From 0cf4f736fd5d7cd99f00d6c5896af9a608d2df8b Mon Sep 17 00:00:00 2001
From: Theofilos Augoustis <theofilos.augoustis@gmail.com>
Date: Thu, 7 Dec 2023 23:39:35 +0100
Subject: Replace symbolic execution tools with Miasm

Refactor SymbolicTransform interface a bit to include transformations of
memory content. Implement it for Miasm as a backend.

Move all symbolic execution things out of the test script
(`miasm_test.py`) and move them to `symbolic.py` to replace the
angr-based algorithms.
---
 miasm_util.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'miasm_util.py')

diff --git a/miasm_util.py b/miasm_util.py
index 55dfad0..3ceebea 100644
--- a/miasm_util.py
+++ b/miasm_util.py
@@ -1,3 +1,5 @@
+from typing import Callable
+
 from miasm.core.locationdb import LocationDB, LocKey
 from miasm.expression.expression import Expr, ExprOp, ExprId, ExprLoc, \
                                         ExprInt, ExprMem, ExprCompose, \
@@ -51,10 +53,21 @@ class MiasmConcreteState:
     def resolve_location(self, loc: LocKey) -> int | None:
         return self.loc_db.get_location_offset(loc)
 
-def eval_expr(expr: Expr, conc_state: MiasmConcreteState) -> int:
+def eval_expr(expr: Expr, conc_state: MiasmConcreteState):
+    """Evaluate a symbolic expression with regard to a concrete reference
+    state.
+
+    :param expr:       An expression to evaluate.
+    :param conc_state: The concrete reference state from which symbolic
+                       register and memory state is resolved.
+
+    :return: The most simplified and concrete representation of `expr` that
+             is possibly producible. May be either an `ExprInt` or an
+             `ExprLoc`.
+    """
     # Most of these implementation are just copy-pasted members of
     # `SymbolicExecutionEngine`.
-    expr_to_visitor = {
+    expr_to_visitor: dict[type[Expr], Callable] = {
         ExprInt:     _eval_exprint,
         ExprId:      _eval_exprid,
         ExprLoc:     _eval_exprloc,
@@ -105,7 +118,8 @@ def _eval_exprmem(expr: ExprMem, state: MiasmConcreteState):
     addr = eval_expr(expr.ptr, state)
     ret = state.resolve_memory(int(addr), int(expr.size / 8))
     assert(len(ret) * 8 == expr.size)
-    return ExprInt(int.from_bytes(ret, byteorder='little'), expr.size)
+    ival = ExprInt(int.from_bytes(ret, byteorder='little'), expr.size)
+    return ExprSlice(ival, 0, len(ret) * 8)
 
 def _eval_exprcond(expr, state: MiasmConcreteState):
     """Evaluate an ExprCond using the current state"""
-- 
cgit 1.4.1