diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/disasm/dis_binary_lift.py | 4 | ||||
| -rw-r--r-- | example/disasm/dis_binary_lift_model_call.py | 4 | ||||
| -rw-r--r-- | example/expression/access_c.py | 8 | ||||
| -rw-r--r-- | example/expression/asm_to_ir.py | 6 | ||||
| -rw-r--r-- | example/expression/constant_propagation.py | 10 | ||||
| -rw-r--r-- | example/expression/get_read_write.py | 6 | ||||
| -rw-r--r-- | example/expression/graph_dataflow.py | 20 | ||||
| -rw-r--r-- | example/ida/ctype_propagation.py | 38 | ||||
| -rw-r--r-- | example/ida/depgraph.py | 24 | ||||
| -rw-r--r-- | example/ida/graph_ir.py | 20 | ||||
| -rw-r--r-- | example/symbol_exec/depgraph.py | 6 |
11 files changed, 73 insertions, 73 deletions
diff --git a/example/disasm/dis_binary_lift.py b/example/disasm/dis_binary_lift.py index 6ad69b05..28e37828 100644 --- a/example/disasm/dis_binary_lift.py +++ b/example/disasm/dis_binary_lift.py @@ -26,10 +26,10 @@ asmcfg = mdis.dis_multiblock(addr) ##################################### # Get a Lifter -ir_arch = machine.lifter(mdis.loc_db) +lifter = machine.lifter(mdis.loc_db) # Get the IR of the asmcfg -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks for irblock in viewvalues(ircfg.blocks): diff --git a/example/disasm/dis_binary_lift_model_call.py b/example/disasm/dis_binary_lift_model_call.py index 95b3a70b..3d5c27ba 100644 --- a/example/disasm/dis_binary_lift_model_call.py +++ b/example/disasm/dis_binary_lift_model_call.py @@ -29,10 +29,10 @@ asmcfg = mdis.dis_multiblock(addr) # Get an IRA converter # The sub call are modelised by default operators # call_func_ret and call_func_stack -ir_arch_analysis = machine.lifter_model_call(mdis.loc_db) +lifter = machine.lifter_model_call(mdis.loc_db) # Get the IR of the asmcfg -ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) +ircfg_analysis = lifter.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks for irblock in viewvalues(ircfg_analysis.blocks): diff --git a/example/expression/access_c.py b/example/expression/access_c.py index fd50a917..e2f1c6f5 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -151,21 +151,21 @@ addr_head = 0 asmcfg = mdis.dis_multiblock(addr_head) lbl_head = loc_db.get_offset_location(addr_head) -ir_arch_a = lifter_model_call(loc_db) -ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg) +lifter = lifter_model_call(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) open('graph_irflow.dot', 'w').write(ircfg.dot()) # Main function's first argument's type is "struct ll_human*" ptr_llhuman = types_mngr.get_objc(CTypePtr(CTypeStruct('ll_human'))) arg0 = ExprId('ptr', 64) -ctx = {ir_arch_a.arch.regs.RDI: arg0} +ctx = {lifter.arch.regs.RDI: arg0} expr_types = {arg0: (ptr_llhuman,), ExprInt(0x8A, 64): (ptr_llhuman,)} mychandler = MyCHandler(types_mngr, expr_types) -for expr in get_funcs_arg0(ctx, ir_arch_a, ircfg, lbl_head): +for expr in get_funcs_arg0(ctx, lifter, ircfg, lbl_head): print("Access:", expr) for c_str, ctype in mychandler.expr_to_c_and_types(expr): print('\taccess:', c_str) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 9be7d1b3..635c12c2 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -43,9 +43,9 @@ print(loc_db) patches = asmblock.asm_resolve_final(mn_x86, asmcfg) # Translate to IR -ir_arch = LifterModelCall_x86_32(loc_db) -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) -deadrm = DeadRemoval(ir_arch) +lifter = LifterModelCall_x86_32(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) +deadrm = DeadRemoval(lifter) # Display IR diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index 0ea8028c..20c2c3cc 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -30,16 +30,16 @@ machine = Machine("x86_32") loc_db = LocationDB() cont = Container.from_stream(open(args.filename, 'rb'), loc_db) mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) -ir_arch = machine.lifter_model_call(mdis.loc_db) +lifter = machine.lifter_model_call(mdis.loc_db) addr = int(args.address, 0) -deadrm = DeadRemoval(ir_arch) +deadrm = DeadRemoval(lifter) asmcfg = mdis.dis_multiblock(addr) -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) entry_points = set([mdis.loc_db.get_offset_location(addr)]) -init_infos = ir_arch.arch.regs.regs_init -cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) +init_infos = lifter.arch.regs.regs_init +cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos) if args.simplify: ircfg.simplify(expr_simp) diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index 752c4272..69bb2aac 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -16,11 +16,11 @@ Get read/written registers for a given instruction """) arch = mn_x86 -ir_arch = LifterModelCall_x86_32(loc_db) -ircfg = ir_arch.new_ircfg() +lifter = LifterModelCall_x86_32(loc_db) +ircfg = lifter.new_ircfg() instr = arch.fromstring('LODSB', loc_db, 32) instr.offset, instr.l = 0, 15 -ir_arch.add_instr_to_ircfg(instr, ircfg) +lifter.add_instr_to_ircfg(instr, ircfg) print('*' * 80) for lbl, irblock in viewitems(ircfg.blocks): diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 661d0037..f40646bc 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -26,9 +26,9 @@ def get_node_name(label, i, n): return n_name -def intra_block_flow_symb(ir_arch, _, flow_graph, irblock, in_nodes, out_nodes): - symbols_init = ir_arch.arch.regs.regs_init.copy() - sb = SymbolicExecutionEngine(ir_arch, symbols_init) +def intra_block_flow_symb(lifter, _, flow_graph, irblock, in_nodes, out_nodes): + symbols_init = lifter.arch.regs.regs_init.copy() + sb = SymbolicExecutionEngine(lifter, symbols_init) sb.eval_updt_irblock(irblock) print('*' * 40) print(irblock) @@ -85,7 +85,7 @@ def node2str(node): return out -def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): +def gen_block_data_flow_graph(lifter, ircfg, ad, block_flow_cb): for irblock in viewvalues(ircfg.blocks): print(irblock) @@ -111,7 +111,7 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): irb_out_nodes[label] = {} for label, irblock in viewitems(ircfg.blocks): - block_flow_cb(ir_arch, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) + block_flow_cb(lifter, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) for label in ircfg.blocks: print(label) @@ -119,7 +119,7 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): print('OUT', [str(x) for x in irb_out_nodes[label]]) print('*' * 20, 'interblock', '*' * 20) - inter_block_flow(ir_arch, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) + inter_block_flow(lifter, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt # graph_qt(flow_graph) @@ -139,9 +139,9 @@ print('ok') print('generating dataflow graph for:') -ir_arch_analysis = machine.lifter_model_call(loc_db) -ircfg = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) -deadrm = DeadRemoval(ir_arch_analysis) +lifter = machine.lifter_model_call(loc_db) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) +deadrm = DeadRemoval(lifter) for irblock in viewvalues(ircfg.blocks): @@ -153,7 +153,7 @@ if args.symb: else: block_flow_cb = intra_block_flow_raw -gen_block_data_flow_graph(ir_arch_analysis, ircfg, ad, block_flow_cb) +gen_block_data_flow_graph(lifter, ircfg, ad, block_flow_cb) print('*' * 40) print(""" diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 3de81d0d..3dcd8b98 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -148,20 +148,20 @@ class MyCHandler(CHandler): class TypePropagationEngine(SymbExecCType): - def __init__(self, ir_arch, types_mngr, state): + def __init__(self, lifter, types_mngr, state): mychandler = MyCHandler(types_mngr, state.symbols) - super(TypePropagationEngine, self).__init__(ir_arch, + super(TypePropagationEngine, self).__init__(lifter, state.symbols, mychandler) class SymbExecCTypeFix(SymbExecCType): - def __init__(self, ir_arch, + def __init__(self, lifter, symbols, chandler, cst_propag_link, sb_expr_simp=expr_simp): - super(SymbExecCTypeFix, self).__init__(ir_arch, + super(SymbExecCTypeFix, self).__init__(lifter, symbols, chandler, sb_expr_simp=expr_simp) @@ -177,7 +177,7 @@ class SymbExecCTypeFix(SymbExecCType): offset2cmt = {} for index, assignblk in enumerate(irb): - if set(assignblk) == set([self.ir_arch.IRDst, self.ir_arch.pc]): + if set(assignblk) == set([self.lifter.IRDst, self.lifter.pc]): # Don't display on jxx continue instr = assignblk.instr @@ -187,7 +187,7 @@ class SymbExecCTypeFix(SymbExecCType): todo = set() # Replace PC with value to match IR args - pc_fixed = {self.ir_arch.pc: m2_expr.ExprInt(instr.offset + instr.l, self.ir_arch.pc.size)} + pc_fixed = {self.lifter.pc: m2_expr.ExprInt(instr.offset + instr.l, self.lifter.pc.size)} inputs = tmp_r inputs.update(arg for arg in tmp_w if arg.is_mem()) for arg in inputs: @@ -209,14 +209,14 @@ class SymbExecCTypeFix(SymbExecCType): idc.set_cmt(offset, '\n'.join(value), 0) print("%x\n" % offset, '\n'.join(value)) - return self.eval_expr(self.ir_arch.IRDst) + return self.eval_expr(self.lifter.IRDst) class CTypeEngineFixer(SymbExecCTypeFix): - def __init__(self, ir_arch, types_mngr, state, cst_propag_link): + def __init__(self, lifter, types_mngr, state, cst_propag_link): mychandler = MyCHandler(types_mngr, state.symbols) - super(CTypeEngineFixer, self).__init__(ir_arch, + super(CTypeEngineFixer, self).__init__(lifter, state.symbols, mychandler, cst_propag_link) @@ -273,16 +273,16 @@ def analyse_function(): lifter_model_callCallStackFixer = get_lifter_model_call_call_fixer(lifter_model_call) - ir_arch = lifter_model_callCallStackFixer(loc_db) + lifter = lifter_model_callCallStackFixer(loc_db) asmcfg = mdis.dis_multiblock(addr) # Generate IR - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) cst_propag_link = {} if settings.cUnalias.value: - init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } - cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) + init_infos = {lifter.sp: lifter.arch.regs.regs_init[lifter.sp] } + cst_propag_link = propagate_cst_expr(lifter, ircfg, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) @@ -318,8 +318,8 @@ def analyse_function(): assignblk_head = AssignBlock( [ - ExprAssign(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)), - ExprAssign(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) + ExprAssign(lifter.IRDst, ExprLoc(lbl_real_start, lifter.IRDst.size)), + ExprAssign(lifter.sp, lifter.arch.regs.regs_init[lifter.sp]) ], first_block.lines[0] ) @@ -340,9 +340,9 @@ def analyse_function(): done.add((lbl, state)) if lbl not in ircfg.blocks: continue - symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) + symbexec_engine = TypePropagationEngine(lifter, types_mngr, state) symbexec_engine.run_block_at(ircfg, lbl) - symbexec_engine.del_mem_above_stack(ir_arch.sp) + symbexec_engine.del_mem_above_stack(lifter.sp) sons = ircfg.successors(lbl) for son in sons: @@ -354,9 +354,9 @@ def analyse_function(): for lbl, state in viewitems(states): if lbl not in ircfg.blocks: continue - symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) + symbexec_engine = CTypeEngineFixer(lifter, types_mngr, state, cst_propag_link) symbexec_engine.run_block_at(ircfg, lbl) - symbexec_engine.del_mem_above_stack(ir_arch.sp) + symbexec_engine.del_mem_above_stack(lifter.sp) if __name__ == "__main__": diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 4a0fb1e9..1ab31688 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -129,9 +129,9 @@ Method to use: if value in self.stk_args: line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] - stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), ir_arch.sp.size) - stk_off = m2_expr.ExprInt(self.lifter_model_call.sp.size // 8 * arg_num, ir_arch.sp.size) - element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.lifter_model_call.sp.size) + stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), lifter.sp.size) + stk_off = m2_expr.ExprInt(self.lifter_model_call.sp.size // 8 * arg_num, lifter.sp.size) + element = m2_expr.ExprMem(self.mn.regs.regs_init[lifter.sp] + stk_high + stk_off, self.lifter_model_call.sp.size) element = expr_simp(element) # Force stack unaliasing self.stk_unalias_force = True @@ -168,7 +168,7 @@ def clean_lines(): def treat_element(): "Display an element" - global graphs, comments, sol_nb, settings, addr, ir_arch, ircfg + global graphs, comments, sol_nb, settings, addr, lifter, ircfg try: graph = next(graphs) @@ -195,7 +195,7 @@ def treat_element(): if graph.has_loop: print('Graph has dependency loop: symbolic execution is inexact') else: - print("Possible value: %s" % next(iter(viewvalues(graph.emul(ir_arch))))) + print("Possible value: %s" % next(iter(viewvalues(graph.emul(lifter))))) for offset, elements in viewitems(comments): idc.set_cmt(offset, ", ".join(map(str, elements)), 0) @@ -207,7 +207,7 @@ def next_element(): def launch_depgraph(): - global graphs, comments, sol_nb, settings, addr, ir_arch, ircfg + global graphs, comments, sol_nb, settings, addr, lifter, ircfg # Get the current function addr = idc.get_screen_ea() func = ida_funcs.get_func(addr) @@ -220,7 +220,7 @@ def launch_depgraph(): loc_db = LocationDB() mdis = dis_engine(bs, loc_db=loc_db, dont_dis_nulstart_bloc=True) - ir_arch = lifter_model_call(loc_db) + lifter = lifter_model_call(loc_db) # Populate symbols with ida names for ad, name in idautils.Names(): @@ -231,10 +231,10 @@ def launch_depgraph(): asmcfg = mdis.dis_multiblock(func.start_ea) # Generate IR - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Get settings - settings = depGraphSettingsForm(ir_arch, ircfg, mn) + settings = depGraphSettingsForm(lifter, ircfg, mn) settings.Execute() loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb @@ -245,14 +245,14 @@ def launch_depgraph(): fix_stack = offset is not None and settings.unalias_stack for assignblk in irb: if fix_stack: - stk_high = m2_expr.ExprInt(idc.get_spd(assignblk.instr.offset), ir_arch.sp.size) - fix_dct = {ir_arch.sp: mn.regs.regs_init[ir_arch.sp] + stk_high} + stk_high = m2_expr.ExprInt(idc.get_spd(assignblk.instr.offset), lifter.sp.size) + fix_dct = {lifter.sp: mn.regs.regs_init[lifter.sp] + stk_high} new_assignblk = {} for dst, src in viewitems(assignblk): if fix_stack: src = src.replace_expr(fix_dct) - if dst != ir_arch.sp: + if dst != lifter.sp: dst = dst.replace_expr(fix_dct) dst, src = expr_simp(dst), expr_simp(src) new_assignblk[dst] = src diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index c827bbe2..c7bc6201 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -103,14 +103,14 @@ def label_str(self): return "%s:%s" % (self.name, self.offset) -def color_irblock(irblock, ir_arch): +def color_irblock(irblock, lifter): out = [] - lbl = idaapi.COLSTR("%s:" % ir_arch.loc_db.pretty_str(irblock.loc_key), idaapi.SCOLOR_INSN) + lbl = idaapi.COLSTR("%s:" % lifter.loc_db.pretty_str(irblock.loc_key), idaapi.SCOLOR_INSN) out.append(lbl) for assignblk in irblock: for dst, src in sorted(viewitems(assignblk)): - dst_f = expr2colorstr(dst, loc_db=ir_arch.loc_db) - src_f = expr2colorstr(src, loc_db=ir_arch.loc_db) + dst_f = expr2colorstr(dst, loc_db=lifter.loc_db) + src_f = expr2colorstr(src, loc_db=lifter.loc_db) line = idaapi.COLSTR("%s = %s" % (dst_f, src_f), idaapi.SCOLOR_INSN) out.append(' %s' % line) out.append("") @@ -222,7 +222,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont loc_db = LocationDB() mdis = dis_engine(bs, loc_db=loc_db) - ir_arch = IRADelModCallStack(loc_db) + lifter = IRADelModCallStack(loc_db) # populate symbols with ida names @@ -247,7 +247,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont open('asm_flow.dot', 'w').write(asmcfg.dot()) print("generating IR... %x" % start_addr) - ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) if verbose: print("IR ok... %x" % start_addr) @@ -271,7 +271,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont head = list(entry_points)[0] if simplify: - ircfg_simplifier = IRCFGSimplifierCommon(ir_arch) + ircfg_simplifier = IRCFGSimplifierCommon(lifter) ircfg_simplifier.simplify(ircfg, head) title += " (simplified)" @@ -302,7 +302,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont if irblock is None: continue regs = {} - for reg in ir_arch.get_out_regs(irblock): + for reg in lifter.get_out_regs(irblock): regs[reg] = reg assignblks = list(irblock) new_assiblk = AssignBlock(regs, assignblks[-1].instr) @@ -326,7 +326,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont ret = ssa.graph elif type_graph == TYPE_GRAPH_IRSSAUNSSA: ircfg = self.ssa_to_unssa(ssa, head) - ircfg_simplifier = IRCFGSimplifierCommon(self.ir_arch) + ircfg_simplifier = IRCFGSimplifierCommon(self.lifter) ircfg_simplifier.simplify(ircfg, head) ret = ircfg else: @@ -335,7 +335,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont head = list(entry_points)[0] - simplifier = CustomIRCFGSimplifierSSA(ir_arch) + simplifier = CustomIRCFGSimplifierSSA(lifter) ircfg = simplifier.simplify(ircfg, head) open('final.dot', 'w').write(ircfg.dot()) diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index 62190e6b..21c6fe45 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -52,7 +52,7 @@ for element in args.element: raise ValueError("Unknown element '%s'" % element) mdis = machine.dis_engine(cont.bin_stream, dont_dis_nulstart_bloc=True, loc_db=loc_db) -ir_arch = machine.lifter_model_call(loc_db) +lifter = machine.lifter_model_call(loc_db) # Common argument forms init_ctx = {} @@ -67,7 +67,7 @@ if args.rename_args: asmcfg = mdis.dis_multiblock(int(args.func_addr, 0)) # Generate IR -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) # Get the instance dg = DependencyGraph( @@ -93,7 +93,7 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i with open(fname, "w") as fdesc: fdesc.write(sol.graph.dot()) - results = sol.emul(ir_arch, ctx=init_ctx) + results = sol.emul(lifter, ctx=init_ctx) tokens = {str(k): str(v) for k, v in viewitems(results)} if not args.json: result = ", ".join("=".join(x) for x in viewitems(tokens)) |