about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/focaccia/lldb_target.py17
-rw-r--r--src/focaccia/symbolic.py16
2 files changed, 25 insertions, 8 deletions
diff --git a/src/focaccia/lldb_target.py b/src/focaccia/lldb_target.py
index 6f0011f..b0d7dd6 100644
--- a/src/focaccia/lldb_target.py
+++ b/src/focaccia/lldb_target.py
@@ -315,8 +315,21 @@ class LLDBConcreteTarget:
         return addr
 
     def get_disassembly(self, addr: int) -> str:
-        inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1)[0]
-        return f'{inst.GetMnemonic(self.target)} {inst.GetOperands(self.target)}'
+        inst: lldb.SBInstruction = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0]
+        mnemonic: str = inst.GetMnemonic(self.target).upper()
+        operands: str = inst.GetOperands(self.target).upper()
+        operands = operands.replace("0X", "0x")
+        return f'{mnemonic} {operands}'
+
+    def get_disassembly_bytes(self, addr: int):
+        error = lldb.SBError()
+        buf = self.process.ReadMemory(addr, 64, error)
+        inst = self.target.GetInstructions(lldb.SBAddress(addr, self.target), buf)[0]
+        return inst.GetData(self.target).ReadRawData(error, 0, inst.GetByteSize())
+
+    def get_instruction_size(self, addr: int) -> int:
+        inst = self.target.ReadInstructions(lldb.SBAddress(addr, self.target), 1, 'intel')[0]
+        return inst.GetByteSize()
 
 class LLDBLocalTarget(LLDBConcreteTarget):
     def __init__(self,
diff --git a/src/focaccia/symbolic.py b/src/focaccia/symbolic.py
index 4480d42..8b3289a 100644
--- a/src/focaccia/symbolic.py
+++ b/src/focaccia/symbolic.py
@@ -704,8 +704,12 @@ class SymbolicTracer:
         ctx = DisassemblyContext(lldb_state)
         arch = ctx.arch
 
+        # print(ctx.machine.mn().fromstring(str('add rdi, r11').upper(), ctx.loc_db, 'l'))
+        # quit()
+
         # Trace concolically
         strace: list[SymbolicTransform] = []
+        b = False
         while not target.is_exited():
             pc = target.read_register('pc')
 
@@ -719,16 +723,16 @@ class SymbolicTracer:
                 # Try to get the LLDB disassembly instead to simplify debugging
                 try:
                     alt_disas = target.get_disassembly(pc)
+                    instr = Instruction.from_string(alt_disas, ctx.arch, pc,
+                                                    target.get_instruction_size(pc))
+                    info(f'Disassembled instruction {instr} at {hex(pc)}')
+                    instr = instr.instr
                 except:
-                    warn(f'Unable to disassemble instruction at {hex(pc)}: {err}.'
+                    warn(f'Unable to disassemble instruction {hex(pc)}: {err}.'
                          f' Skipping.')
+                    target.step()
                     continue
 
-                warn(f'Unable to disassemble instruction {alt_disas} at {hex(pc)}: {err}.'
-                     f' Skipping.')
-                target.step()
-                continue
-
             # Run instruction
             conc_state = MiasmSymbolResolver(lldb_state, ctx.loc_db)
             new_pc, modified = run_instruction(instr, conc_state, ctx.lifter)