diff options
Diffstat (limited to 'miasm/analysis')
| -rw-r--r-- | miasm/analysis/binary.py | 15 | ||||
| -rw-r--r-- | miasm/analysis/depgraph.py | 3 | ||||
| -rw-r--r-- | miasm/analysis/disasm_cb.py | 47 | ||||
| -rw-r--r-- | miasm/analysis/dse.py | 9 | ||||
| -rw-r--r-- | miasm/analysis/sandbox.py | 80 |
5 files changed, 75 insertions, 79 deletions
diff --git a/miasm/analysis/binary.py b/miasm/analysis/binary.py index 36f3acb9..0548dc9d 100644 --- a/miasm/analysis/binary.py +++ b/miasm/analysis/binary.py @@ -3,7 +3,6 @@ import warnings from miasm.core.bin_stream import bin_stream_str, bin_stream_elf, bin_stream_pe from miasm.jitter.csts import PAGE_READ -from miasm.core.locationdb import LocationDB log = logging.getLogger("binary") @@ -35,15 +34,16 @@ class Container(object): fallback_container = None # Fallback container format @classmethod - def from_string(cls, data, *args, **kwargs): + def from_string(cls, data, loc_db, *args, **kwargs): """Instantiate a container and parse the binary @data: str containing the binary + @loc_db: LocationDB instance """ log.info('Load binary') # Try each available format for container_type in cls.available_container: try: - return container_type(data, *args, **kwargs) + return container_type(data, loc_db, *args, **kwargs) except ContainerSignatureException: continue except ContainerParsingException as error: @@ -51,7 +51,7 @@ class Container(object): # Fallback mode log.warning('Fallback to string input') - return cls.fallback_container(data, *args, **kwargs) + return cls.fallback_container(data, loc_db, *args, **kwargs) @classmethod def register_container(cls, container): @@ -79,17 +79,14 @@ class Container(object): """ raise NotImplementedError("Abstract method") - def __init__(self, data, loc_db=None, **kwargs): + def __init__(self, data, loc_db, **kwargs): "Alias for 'parse'" # Init attributes self._executable = None self._bin_stream = None self._entry_point = None self._arch = None - if loc_db is None: - self._loc_db = LocationDB() - else: - self._loc_db = loc_db + self._loc_db = loc_db # Launch parsing self.parse(data, **kwargs) diff --git a/miasm/analysis/depgraph.py b/miasm/analysis/depgraph.py index 964dcef4..0b370f61 100644 --- a/miasm/analysis/depgraph.py +++ b/miasm/analysis/depgraph.py @@ -7,7 +7,6 @@ from future.utils import viewitems from miasm.expression.expression import ExprInt, ExprLoc, ExprAssign, \ ExprWalk, canonize_to_exprloc from miasm.core.graph import DiGraph -from miasm.core.locationdb import LocationDB from miasm.expression.simplifications import expr_simp_explicit from miasm.ir.symbexec import SymbolicExecutionEngine from miasm.ir.ir import IRBlock, AssignBlock @@ -309,7 +308,7 @@ class DependencyResult(DependencyState): line_nb).assignblks # Eval the block - loc_db = LocationDB() + loc_db = ir_arch.loc_db temp_loc = loc_db.get_or_create_name_location("Temp") symb_exec = SymbolicExecutionEngine(ir_arch, ctx_init) symb_exec.eval_updt_irblock(IRBlock(temp_loc, assignblks), step=step) diff --git a/miasm/analysis/disasm_cb.py b/miasm/analysis/disasm_cb.py index f3480598..af47603b 100644 --- a/miasm/analysis/disasm_cb.py +++ b/miasm/analysis/disasm_cb.py @@ -11,8 +11,8 @@ from miasm.core.locationdb import LocationDB from miasm.core.utils import upck32 -def get_ira(mnemo, attrib): - arch = mnemo.name, attrib +def get_ira(arch, attrib): + arch = arch.name, attrib if arch == ("arm", "arm"): from miasm.arch.arm.ira import ir_a_arm_base as ira elif arch == ("x86", 32): @@ -20,20 +20,20 @@ def get_ira(mnemo, attrib): elif arch == ("x86", 64): from miasm.arch.x86.ira import ir_a_x86_64 as ira else: - raise ValueError('unknown architecture: %s' % mnemo.name) + raise ValueError('unknown architecture: %s' % arch.name) return ira -def arm_guess_subcall( - mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, loc_db): - ira = get_ira(mnemo, attrib) +def arm_guess_subcall(dis_engine, cur_block, offsets_to_dis): + arch = dis_engine.arch + loc_db = dis_engine.loc_db + ira = get_ira(arch, dis_engine.attrib) - sp = LocationDB() - ir_arch = ira(sp) + ir_arch = ira(loc_db) ircfg = ira.new_ircfg() print('###') - print(cur_bloc) - ir_arch.add_asmblock_to_ircfg(cur_bloc, ircfg) + print(cur_block) + ir_arch.add_asmblock_to_ircfg(cur_block, ircfg) to_add = set() for irblock in viewvalues(ircfg.blocks): @@ -43,14 +43,14 @@ def arm_guess_subcall( for e in exprs: if e.dst == ir_arch.pc: pc_val = e.src - if e.dst == mnemo.regs.LR: + if e.dst == arch.regs.LR: lr_val = e.src if pc_val is None or lr_val is None: continue if not isinstance(lr_val, ExprInt): continue - l = cur_bloc.lines[-1] + l = cur_block.lines[-1] if lr_val.arg != l.offset + l.l: continue l = loc_db.get_or_create_offset_location(int(lr_val)) @@ -60,20 +60,20 @@ def arm_guess_subcall( offsets_to_dis.add(int(lr_val)) for c in to_add: - cur_bloc.addto(c) + cur_block.addto(c) -def arm_guess_jump_table( - mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, loc_db): - ira = get_ira(mnemo, attrib) +def arm_guess_jump_table(dis_engine, cur_block, offsets_to_dis): + arch = dis_engine.arch + loc_db = dis_engine.loc_db + ira = get_ira(arch, dis_engine.attrib) jra = ExprId('jra') jrb = ExprId('jrb') - sp = LocationDB() - ir_arch = ira(sp) + ir_arch = ira(loc_db) ircfg = ira.new_ircfg() - ir_arch.add_asmblock_to_ircfg(cur_bloc, ircfg) + ir_arch.add_asmblock_to_ircfg(cur_block, ircfg) for irblock in viewvalues(ircfg.blocks): pc_val = None @@ -105,7 +105,7 @@ def arm_guess_jump_table( while i < max_table_entry: i += 1 try: - ad = upck32(pool_bin.getbytes(base_ad + 4 * i, 4)) + ad = upck32(dis_engine.bin_stream.getbytes(base_ad + 4 * i, 4)) except: break if abs(ad - base_ad) > max_diff_addr: @@ -117,12 +117,11 @@ def arm_guess_jump_table( offsets_to_dis.add(ad) l = loc_db.get_or_create_offset_location(ad) c = AsmConstraintTo(l) - cur_bloc.addto(c) + cur_block.addto(c) guess_funcs = [] -def guess_multi_cb( - mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, loc_db): +def guess_multi_cb(dis_engine, cur_block, offsets_to_dis): for f in guess_funcs: - f(mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, loc_db) + f(dis_engine, cur_block, offsets_to_dis) diff --git a/miasm/analysis/dse.py b/miasm/analysis/dse.py index 4d2655df..cfd13821 100644 --- a/miasm/analysis/dse.py +++ b/miasm/analysis/dse.py @@ -66,7 +66,6 @@ from miasm.expression.expression_helper import possible_values from miasm.ir.translators import Translator from miasm.analysis.expression_range import expr_range from miasm.analysis.modularintervals import ModularIntervals -from miasm.core.locationdb import LocationDB DriftInfo = namedtuple("DriftInfo", ["symbol", "computed", "expected"]) @@ -162,9 +161,9 @@ class DSEEngine(object): """ SYMB_ENGINE = ESETrackModif - def __init__(self, machine): + def __init__(self, machine, loc_db): self.machine = machine - self.loc_db = LocationDB() + self.loc_db = loc_db self.handler = {} # addr -> callback(DSEEngine instance) self.instrumentation = {} # addr -> callback(DSEEngine instance) self.addr_to_cacheblocks = {} # addr -> {label -> IRBlock} @@ -527,13 +526,13 @@ class DSEPathConstraint(DSEEngine): PRODUCE_SOLUTION_BRANCH_COV = 2 PRODUCE_SOLUTION_PATH_COV = 3 - def __init__(self, machine, produce_solution=PRODUCE_SOLUTION_CODE_COV, + def __init__(self, machine, loc_db, produce_solution=PRODUCE_SOLUTION_CODE_COV, known_solutions=None, **kwargs): """Init a DSEPathConstraint @machine: Machine of the targeted architecture instance @produce_solution: (optional) if set, new solutions will be computed""" - super(DSEPathConstraint, self).__init__(machine, **kwargs) + super(DSEPathConstraint, self).__init__(machine, loc_db, **kwargs) # Dependency check assert z3 is not None diff --git a/miasm/analysis/sandbox.py b/miasm/analysis/sandbox.py index 1449d7be..2c56e7ca 100644 --- a/miasm/analysis/sandbox.py +++ b/miasm/analysis/sandbox.py @@ -42,7 +42,7 @@ class Sandbox(object): classes = property(lambda x: x.__class__._classes_()) - def __init__(self, fname, options, custom_methods=None, **kwargs): + def __init__(self, loc_db, fname, options, custom_methods=None, **kwargs): """ Initialize a sandbox @fname: str file name @@ -54,8 +54,10 @@ class Sandbox(object): assert isinstance(fname, basestring) self.fname = fname self.options = options + self.loc_db = loc_db if custom_methods is None: custom_methods = {} + kwargs["loc_db"] = loc_db for cls in self.classes: if cls == Sandbox: continue @@ -171,9 +173,9 @@ class Arch(object): # Architecture name _ARCH_ = None - def __init__(self, **kwargs): + def __init__(self, loc_db, **kwargs): self.machine = Machine(self._ARCH_) - self.jitter = self.machine.jitter(self.options.jitter) + self.jitter = self.machine.jitter(loc_db, self.options.jitter) @classmethod def update_parser(cls, parser): @@ -384,8 +386,8 @@ class Arch_x86(Arch): STACK_SIZE = 0x10000 STACK_BASE = 0x130000 - def __init__(self, **kwargs): - super(Arch_x86, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_x86, self).__init__(loc_db, **kwargs) if self.options.usesegm: self.jitter.ir_arch.do_stk_segm = True @@ -417,8 +419,8 @@ class Arch_arml(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_arml, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_arml, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -431,8 +433,8 @@ class Arch_armb(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_armb, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_armb, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -445,8 +447,8 @@ class Arch_armtl(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_armtl, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_armtl, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -459,8 +461,8 @@ class Arch_mips32b(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_mips32b, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_mips32b, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -473,8 +475,8 @@ class Arch_aarch64l(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_aarch64l, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_aarch64l, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -487,8 +489,8 @@ class Arch_aarch64b(Arch): STACK_SIZE = 0x100000 STACK_BASE = 0x100000 - def __init__(self, **kwargs): - super(Arch_aarch64b, self).__init__(**kwargs) + def __init__(self, loc_db, **kwargs): + super(Arch_aarch64b, self).__init__(loc_db, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE @@ -506,8 +508,8 @@ class Arch_ppc32b(Arch_ppc32): class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments self.jitter.push_uint32_t(2) @@ -538,8 +540,8 @@ class Sandbox_Win_x86_32(Sandbox, Arch_x86_32, OS_Win): class Sandbox_Win_x86_64(Sandbox, Arch_x86_64, OS_Win): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # reserve stack for local reg for _ in range(0x4): @@ -574,8 +576,8 @@ class Sandbox_Win_x86_64(Sandbox, Arch_x86_64, OS_Win): class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -634,8 +636,8 @@ class Sandbox_Linux_x86_32(Sandbox, Arch_x86_32, OS_Linux): class Sandbox_Linux_x86_64(Sandbox, Arch_x86_64, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -693,8 +695,8 @@ class Sandbox_Linux_x86_64(Sandbox, Arch_x86_64, OS_Linux): class Sandbox_Linux_arml(Sandbox, Arch_arml, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -751,8 +753,8 @@ class Sandbox_Linux_arml(Sandbox, Arch_arml, OS_Linux): class Sandbox_Linux_armtl(Sandbox, Arch_armtl, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -810,8 +812,8 @@ class Sandbox_Linux_armtl(Sandbox, Arch_armtl, OS_Linux): class Sandbox_Linux_mips32b(Sandbox, Arch_mips32b, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -865,8 +867,8 @@ class Sandbox_Linux_mips32b(Sandbox, Arch_mips32b, OS_Linux): class Sandbox_Linux_armb_str(Sandbox, Arch_armb, OS_Linux_str): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) self.jitter.cpu.LR = self.CALL_FINISH_ADDR @@ -881,8 +883,8 @@ class Sandbox_Linux_armb_str(Sandbox, Arch_armb, OS_Linux_str): class Sandbox_Linux_arml_str(Sandbox, Arch_arml, OS_Linux_str): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) self.jitter.cpu.LR = self.CALL_FINISH_ADDR @@ -897,8 +899,8 @@ class Sandbox_Linux_arml_str(Sandbox, Arch_arml, OS_Linux_str): class Sandbox_Linux_aarch64l(Sandbox, Arch_aarch64l, OS_Linux): - def __init__(self, *args, **kwargs): - Sandbox.__init__(self, *args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + Sandbox.__init__(self, loc_db, *args, **kwargs) # Pre-stack some arguments if self.options.mimic_env: @@ -957,8 +959,8 @@ class Sandbox_Linux_ppc32b(Sandbox, Arch_ppc32b, OS_Linux): # The glue between the kernel and the ELF ABI on Linux/PowerPC is # implemented in glibc/sysdeps/powerpc/powerpc32/dl-start.S, so we # have to play the role of ld.so here. - def __init__(self, *args, **kwargs): - super(Sandbox_Linux_ppc32b, self).__init__(*args, **kwargs) + def __init__(self, loc_db, *args, **kwargs): + super(Sandbox_Linux_ppc32b, self).__init__(loc_db, *args, **kwargs) # Init stack self.jitter.stack_size = self.STACK_SIZE |