analysis/cst_propag.py @@ -19,8 +19,8 @@ class SymbExecState(SymbolicExecutionEngine): """ State manager for SymbolicExecution """ - def __init__(self, ir_arch, ircfg, state): - super(SymbExecState, self).__init__(ir_arch, {}) + def __init__(self, lifter, ircfg, state): + super(SymbExecState, self).__init__(lifter, {}) self.set_state(state) @@ -40,16 +40,16 @@ def add_state(ircfg, todo, states, addr, state): states[addr] = states[addr].merge(state) -def is_expr_cst(ir_arch, expr): +def is_expr_cst(lifter, expr): """Return true if @expr is only composed of ExprInt and init_regs - @ir_arch: IR instance + @lifter: Lifter instance @expr: Expression to test""" elements = expr.get_r(mem_read=True) for element in elements: if element.is_mem(): continue - if element.is_id() and element in ir_arch.arch.regs.all_regs_ids_init: + if element.is_id() and element in lifter.arch.regs.all_regs_ids_init: continue if element.is_int(): continue @@ -65,11 +65,11 @@ class SymbExecStateFix(SymbolicExecutionEngine): """ # Function used to test if an Expression is considered as a constant - is_expr_cst = lambda _, ir_arch, expr: is_expr_cst(ir_arch, expr) + is_expr_cst = lambda _, lifter, expr: is_expr_cst(lifter, expr) - def __init__(self, ir_arch, ircfg, state, cst_propag_link): + def __init__(self, lifter, ircfg, state, cst_propag_link): self.ircfg = ircfg - super(SymbExecStateFix, self).__init__(ir_arch, {}) + super(SymbExecStateFix, self).__init__(lifter, {}) self.set_state(state) self.cst_propag_link = cst_propag_link @@ -83,7 +83,7 @@ class SymbExecStateFix(SymbolicExecutionEngine): if not element.is_id(): continue value = self.eval_expr(element) - if self.is_expr_cst(self.ir_arch, value): + if self.is_expr_cst(self.lifter, value): to_propag[element] = value return expr_simp(expr.replace_expr(to_propag)) @@ -116,13 +116,13 @@ class SymbExecStateFix(SymbolicExecutionEngine): self.ircfg.blocks[irb.loc_key] = IRBlock(irb.loc_db, irb.loc_key, assignblks) -def compute_cst_propagation_states(ir_arch, ircfg, init_addr, init_infos): +def compute_cst_propagation_states(lifter, ircfg, init_addr, init_infos): """ Propagate "constant expressions" in a function. The attribute "constant expression" is true if the expression is based on constants or "init" regs values. - @ir_arch: Lifter instance + @lifter: Lifter instance @init_addr: analysis start address @init_infos: dictionary linking expressions to their values at @init_addr """ @@ -144,9 +144,9 @@ def compute_cst_propagation_states(ir_arch, ircfg, init_addr, init_infos): if lbl not in ircfg.blocks: continue - symbexec_engine = SymbExecState(ir_arch, ircfg, state) + symbexec_engine = SymbExecState(lifter, ircfg, state) addr = symbexec_engine.run_block_at(ircfg, lbl) - symbexec_engine.del_mem_above_stack(ir_arch.sp) + symbexec_engine.del_mem_above_stack(lifter.sp) for dst in possible_values(addr): value = dst.value @@ -163,23 +163,23 @@ def compute_cst_propagation_states(ir_arch, ircfg, init_addr, init_infos): return states -def propagate_cst_expr(ir_arch, ircfg, addr, init_infos): +def propagate_cst_expr(lifter, ircfg, addr, init_infos): """ - Propagate "constant expressions" in a @ir_arch. + Propagate "constant expressions" in a @lifter. The attribute "constant expression" is true if the expression is based on constants or "init" regs values. - @ir_arch: Lifter instance + @lifter: Lifter instance @addr: analysis start address @init_infos: dictionary linking expressions to their values at @init_addr Returns a mapping between replaced Expression and their new values. """ - states = compute_cst_propagation_states(ir_arch, ircfg, addr, init_infos) + states = compute_cst_propagation_states(lifter, ircfg, addr, init_infos) cst_propag_link = {} for lbl, state in viewitems(states): if lbl not in ircfg.blocks: continue - symbexec = SymbExecStateFix(ir_arch, ircfg, state, cst_propag_link) + symbexec = SymbExecStateFix(lifter, ircfg, state, cst_propag_link) symbexec.eval_updt_irblock(ircfg.blocks[lbl]) return cst_propag_link diff --git a/miasm/analysis/data_analysis.py b/miasm/analysis/data_analysis.py index ae06c59b..cd290d67 100644 --- a/miasm/analysis/data_analysis.py +++ b/miasm/analysis/data_analysis.py @@ -15,7 +15,7 @@ def get_node_name(label, i, n): return n_name -def intra_block_flow_raw(ir_arch, ircfg, flow_graph, irb, in_nodes, out_nodes): +def intra_block_flow_raw(lifter, ircfg, flow_graph, irb, in_nodes, out_nodes): """ Create data flow for an irbloc using raw IR expressions """ @@ -66,7 +66,7 @@ def intra_block_flow_raw(ir_arch, ircfg, flow_graph, irb, in_nodes, out_nodes): -def inter_block_flow_link(ir_arch, ircfg, flow_graph, irb_in_nodes, irb_out_nodes, todo, link_exec_to_data): +def inter_block_flow_link(lifter, ircfg, flow_graph, irb_in_nodes, irb_out_nodes, todo, link_exec_to_data): lbl, current_nodes, exec_nodes = todo current_nodes = dict(current_nodes) @@ -106,19 +106,19 @@ def inter_block_flow_link(ir_arch, ircfg, flow_graph, irb_in_nodes, irb_out_node return todo -def create_implicit_flow(ir_arch, flow_graph, irb_in_nodes, irb_out_ndes): +def create_implicit_flow(lifter, flow_graph, irb_in_nodes, irb_out_ndes): # first fix IN/OUT # If a son read a node which in not in OUT, add it - todo = set(ir_arch.blocks.keys()) + todo = set(lifter.blocks.keys()) while todo: lbl = todo.pop() - irb = ir_arch.blocks[lbl] - for lbl_son in ir_arch.graph.successors(irb.loc_key): - if not lbl_son in ir_arch.blocks: + irb = lifter.blocks[lbl] + for lbl_son in lifter.graph.successors(irb.loc_key): + if not lbl_son in lifter.blocks: print("cannot find block!!", lbl) continue - irb_son = ir_arch.blocks[lbl_son] + irb_son = lifter.blocks[lbl_son] for n_r in irb_in_nodes[irb_son.loc_key]: if n_r in irb_out_nodes[irb.loc_key]: continue @@ -130,13 +130,13 @@ def create_implicit_flow(ir_arch, flow_graph, irb_in_nodes, irb_out_ndes): if not n_r in irb_in_nodes[irb.loc_key]: irb_in_nodes[irb.loc_key][n_r] = irb.loc_key, 0, n_r node_n_r = irb_in_nodes[irb.loc_key][n_r] - for lbl_p in ir_arch.graph.predecessors(irb.loc_key): + for lbl_p in lifter.graph.predecessors(irb.loc_key): todo.add(lbl_p) flow_graph.add_uniq_edge(node_n_r, node_n_w) -def inter_block_flow(ir_arch, ircfg, flow_graph, irb_0, irb_in_nodes, irb_out_nodes, link_exec_to_data=True): +def inter_block_flow(lifter, ircfg, flow_graph, irb_0, irb_in_nodes, irb_out_nodes, link_exec_to_data=True): todo = set() done = set() @@ -147,7 +147,7 @@ def inter_block_flow(ir_arch, ircfg, flow_graph, irb_0, irb_in_nodes, irb_out_no if state in done: continue done.add(state) - out = inter_block_flow_link(ir_arch, ircfg, flow_graph, irb_in_nodes, irb_out_nodes, state, link_exec_to_data) + out = inter_block_flow_link(lifter, ircfg, flow_graph, irb_in_nodes, irb_out_nodes, state, link_exec_to_data) todo.update(out) @@ -161,20 +161,20 @@ class symb_exec_func(object): There is no real magic here, loops and complex merging will certainly fail. """ - def __init__(self, ir_arch): + def __init__(self, lifter): self.todo = set() self.stateby_ad = {} self.cpt = {} self.states_var_done = set() self.states_done = set() self.total_done = 0 - self.ir_arch = ir_arch + self.lifter = lifter def add_state(self, parent, ad, state): variables = dict(state.symbols) # get block dead, and remove from state - b = self.ir_arch.get_block(ad) + b = self.lifter.get_block(ad) if b is None: raise ValueError("unknown block! %s" % ad) s = parent, ad, tuple(sorted(viewitems(variables))) @@ -198,7 +198,7 @@ class symb_exec_func(object): self.states_done.add(state) self.states_var_done.add(state) - sb = SymbolicExecutionEngine(self.ir_arch, dict(s)) + sb = SymbolicExecutionEngine(self.lifter, dict(s)) return parent, ad, sb return None diff --git a/miasm/analysis/data_flow.py b/miasm/analysis/data_flow.py index 6ace4f4e..4ff96caa 100644 --- a/miasm/analysis/data_flow.py +++ b/miasm/analysis/data_flow.py @@ -213,8 +213,8 @@ class DeadRemoval(object): Do dead removal """ - def __init__(self, ir_arch, expr_to_original_expr=None): - self.ir_arch = ir_arch + def __init__(self, lifter, expr_to_original_expr=None): + self.lifter = lifter if expr_to_original_expr is None: expr_to_original_expr = {} self.expr_to_original_expr = expr_to_original_expr @@ -226,7 +226,7 @@ class DeadRemoval(object): def is_unkillable_destination(self, lval, rval): if ( lval.is_mem() or - self.ir_arch.IRDst == lval or + self.lifter.IRDst == lval or lval.is_id("exception_flags") or is_function_call(rval) ): @@ -290,7 +290,7 @@ class DeadRemoval(object): Find definitions of out regs starting from @block """ worklist = set() - for reg in self.ir_arch.get_out_regs(block): + for reg in self.lifter.get_out_regs(block): worklist.add((reg, block.loc_key)) ret = self.find_definitions_from_worklist(worklist, ircfg) return ret @@ -743,7 +743,7 @@ def expr_has_mem(expr): def stack_to_reg(expr): if expr.is_mem(): ptr = expr.arg - SP = ir_arch_a.sp + SP = lifter.sp if ptr == SP: return ExprId("STACK.0", expr.size) elif (ptr.is_op('+') and @@ -757,26 +757,26 @@ def stack_to_reg(expr): return False -def is_stack_access(ir_arch_a, expr): +def is_stack_access(lifter, expr): if not expr.is_mem(): return False ptr = expr.ptr - diff = expr_simp(ptr - ir_arch_a.sp) + diff = expr_simp(ptr - lifter.sp) if not diff.is_int(): return False return expr -def visitor_get_stack_accesses(ir_arch_a, expr, stack_vars): - if is_stack_access(ir_arch_a, expr): +def visitor_get_stack_accesses(lifter, expr, stack_vars): + if is_stack_access(lifter, expr): stack_vars.add(expr) return expr -def get_stack_accesses(ir_arch_a, expr): +def get_stack_accesses(lifter, expr): result = set() def get_stack(expr_to_test): - visitor_get_stack_accesses(ir_arch_a, expr_to_test, result) + visitor_get_stack_accesses(lifter, expr_to_test, result) return None visitor = ExprWalk(get_stack) visitor.visit(expr) @@ -790,14 +790,14 @@ def get_interval_length(interval_in): return length -def check_expr_below_stack(ir_arch_a, expr): +def check_expr_below_stack(lifter, expr): """ Return False if expr pointer is below original stack pointer - @ir_arch_a: lifter_model_call instance + @lifter: lifter_model_call instance @expr: Expression instance """ ptr = expr.ptr - diff = expr_simp(ptr - ir_arch_a.sp) + diff = expr_simp(ptr - lifter.sp) if not diff.is_int(): return True if int(diff) == 0 or int(expr_simp(diff.msb())) == 0: @@ -805,20 +805,20 @@ def check_expr_below_stack(ir_arch_a, expr): return True -def retrieve_stack_accesses(ir_arch_a, ircfg): +def retrieve_stack_accesses(lifter, ircfg): """ Walk the ssa graph and find stack based variables. Return a dictionary linking stack base address to its size/name - @ir_arch_a: lifter_model_call instance + @lifter: lifter_model_call instance @ircfg: IRCFG instance """ stack_vars = set() for block in viewvalues(ircfg.blocks): for assignblk in block: for dst, src in viewitems(assignblk): - stack_vars.update(get_stack_accesses(ir_arch_a, dst)) - stack_vars.update(get_stack_accesses(ir_arch_a, src)) - stack_vars = [expr for expr in stack_vars if check_expr_below_stack(ir_arch_a, expr)] + stack_vars.update(get_stack_accesses(lifter, dst)) + stack_vars.update(get_stack_accesses(lifter, src)) + stack_vars = [expr for expr in stack_vars if check_expr_below_stack(lifter, expr)] base_to_var = {} for var in stack_vars: @@ -829,7 +829,7 @@ def retrieve_stack_accesses(ir_arch_a, ircfg): for addr, vars in viewitems(base_to_var): var_interval = interval() for var in vars: - offset = expr_simp(addr - ir_arch_a.sp) + offset = expr_simp(addr - lifter.sp) if not offset.is_int(): # skip non linear stack offset continue @@ -879,7 +879,7 @@ def replace_mem_stack_vars(expr, base_to_info): return expr.visit(lambda expr:fix_stack_vars(expr, base_to_info)) -def replace_stack_vars(ir_arch_a, ircfg): +def replace_stack_vars(lifter, ircfg): """ Try to replace stack based memory accesses by variables. @@ -889,11 +889,11 @@ def replace_stack_vars(ir_arch_a, ircfg): WARNING: may fail - @ir_arch_a: lifter_model_call instance + @lifter: lifter_model_call instance @ircfg: IRCFG instance """ - base_to_info = retrieve_stack_accesses(ir_arch_a, ircfg) + base_to_info = retrieve_stack_accesses(lifter, ircfg) modified = False for block in list(viewvalues(ircfg.blocks)): assignblks = [] @@ -946,16 +946,16 @@ def read_mem(bs, expr): return ExprInt(value, expr.size) -def load_from_int(ir_arch, bs, is_addr_ro_variable): +def load_from_int(ircfg, bs, is_addr_ro_variable): """ Replace memory read based on constant with static value - @ir_arch: lifter_model_call instance + @ircfg: IRCFG instance @bs: binstream instance @is_addr_ro_variable: callback(addr, size) to test memory candidate """ modified = False - for block in list(viewvalues(ir_arch.blocks)): + for block in list(viewvalues(ircfg.blocks)): assignblks = list() for assignblk in block: out = {} @@ -988,7 +988,7 @@ def load_from_int(ir_arch, bs, is_addr_ro_variable): out = AssignBlock(out, assignblk.instr) assignblks.append(out) block = IRBlock(block.loc_db, block.loc_key, assignblks) - ir_arch.blocks[block.loc_key] = block + ircfg.blocks[block.loc_key] = block return modified @@ -1188,14 +1188,14 @@ class DiGraphLivenessIRA(DiGraphLiveness): DiGraph representing variable liveness for IRA """ - def init_var_info(self, ir_arch_a): + def init_var_info(self, lifter): """Add ircfg out regs""" for node in self.leaves(): irblock = self.ircfg.blocks.get(node, None) if irblock is None: continue - var_out = ir_arch_a.get_out_regs(irblock) + var_out = lifter.get_out_regs(irblock) irblock_liveness = self.blocks[node] irblock_liveness.infos[-1].var_out = var_out diff --git a/miasm/analysis/depgraph.py b/miasm/analysis/depgraph.py index 8b5c87e2..7fadd9bf 100644 --- a/miasm/analysis/depgraph.py +++ b/miasm/analysis/depgraph.py @@ -282,10 +282,10 @@ class DependencyResult(DependencyState): return IRBlock(irb.loc_db, irb.loc_key, assignblks) - def emul(self, ir_arch, ctx=None, step=False): + def emul(self, lifter, ctx=None, step=False): """Symbolic execution of relevant nodes according to the history Return the values of inputs nodes' elements - @ir_arch: Lifter instance + @lifter: Lifter instance @ctx: (optional) Initial context as dictionary @step: (optional) Verbose execution Warning: The emulation is not sound if the inputs nodes depend on loop @@ -308,9 +308,9 @@ class DependencyResult(DependencyState): line_nb).assignblks # Eval the block - loc_db = ir_arch.loc_db + loc_db = lifter.loc_db temp_loc = loc_db.get_or_create_name_location("Temp") - symb_exec = SymbolicExecutionEngine(ir_arch, ctx_init) + symb_exec = SymbolicExecutionEngine(lifter, ctx_init) symb_exec.eval_updt_irblock(IRBlock(loc_db, temp_loc, assignblks), step=step) # Return only inputs values (others could be wrongs) @@ -361,13 +361,13 @@ class DependencyResultImplicit(DependencyResult): conds = translator.from_expr(self.unsat_expr) return conds - def emul(self, ir_arch, ctx=None, step=False): + def emul(self, lifter, ctx=None, step=False): # Init ctx_init = {} if ctx is not None: ctx_init.update(ctx) solver = z3.Solver() - symb_exec = SymbolicExecutionEngine(ir_arch, ctx_init) + symb_exec = SymbolicExecutionEngine(lifter, ctx_init) history = self.history[::-1] history_size = len(history) translator = Translator.to_language("z3") diff --git a/miasm/analysis/disasm_cb.py b/miasm/analysis/disasm_cb.py index a3d7a68c..f180f0a2 100644 --- a/miasm/analysis/disasm_cb.py +++ b/miasm/analysis/disasm_cb.py @@ -29,11 +29,11 @@ def arm_guess_subcall(dis_engine, cur_block, offsets_to_dis): loc_db = dis_engine.loc_db lifter_model_call = get_lifter_model_call(arch, dis_engine.attrib) - ir_arch = lifter_model_call(loc_db) + lifter = lifter_model_call(loc_db) ircfg = lifter_model_call.new_ircfg() print('###') print(cur_block) - ir_arch.add_asmblock_to_ircfg(cur_block, ircfg) + lifter.add_asmblock_to_ircfg(cur_block, ircfg) to_add = set() for irblock in viewvalues(ircfg.blocks): @@ -41,7 +41,7 @@ def arm_guess_subcall(dis_engine, cur_block, offsets_to_dis): lr_val = None for exprs in irblock: for e in exprs: - if e.dst == ir_arch.pc: + if e.dst == lifter.pc: pc_val = e.src if e.dst == arch.regs.LR: lr_val = e.src @@ -71,15 +71,15 @@ def arm_guess_jump_table(dis_engine, cur_block, offsets_to_dis): jra = ExprId('jra') jrb = ExprId('jrb') - ir_arch = lifter_model_call(loc_db) + lifter = lifter_model_call(loc_db) ircfg = lifter_model_call.new_ircfg() - ir_arch.add_asmblock_to_ircfg(cur_block, ircfg) + lifter.add_asmblock_to_ircfg(cur_block, ircfg) for irblock in viewvalues(ircfg.blocks): pc_val = None for exprs in irblock: for e in exprs: - if e.dst == ir_arch.pc: + if e.dst == lifter.pc: pc_val = e.src if pc_val is None: continue diff --git a/miasm/analysis/simplifier.py b/miasm/analysis/simplifier.py index 193b329c..a7c29b06 100644 --- a/miasm/analysis/simplifier.py +++ b/miasm/analysis/simplifier.py @@ -53,7 +53,6 @@ class IRCFGSimplifier(object): @property def ir_arch(self): - fds warnings.warn('DEPRECATION WARNING: use ".lifter" instead of ".ir_arch"') return self.lifter diff --git a/miasm/ir/ir.py b/miasm/ir/ir.py index 9039efa1..b712b0ee 100644 --- a/miasm/ir/ir.py +++ b/miasm/ir/ir.py @@ -839,8 +839,8 @@ class Lifter(object): warnings.warn("""DEPRECATION WARNING ircfg is now out of Lifter Use: - ircfg = ir_arch.new_ircfg() - ir_arch.add_asmblock_to_ircfg(block, ircfg) + ircfg = lifter.new_ircfg() + lifter.add_asmblock_to_ircfg(block, ircfg) """) raise RuntimeError("API Deprecated") diff --git a/miasm/ir/symbexec.py b/miasm/ir/symbexec.py index ee8e4924..2acd293d 100644 --- a/miasm/ir/symbexec.py +++ b/miasm/ir/symbexec.py @@ -17,16 +17,16 @@ log.addHandler(console_handler) log.setLevel(logging.INFO) -def get_block(ir_arch, ircfg, mdis, addr): +def get_block(lifter, ircfg, mdis, addr): """Get IRBlock at address @addr""" loc_key = ircfg.get_or_create_loc_key(addr) if not loc_key in ircfg.blocks: offset = mdis.loc_db.get_location_offset(loc_key) block = mdis.dis_block(offset) - ir_arch.add_asmblock_to_ircfg(block, ircfg) + lifter.add_asmblock_to_ircfg(block, ircfg) irblock = ircfg.get_block(loc_key) if irblock is None: - raise LookupError('No block found at that address: %s' % ir_arch.loc_db.pretty_str(loc_key)) + raise LookupError('No block found at that address: %s' % lifter.loc_db.pretty_str(loc_key)) return irblock @@ -764,14 +764,14 @@ class SymbolicExecutionEngine(object): from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.ir.ir import AssignBlock - ir_arch = Lifter_X86_32() + lifter = Lifter_X86_32() init_state = { - ir_arch.arch.regs.EAX: ir_arch.arch.regs.EBX, + lifter.arch.regs.EAX: lifter.arch.regs.EBX, ExprMem(id_x+ExprInt(0x10, 32), 32): id_a, } - sb_exec = SymbolicExecutionEngine(ir_arch, init_state) + sb_exec = SymbolicExecutionEngine(lifter, init_state) >>> sb_exec.dump() EAX = a @@ -779,7 +779,7 @@ class SymbolicExecutionEngine(object): >>> sb_exec.dump(mems=False) EAX = a - >>> print sb_exec.eval_expr(ir_arch.arch.regs.EAX + ir_arch.arch.regs.ECX) + >>> print sb_exec.eval_expr(lifter.arch.regs.EAX + lifter.arch.regs.ECX) EBX + ECX Inspecting state: @@ -796,14 +796,14 @@ class SymbolicExecutionEngine(object): - eval_updt_assignblk - eval_updt_irblock - Start a symbolic execution based on provisioned '.ir_arch' blocks: + Start a symbolic execution based on provisioned '.lifter' blocks: - run_block_at - run_at """ StateEngine = SymbolicState - def __init__(self, ir_arch, state=None, + def __init__(self, lifter, state=None, sb_expr_simp=expr_simp_explicit): self.expr_to_visitor = { @@ -820,14 +820,19 @@ class SymbolicExecutionEngine(object): if state is None: state = {} - self.symbols = SymbolMngr(addrsize=ir_arch.addrsize, expr_simp=sb_expr_simp) + self.symbols = SymbolMngr(addrsize=lifter.addrsize, expr_simp=sb_expr_simp) for dst, src in viewitems(state): self.symbols.write(dst, src) - self.ir_arch = ir_arch + self.lifter = lifter self.expr_simp = sb_expr_simp + @property + def ir_arch(self): + warnings.warn('DEPRECATION WARNING: use ".lifter" instead of ".ir_arch"') + return self.lifter + def get_state(self): """Return the current state of the SymbolicEngine""" state = self.StateEngine(dict(self.symbols)) @@ -837,7 +842,7 @@ class SymbolicExecutionEngine(object): """Restaure the @state of the engine @state: StateEngine instance """ - self.symbols = SymbolMngr(addrsize=self.ir_arch.addrsize, expr_simp=self.expr_simp) + self.symbols = SymbolMngr(addrsize=self.lifter.addrsize, expr_simp=self.expr_simp) for dst, src in viewitems(dict(state)): self.symbols[dst] = src @@ -884,7 +889,7 @@ class SymbolicExecutionEngine(object): def eval_exprloc(self, expr, **kwargs): """[DEV]: Evaluate an ExprLoc using the current state""" - offset = self.ir_arch.loc_db.get_location_offset(expr.loc_key) + offset = self.lifter.loc_db.get_location_offset(expr.loc_key) if offset is not None: ret = ExprInt(offset, expr.size) else: @@ -1040,7 +1045,7 @@ class SymbolicExecutionEngine(object): self.dump(mems=False) self.dump(ids=False) print('_' * 80) - dst = self.eval_expr(self.ir_arch.IRDst) + dst = self.eval_expr(self.lifter.IRDst) return dst diff --git a/miasm/ir/symbexec_top.py b/miasm/ir/symbexec_top.py index d37293b5..e4b9708b 100644 --- a/miasm/ir/symbexec_top.py +++ b/miasm/ir/symbexec_top.py @@ -87,10 +87,10 @@ class SymbExecTopNoMem(SymbolicExecutionEngine): StateEngine = SymbolicStateTop - def __init__(self, ir_arch, state, regstop, + def __init__(self, lifter, state, regstop, sb_expr_simp=expr_simp): known_symbols = dict(state) - super(SymbExecTopNoMem, self).__init__(ir_arch, known_symbols, + super(SymbExecTopNoMem, self).__init__(lifter, known_symbols, sb_expr_simp) self.regstop = set(regstop) @@ -125,7 +125,7 @@ class SymbExecTopNoMem(SymbolicExecutionEngine): return ret def eval_exprloc(self, expr, **kwargs): - offset = self.ir_arch.loc_db.get_location_offset(expr.loc_key) + offset = self.lifter.loc_db.get_location_offset(expr.loc_key) if offset is not None: ret = ExprInt(offset, expr.size) else: diff --git a/miasm/ir/symbexec_types.py b/miasm/ir/symbexec_types.py index c969a2f5..e720f6fd 100644 --- a/miasm/ir/symbexec_types.py +++ b/miasm/ir/symbexec_types.py @@ -67,13 +67,13 @@ class SymbExecCType(SymbolicExecutionEngine): StateEngine = SymbolicStateCTypes OBJC_INTERNAL = "___OBJC___" - def __init__(self, ir_arch, + def __init__(self, lifter, symbols, chandler, sb_expr_simp=expr_simp): self.chandler = chandler - super(SymbExecCType, self).__init__(ir_arch, + super(SymbExecCType, self).__init__(lifter, {}, sb_expr_simp) self.symbols = dict(symbols) diff --git a/miasm/jitter/emulatedsymbexec.py b/miasm/jitter/emulatedsymbexec.py index b8ca52e3..1c3100ae 100644 --- a/miasm/jitter/emulatedsymbexec.py +++ b/miasm/jitter/emulatedsymbexec.py @@ -63,7 +63,7 @@ class EmulatedSymbExec(SymbolicExecutionEngine): def reset_regs(self): """Set registers value to 0. Ignore register aliases""" - for reg in self.ir_arch.arch.regs.all_regs_ids_no_alias: + for reg in self.lifter.arch.regs.all_regs_ids_no_alias: self.symbols.symbols_id[reg] = m2_expr.ExprInt(0, size=reg.size) # Memory management diff --git a/test/analysis/unssa.py b/test/analysis/unssa.py index bc7db487..7f03e3f8 100644 --- a/test/analysis/unssa.py +++ b/test/analysis/unssa.py @@ -575,14 +575,14 @@ class IRAOutRegs(IRATest): -def add_out_reg_end(ir_arch_a, ircfg_a): +def add_out_reg_end(lifter_a, ircfg_a): # Add dummy dependency to uncover out regs affectation for loc in ircfg_a.leaves(): irblock = ircfg_a.blocks.get(loc) if irblock is None: continue regs = {} - for reg in ir_arch_a.get_out_regs(irblock): + for reg in lifter.get_out_regs(irblock): regs[reg] = reg assignblks = list(irblock) new_assiblk = AssignBlock(regs, assignblks[-1].instr) @@ -591,7 +591,7 @@ def add_out_reg_end(ir_arch_a, ircfg_a): ircfg_a.blocks[loc] = new_irblock -ir_arch_a = IRAOutRegs(loc_db) +lifter = IRAOutRegs(loc_db) class CustomIRCFGSimplifierSSA(IRCFGSimplifierSSA): @@ -631,7 +631,7 @@ for test_nb, ircfg in enumerate( # SSA head = LBL0 - simplifier = CustomIRCFGSimplifierSSA(ir_arch_a) + simplifier = CustomIRCFGSimplifierSSA(lifter) ircfg = simplifier(ircfg, head) open('final_%d.dot' % test_nb, 'w').write(ircfg.dot()) diff --git a/test/arch/arm/sem.py b/test/arch/arm/sem.py index 1dca9a6b..a5b6d5eb 100755 --- a/test/arch/arm/sem.py +++ b/test/arch/arm/sem.py @@ -9,7 +9,7 @@ from future.utils import viewitems from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.arch.arm.arch import mn_arm as mn -from miasm.arch.arm.sem import Lifter_Arml as ir_arch +from miasm.arch.arm.sem import Lifter_Arml as Lifter from miasm.arch.arm.regs import * from miasm.expression.expression import * from miasm.core.locationdb import LocationDB @@ -17,7 +17,7 @@ from pdb import pm logging.getLogger('cpuhelper').setLevel(logging.ERROR) loc_db = LocationDB() -EXCLUDE_REGS = set([ir_arch(loc_db).IRDst]) +EXCLUDE_REGS = set([Lifter(loc_db).IRDst]) def M(addr): @@ -28,14 +28,14 @@ def compute(asm, inputstate={}, debug=False): loc_db = LocationDB() sympool = dict(regs_init) sympool.update({k: ExprInt(v, k.size) for k, v in viewitems(inputstate)}) - ir_tmp = ir_arch(loc_db) - ircfg = ir_tmp.new_ircfg() - symexec = SymbolicExecutionEngine(ir_tmp, sympool) + lifter = Lifter(loc_db) + ircfg = lifter.new_ircfg() + symexec = SymbolicExecutionEngine(lifter, sympool) instr = mn.fromstring(asm, loc_db, "l") code = mn.asm(instr)[0] instr = mn.dis(code, "l") instr.offset = inputstate.get(PC, 0) - lbl = ir_tmp.add_instr_to_ircfg(instr, ircfg) + lbl = lifter.add_instr_to_ircfg(instr, ircfg) symexec.run_at(ircfg, lbl) if debug: for k, v in viewitems(symexec.symbols): diff --git a/test/arch/msp430/sem.py b/test/arch/msp430/sem.py index e47c6f30..51a2c540 100755 --- a/test/arch/msp430/sem.py +++ b/test/arch/msp430/sem.py @@ -9,14 +9,14 @@ from future.utils import viewitems from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.arch.msp430.arch import mn_msp430 as mn, mode_msp430 as mode -from miasm.arch.msp430.sem import Lifter_MSP430 as ir_arch +from miasm.arch.msp430.sem import Lifter_MSP430 as Lifter from miasm.arch.msp430.regs import * from miasm.expression.expression import * from miasm.core.locationdb import LocationDB logging.getLogger('cpuhelper').setLevel(logging.ERROR) loc_db = LocationDB() -EXCLUDE_REGS = set([res, ir_arch(loc_db).IRDst]) +EXCLUDE_REGS = set([res, Lifter(loc_db).IRDst]) def M(addr): @@ -27,14 +27,14 @@ def compute(asm, inputstate={}, debug=False): loc_db = LocationDB() sympool = dict(regs_init) sympool.update({k: ExprInt(v, k.size) for k, v in viewitems(inputstate)}) - ir_tmp = ir_arch(loc_db) - ircfg = ir_tmp.new_ircfg() - symexec = SymbolicExecutionEngine(ir_tmp, sympool) + lifter = Lifter(loc_db) + ircfg = lifter.new_ircfg() + symexec = SymbolicExecutionEngine(lifter, sympool) instr = mn.fromstring(asm, mode) code = mn.asm(instr)[0] instr = mn.dis(code, mode) instr.offset = inputstate.get(PC, 0) - loc_key = ir_tmp.add_instr_to_ircfg(instr, ircfg) + loc_key = lifter.add_instr_to_ircfg(instr, ircfg) symexec.run_at(ircfg, loc_key) if debug: for k, v in viewitems(symexec.symbols): diff --git a/test/arch/ppc32/sem.py b/test/arch/ppc32/sem.py index c4b08485..c3a18531 100644 --- a/test/arch/ppc32/sem.py +++ b/test/arch/ppc32/sem.py @@ -9,7 +9,7 @@ from future.utils import viewitems from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.arch.ppc.arch import mn_ppc as mn -from miasm.arch.ppc.sem import Lifter_PPC32b as ir_arch +from miasm.arch.ppc.sem import Lifter_PPC32b as Lifter from miasm.arch.ppc.regs import * from miasm.expression.expression import * from miasm.core.locationdb import LocationDB @@ -17,7 +17,7 @@ from pdb import pm logging.getLogger('cpuhelper').setLevel(logging.ERROR) loc_db = LocationDB() -EXCLUDE_REGS = set([ir_arch(loc_db).IRDst]) +EXCLUDE_REGS = set([Lifter(loc_db).IRDst]) def M(addr): @@ -28,14 +28,14 @@ def compute(asm, inputstate={}, debug=False): loc_db = LocationDB() sympool = dict(regs_init) sympool.update({k: ExprInt(v, k.size) for k, v in viewitems(inputstate)}) - ir_tmp = ir_arch(loc_db) - ircfg = ir_tmp.new_ircfg() - symexec = SymbolicExecutionEngine(ir_tmp, sympool) + lifter = Lifter(loc_db) + ircfg = lifter.new_ircfg() + symexec = SymbolicExecutionEngine(lifter, sympool) instr = mn.fromstring(asm, loc_db, "b") code = mn.asm(instr)[0] instr = mn.dis(code, "b") instr.offset = inputstate.get(PC, 0) - lbl = ir_tmp.add_instr_to_ircfg(instr, ircfg) + lbl = lifter.add_instr_to_ircfg(instr, ircfg) symexec.run_at(ircfg, lbl) if debug: for k, v in viewitems(symexec.symbols): diff --git a/test/arch/x86/sem.py b/test/arch/x86/sem.py index ecee5772..5bca413f 100755 --- a/test/arch/x86/sem.py +++ b/test/arch/x86/sem.py @@ -14,7 +14,7 @@ import copy from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.arch.x86.arch import mn_x86 as mn -from miasm.arch.x86.sem import Lifter_X86_32 as ir_32, Lifter_X86_64 as ir_64 +from miasm.arch.x86.sem import Lifter_X86_32, Lifter_X86_64 from miasm.arch.x86.regs import * from miasm.expression.expression import * from miasm.expression.simplifications import expr_simp @@ -23,16 +23,16 @@ from miasm.core.locationdb import LocationDB logging.getLogger('cpuhelper').setLevel(logging.ERROR) loc_db = LocationDB() -EXCLUDE_REGS = set([ir_32(loc_db).IRDst, ir_64(loc_db).IRDst]) +EXCLUDE_REGS = set([Lifter_X86_32(loc_db).IRDst, Lifter_X86_64(loc_db).IRDst]) m32 = 32 m64 = 64 -def symb_exec(lbl, ir_arch, ircfg, inputstate, debug): +def symb_exec(lbl, lifter, ircfg, inputstate, debug): sympool = dict(regs_init) sympool.update(inputstate) - symexec = SymbolicExecutionEngine(ir_arch, sympool) + symexec = SymbolicExecutionEngine(lifter, sympool) symexec.run_at(ircfg, lbl) if debug: for k, v in viewitems(symexec.symbols): @@ -43,27 +43,27 @@ def symb_exec(lbl, ir_arch, ircfg, inputstate, debug): if k not in EXCLUDE_REGS and regs_init.get(k, None) != v } -def compute(ir, mode, asm, inputstate={}, debug=False): +def compute(Lifter, mode, asm, inputstate={}, debug=False): loc_db = LocationDB() instr = mn.fromstring(asm, loc_db, mode) code = mn.asm(instr)[0] instr = mn.dis(code, mode) instr.offset = inputstate.get(EIP, 0) - ir_arch = ir(loc_db) - ircfg = ir_arch.new_ircfg() - lbl = ir_arch.add_instr_to_ircfg(instr, ircfg) - return symb_exec(lbl, ir_arch, ircfg, inputstate, debug) + lifter = Lifter(loc_db) + ircfg = lifter.new_ircfg() + lbl = lifter.add_instr_to_ircfg(instr, ircfg) + return symb_exec(lbl, lifter, ircfg, inputstate, debug) -def compute_txt(ir, mode, txt, inputstate={}, debug=False): +def compute_txt(Lifter, mode, txt, inputstate={}, debug=False): loc_db = LocationDB() asmcfg = parse_asm.parse_txt(mn, mode, txt, loc_db) loc_db.set_location_offset(loc_db.get_name_location("main"), 0x0) patches = asmblock.asm_resolve_final(mn, asmcfg) - ir_arch = ir(loc_db) + lifter = Lifter(loc_db) lbl = loc_db.get_name_location("main") - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) - return symb_exec(lbl, ir_arch, ircfg, inputstate, debug) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) + return symb_exec(lbl, lifter, ircfg, inputstate, debug) op_add = lambda a, b: a+b op_sub = lambda a, b: a-b @@ -102,7 +102,7 @@ class TestX86Semantic(unittest.TestCase): def int_sse_op(self, name, op, elt_size, reg_size, arg1, arg2): arg1 = ExprInt(arg1, XMM0.size) arg2 = ExprInt(arg2, XMM0.size) - sem = compute(ir_32, m32, '%s XMM0, XMM1' % name, + sem = compute(Lifter_X86_32, m32, '%s XMM0, XMM1' % name, {XMM0: arg1, XMM1: arg2}, False) ref = ExprInt(int_vec_op(op, elt_size, reg_size, int(arg1), int(arg2)), XMM0.size) @@ -111,7 +111,7 @@ class TestX86Semantic(unittest.TestCase): def symb_sse_ops(self, names, a, b, ref): asm = "\n\t".join(["%s XMM0, XMM1" % name for name in names]) asm = "main:\n\t" + asm - sem = compute_txt(ir_32, m32, asm, + sem = compute_txt(Lifter_X86_32, m32, asm, {XMM0: a, XMM1: b}, False) self.assertEqual(sem, {XMM0: ref, XMM1: b}) @@ -119,7 +119,7 @@ class TestX86Semantic(unittest.TestCase): def mmx_logical_op(self, name, op, arg1, arg2): arg1 = ExprInt(arg1, mm0.size) arg2 = ExprInt(arg2, mm0.size) - sem = compute(ir_32, m32, '%s MM0, MM1' % name, + sem = compute(Lifter_X86_32, m32, '%s MM0, MM1' % name, {mm0: arg1, mm1: arg2}, False) ref = ExprInt(op(int(arg1), int(arg2)), mm0.size) @@ -128,7 +128,7 @@ class TestX86Semantic(unittest.TestCase): def sse_logical_op(self, name, op, arg1, arg2): arg1 = ExprInt(arg1, XMM0.size) arg2 = ExprInt(arg2, XMM1.size) - sem = compute(ir_32, m32, '%s XMM0, XMM1' % name, + sem = compute(Lifter_X86_32, m32, '%s XMM0, XMM1' % name, {XMM0: arg1, XMM1: arg2}, False) ref = ExprInt(op(int(arg1), int(arg2)), XMM0.size) |