diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2017-02-14 15:33:17 +0100 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2017-03-13 13:56:26 +0100 |
| commit | d8cbc059655bd275b5e178b2339b931d9f0b126a (patch) | |
| tree | 22a198d57baab9c3b94bf0f259faa4ca0db97c52 | |
| parent | 5ee794990ff30ca18909dd3815eda26ac267cbf4 (diff) | |
| download | miasm-d8cbc059655bd275b5e178b2339b931d9f0b126a.tar.gz miasm-d8cbc059655bd275b5e178b2339b931d9f0b126a.zip | |
IR/Symbexec: rename symbexec to SymbolicExecutionEngine
| -rw-r--r-- | example/expression/graph_dataflow.py | 4 | ||||
| -rw-r--r-- | example/expression/solve_condition_stp.py | 8 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 4 | ||||
| -rw-r--r-- | example/symbol_exec/single_instr.py | 4 | ||||
| -rw-r--r-- | miasm2/analysis/data_analysis.py | 6 | ||||
| -rw-r--r-- | miasm2/analysis/depgraph.py | 6 | ||||
| -rw-r--r-- | miasm2/ir/analysis.py | 4 | ||||
| -rw-r--r-- | miasm2/ir/symbexec.py | 49 | ||||
| -rw-r--r-- | miasm2/jitter/emulatedsymbexec.py | 4 | ||||
| -rwxr-xr-x | test/arch/arm/sem.py | 4 | ||||
| -rwxr-xr-x | test/arch/msp430/sem.py | 4 | ||||
| -rwxr-xr-x | test/arch/x86/sem.py | 4 | ||||
| -rwxr-xr-x | test/ir/symbexec.py | 10 |
13 files changed, 69 insertions, 42 deletions
diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 64801e52..16dbcbb6 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -7,7 +7,7 @@ from miasm2.arch.x86.ira import ir_a_x86_32 from miasm2.arch.x86.disasm import dis_x86_32 from miasm2.analysis.data_analysis import intra_bloc_flow_raw, inter_bloc_flow from miasm2.core.graph import DiGraph -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine parser = ArgumentParser("Simple expression use for generating dataflow graph") @@ -51,7 +51,7 @@ def get_modified_symbols(sb): def intra_bloc_flow_symb(ir_arch, flow_graph, irbloc): symbols_init = ir_arch.arch.regs.regs_init.copy() - sb = symbexec(ir_arch, symbols_init) + sb = SymbolicExecutionEngine(ir_arch, symbols_init) sb.emulbloc(irbloc) print '*' * 40 print irbloc diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 2a3b42fd..841081b4 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -11,7 +11,7 @@ from miasm2.arch.x86.sem import * from miasm2.core.bin_stream import bin_stream_str from miasm2.core import asmbloc from miasm2.expression.expression import get_rw -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.expression.simplifications import expr_simp from miasm2.expression import stp from miasm2.core import parse_asm @@ -58,7 +58,7 @@ def emul_symb(ir_arch, mdis, states_todo, states_done): print 'skip', ad continue states_done.add((ad, symbols, conds)) - sb = symbexec(ir_arch, {}) + sb = SymbolicExecutionEngine(ir_arch, {}) sb.symbols = symbols.copy() if ir_arch.pc in sb.symbols: del(sb.symbols[ir_arch.pc]) @@ -159,7 +159,7 @@ if __name__ == '__main__': ir_arch = ir_x86_32(mdis.symbol_pool) - sb = symbexec(ir_arch, symbols_init) + sb = SymbolicExecutionEngine(ir_arch, symbols_init) blocs, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' PUSH argv @@ -201,7 +201,7 @@ if __name__ == '__main__': all_cases = set() - sb = symbexec(ir_arch, symbols_init) + sb = SymbolicExecutionEngine(ir_arch, symbols_init) for ad, reqs_cond in all_info: all_ids = set() for k, v in reqs_cond: diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index 751f9a58..edb6287b 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -75,7 +75,7 @@ class symbolicexec_t(idaapi.simplecustviewer_t): def symbolic_exec(): - from miasm2.ir.symbexec import symbexec + from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.core.bin_stream_ida import bin_stream_ida from utils import guess_machine @@ -93,7 +93,7 @@ def symbolic_exec(): ira.add_bloc(bloc) print "Run symbolic execution..." - sb = symbexec(ira, machine.mn.regs.regs_init) + sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) sb.emul_ir_blocks(start) modified = {} diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index 365a17ec..3e418e5a 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -1,6 +1,6 @@ # Minimalist Symbol Exec example from miasm2.core.bin_stream import bin_stream_str -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.analysis.machine import Machine START_ADDR = 0 @@ -23,7 +23,7 @@ ira.add_bloc(asm_block) # Instanciate a Symbolic Execution engine with default value for registers ## EAX = EAX_init, ... symbols_init = ira.arch.regs.regs_init -symb = symbexec(ira, symbols_init) +symb = SymbolicExecutionEngine(ira, symbols_init) # Emulate one IR basic block ## Emulation of several basic blocks can be done through .emul_ir_blocks diff --git a/miasm2/analysis/data_analysis.py b/miasm2/analysis/data_analysis.py index 9fee22af..8582f2f7 100644 --- a/miasm2/analysis/data_analysis.py +++ b/miasm2/analysis/data_analysis.py @@ -1,6 +1,6 @@ from miasm2.expression.expression \ import get_expr_mem, get_list_rw, ExprId, ExprInt -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine def get_node_name(label, i, n): @@ -77,7 +77,7 @@ def intra_bloc_flow_symbexec(ir_arch, flow_graph, irb): symbols_init = dict(ir_arch.arch.regs.all_regs_ids_init) - sb = symbexec(ir_arch, dict(symbols_init)) + sb = SymbolicExecutionEngine(ir_arch, dict(symbols_init)) sb.emulbloc(irb) # print "*"*40 # print irb @@ -297,7 +297,7 @@ class symb_exec_func: # print "state done" # continue - sb = symbexec(self.ir_arch, dict(s)) + sb = SymbolicExecutionEngine(self.ir_arch, dict(s)) return parent, ad, sb return None diff --git a/miasm2/analysis/depgraph.py b/miasm2/analysis/depgraph.py index 281251c2..50e9dcf8 100644 --- a/miasm2/analysis/depgraph.py +++ b/miasm2/analysis/depgraph.py @@ -4,7 +4,7 @@ import miasm2.expression.expression as m2_expr from miasm2.core.graph import DiGraph from miasm2.core.asmbloc import asm_label, expr_is_int_or_label, expr_is_label from miasm2.expression.simplifications import expr_simp -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.ir.ir import irbloc, AssignBlock from miasm2.ir.translators import Translator from miasm2.expression.expression_helper import possible_values @@ -298,7 +298,7 @@ class DependencyResult(DependencyState): # Eval the block temp_label = asm_label("Temp") - symb_exec = symbexec(self._ira, ctx_init) + symb_exec = SymbolicExecutionEngine(self._ira, ctx_init) symb_exec.emulbloc(irbloc(temp_label, assignblks), step=step) # Return only inputs values (others could be wrongs) @@ -354,7 +354,7 @@ class DependencyResultImplicit(DependencyResult): if ctx is not None: ctx_init.update(ctx) solver = z3.Solver() - symb_exec = symbexec(self._ira, ctx_init) + symb_exec = SymbolicExecutionEngine(self._ira, ctx_init) history = self.history[::-1] history_size = len(history) translator = Translator.to_language("z3") diff --git a/miasm2/ir/analysis.py b/miasm2/ir/analysis.py index 73391bb2..11e6eebd 100644 --- a/miasm2/ir/analysis.py +++ b/miasm2/ir/analysis.py @@ -2,7 +2,7 @@ import logging -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.ir.ir import ir, AssignBlock from miasm2.expression.expression \ import ExprAff, ExprCond, ExprId, ExprInt, ExprMem, ExprOp @@ -300,7 +300,7 @@ class ira(ir): for irb in self.blocs.values(): symbols_init = dict(self.arch.regs.all_regs_ids_init) - sb = symbexec(self, dict(symbols_init)) + sb = SymbolicExecutionEngine(self, dict(symbols_init)) sb.emulbloc(irb) eqs = [] for n_w in sb.symbols: diff --git a/miasm2/ir/symbexec.py b/miasm2/ir/symbexec.py index 8e04c45b..d6a4c196 100644 --- a/miasm2/ir/symbexec.py +++ b/miasm2/ir/symbexec.py @@ -1,13 +1,12 @@ +import warnings +import logging + import miasm2.expression.expression as m2_expr from miasm2.expression.modint import int32 from miasm2.expression.simplifications import expr_simp from miasm2.core import asmbloc from miasm2.ir.ir import AssignBlock from miasm2.core.interval import interval -from miasm2.core.utils import get_caller_name -import warnings - -import logging log = logging.getLogger("symbexec") @@ -17,7 +16,10 @@ log.addHandler(console_handler) log.setLevel(logging.INFO) -class symbols(object): +class SymbolsMngr(object): + """ + Store registers and memory symbolic values + """ def __init__(self, init=None): if init is None: @@ -81,13 +83,13 @@ class symbols(object): [x[0] for x in self.symbols_mem.values()]) def copy(self): - new_symbols = symbols() + new_symbols = SymbolsMngr() new_symbols.symbols_id = dict(self.symbols_id) new_symbols.symbols_mem = dict(self.symbols_mem) return new_symbols def inject_info(self, info): - new_symbols = symbols() + new_symbols = SymbolsMngr() for expr, value in self.items(): expr = expr_simp(expr.replace_expr(info)) value = expr_simp(value.replace_expr(info)) @@ -95,13 +97,17 @@ class symbols(object): return new_symbols -class symbexec(object): +class SymbolicExecutionEngine(object): + """ + Symbolic execution engine + Allow IR code emulation in symbolic domain + """ def __init__(self, ir_arch, known_symbols, func_read=None, func_write=None, sb_expr_simp=expr_simp): - self.symbols = symbols() + self.symbols = SymbolsMngr() for expr, value in known_symbols.items(): self.symbols[expr] = value self.func_read = func_read @@ -441,7 +447,7 @@ class symbexec(object): print '_' * 80 return self.eval_expr(self.ir_arch.IRDst) - def emul_ir_bloc(self, myir, addr, step=False): + def emul_ir_bloc(self, _, addr, step=False): warnings.warn('DEPRECATION WARNING: use "emul_ir_block(self, addr, step=False)" instead of emul_ir_bloc') return self.emul_ir_block(addr, step) @@ -451,7 +457,7 @@ class symbexec(object): addr = self.emulbloc(irblock, step=step) return addr - def emul_ir_blocs(self, myir, addr, lbl_stop=None, step=False): + def emul_ir_blocs(self, _, addr, lbl_stop=None, step=False): warnings.warn('DEPRECATION WARNING: use "emul_ir_blocks(self, addr, lbl_stop=None, step=False):" instead of emul_ir_blocs') return self.emul_ir_blocks(addr, lbl_stop, step) @@ -466,6 +472,11 @@ class symbexec(object): return addr def del_mem_above_stack(self, stack_ptr): + """ + Remove all stored memory values with following properties: + * pointer based on initial stack value + * pointer below current stack pointer + """ stack_ptr = self.eval_expr(stack_ptr) for mem_addr, (mem, _) in self.symbols.symbols_mem.items(): diff = self.expr_simp(mem_addr - stack_ptr) @@ -487,3 +498,19 @@ class symbexec(object): ret = self.eval_expr(expr) return ret + +class symbexec(SymbolicExecutionEngine): + """ + DEPRECATED object + Use SymbolicExecutionEngine instead of symbexec + """ + + def __init__(self, ir_arch, known_symbols, + func_read=None, + func_write=None, + sb_expr_simp=expr_simp): + warnings.warn("Deprecated API: use SymbolicExecutionEngine") + super(symbexec, self).__init__(ir_arch, known_symbols, + func_read, + func_write, + sb_expr_simp=expr_simp) diff --git a/miasm2/jitter/emulatedsymbexec.py b/miasm2/jitter/emulatedsymbexec.py index 9ece5ff5..d4a67fe8 100644 --- a/miasm2/jitter/emulatedsymbexec.py +++ b/miasm2/jitter/emulatedsymbexec.py @@ -1,8 +1,8 @@ import miasm2.expression.expression as m2_expr -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine -class EmulatedSymbExec(symbexec): +class EmulatedSymbExec(SymbolicExecutionEngine): """Symbolic exec instance linked with a jitter""" cpuid = { diff --git a/test/arch/arm/sem.py b/test/arch/arm/sem.py index 3695fd29..01c536cd 100755 --- a/test/arch/arm/sem.py +++ b/test/arch/arm/sem.py @@ -4,7 +4,7 @@ import unittest import logging -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.arch.arm.arch import mn_arm as mn from miasm2.arch.arm.sem import ir_arml as ir_arch from miasm2.arch.arm.regs import * @@ -23,7 +23,7 @@ def compute(asm, inputstate={}, debug=False): sympool = dict(regs_init) sympool.update({k: ExprInt(v, k.size) for k, v in inputstate.iteritems()}) interm = ir_arch() - symexec = symbexec(interm, sympool) + symexec = SymbolicExecutionEngine(interm, sympool) instr = mn.fromstring(asm, "l") code = mn.asm(instr)[0] instr = mn.dis(code, "l") diff --git a/test/arch/msp430/sem.py b/test/arch/msp430/sem.py index 433055e0..4b5b0c7d 100755 --- a/test/arch/msp430/sem.py +++ b/test/arch/msp430/sem.py @@ -4,7 +4,7 @@ import unittest import logging -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.arch.msp430.arch import mn_msp430 as mn, mode_msp430 as mode from miasm2.arch.msp430.sem import ir_msp430 as ir_arch from miasm2.arch.msp430.regs import * @@ -21,7 +21,7 @@ def compute(asm, inputstate={}, debug=False): sympool = dict(regs_init) sympool.update({k: ExprInt(v, k.size) for k, v in inputstate.iteritems()}) interm = ir_arch() - symexec = symbexec(interm, sympool) + symexec = SymbolicExecutionEngine(interm, sympool) instr = mn.fromstring(asm, mode) code = mn.asm(instr)[0] instr = mn.dis(code, mode) diff --git a/test/arch/x86/sem.py b/test/arch/x86/sem.py index d2198847..676dfeed 100755 --- a/test/arch/x86/sem.py +++ b/test/arch/x86/sem.py @@ -7,7 +7,7 @@ import unittest import logging import copy -from miasm2.ir.symbexec import symbexec +from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.arch.x86.arch import mn_x86 as mn from miasm2.arch.x86.sem import ir_x86_32 as ir_32, ir_x86_64 as ir_64 from miasm2.arch.x86.regs import * @@ -25,7 +25,7 @@ m64 = 64 def symb_exec(interm, inputstate, debug): sympool = dict(regs_init) sympool.update(inputstate) - symexec = symbexec(interm, sympool) + symexec = SymbolicExecutionEngine(interm, sympool) symexec.emul_ir_blocks(0) if debug: for k, v in symexec.symbols.items(): diff --git a/test/ir/symbexec.py b/test/ir/symbexec.py index 2e776f74..48de6573 100755 --- a/test/ir/symbexec.py +++ b/test/ir/symbexec.py @@ -10,7 +10,7 @@ class TestSymbExec(unittest.TestCase): from miasm2.expression.expression import ExprInt32, ExprId, ExprMem, \ ExprCompose, ExprAff from miasm2.arch.x86.sem import ir_x86_32 - from miasm2.ir.symbexec import symbexec + from miasm2.ir.symbexec import SymbolicExecutionEngine from miasm2.ir.ir import AssignBlock addrX = ExprInt32(-1) @@ -35,10 +35,10 @@ class TestSymbExec(unittest.TestCase): id_a = ExprId('a') id_eax = ExprId('eax_init') - e = symbexec(ir_x86_32(), - {mem0: id_x, mem1: id_y, mem9: id_x, - mem40w: id_x[:16], mem50v: id_y, - id_a: addr0, id_eax: addr0}) + e = SymbolicExecutionEngine(ir_x86_32(), + {mem0: id_x, mem1: id_y, mem9: id_x, + mem40w: id_x[:16], mem50v: id_y, + id_a: addr0, id_eax: addr0}) self.assertEqual(e.find_mem_by_addr(addr0), mem0) self.assertEqual(e.find_mem_by_addr(addrX), None) self.assertEqual(e.eval_expr(ExprMem(addr1 - addr1)), id_x) |