| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| | |
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| | |
Add error severities and the ability to filter for them. Include more
information in comparison error messages.
|
| | |
| |
| |
| |
| | |
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| | |
Reduce overhead of handling sparse memory
|
| | |
| |
| |
| |
| | |
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also implement a `MiasmSymbolicTransform.concat` function that
concatenates two transformations. Some minor adaptions to the eval_expr
code was necessary to remove some assumptions that don't work if the
resolver state returns symbols instead of concrete values.
Remove obsolete utilities that were used for angr.
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor SymbolicTransform interface a bit to include transformations of
memory content. Implement it for Miasm as a backend.
Move all symbolic execution things out of the test script
(`miasm_test.py`) and move them to `symbolic.py` to replace the
angr-based algorithms.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Step manually through single instructions instead of full basic blocks.
Record the transformation performed by each instruction as symbolic
equations.
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `SparseMemory` class represents a program's memory. While the user
can read from and write to arbitrary memory addresses, it manages its
memory in pages/chunks internally. This is a tradeoff between space
consumption (this solution might have a memory overhead) and lookup
speed of individual memory addresses.
Add two small unit tests for `SparseMemory`.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is the first draft of a `compare` algorithm that uses recorded
symbolic transformations. Is currently based on angr, so it's probably
going to be reworked to work with states generated by Miasm.
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add some infrastructure for flexible register name matching (i.e. using
'PC' to look up RIP):
- `Arch.to_regname` tries to look up a register's standard name from an
arbitrary string.
- `ArchX86` overrides `to_regname` to resolve alias names for
registers. Currently just 'PC' for 'RIP'.
- `ProgramState.read` and `ProgramState.write` use `to_regname` to make
register access more convenient.
Add all flags with their standard abbreviations to `x86.regnames`.
Implement a full RFLAGS decomposition into its individual flags in
`x86`. Replace the hacks in `run.py` and `miasm_test.py` with this more
complete solution.
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| | |
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- main.py: focaccia user-interface
- snapshot.py: state trace snapshots handling
- compare.py: snapshot comparison algorithms
- run.py: native execution tracer
- arancini.py: Arancini log handling
- arch/: per-architecture abstractions
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Employ some refactorings to make the parsing code simpler and faster.
Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|