diff options
| author | serpilliere <devnull@localhost> | 2012-02-27 11:28:16 +0100 |
|---|---|---|
| committer | serpilliere <devnull@localhost> | 2012-02-27 11:28:16 +0100 |
| commit | abbf20e77b276e4df3d43dbb2d62061178a1914e (patch) | |
| tree | 63028ea17798e267e6fb855bae39681ba5e89f3b /example/expression/symbolic_exec.py | |
| parent | c12642d1d0ab242054a95db52d79f8e208f02355 (diff) | |
| download | miasm-abbf20e77b276e4df3d43dbb2d62061178a1914e.tar.gz miasm-abbf20e77b276e4df3d43dbb2d62061178a1914e.zip | |
example: add symbolic execution and simplification
Diffstat (limited to 'example/expression/symbolic_exec.py')
| -rw-r--r-- | example/expression/symbolic_exec.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/example/expression/symbolic_exec.py b/example/expression/symbolic_exec.py new file mode 100644 index 00000000..40e9dc07 --- /dev/null +++ b/example/expression/symbolic_exec.py @@ -0,0 +1,38 @@ +import sys +from miasm.arch.ia32_arch import * +from miasm.tools.emul_helper import * +from miasm.core.bin_stream import bin_stream + +print "symbolic execution & simplification demo" + +def loop_emul(ad, machine, all_bloc): + ad = ExprInt(uint32(ad)) + while isinstance(ad, ExprInt): + b = asmbloc.getblocby_offset(all_bloc, ad.arg) + if not b: + raise ValueError('unknown bloc', repr(ad)) + print '*'*20, 'emul bloc:', '*'*20 + print b + ad = emul_bloc(machine, b) + return ad + +if len(sys.argv) != 2: + print "%s obf.bin"%sys.argv[0] + sys.exit(-1) + +data = open(sys.argv[1]).read() +in_str = bin_stream(data) + +symbol_pool = asmbloc.asm_symbol_pool() +ad = 0 + +all_bloc = asmbloc.dis_bloc_all(x86_mn, in_str, ad, set(), symbol_pool, dontdis_retcall = True) + +machine = x86_machine() +ad = loop_emul(ad, machine, all_bloc) +print +print "emulation result:" +print dump_reg(machine.pool) +print "eip", ad +print +print dump_mem(machine.pool) |