diff options
| author | serpilliere <serpilliere@users.noreply.github.com> | 2015-11-09 16:22:46 +0100 |
|---|---|---|
| committer | serpilliere <serpilliere@users.noreply.github.com> | 2015-11-09 16:22:46 +0100 |
| commit | 9527fde87a9e8dec9d5ffde761fab247d9f6b4c7 (patch) | |
| tree | 6956afb65354b29b28f443e663e162d7a1b600c0 /example/symbol_exec/single_instr.py | |
| parent | 44b450e822967664b3d53ac44023ad5b425d0340 (diff) | |
| parent | 6feedf1203bc6cc6b2feb1be57f5a8e1de8fae5c (diff) | |
| download | miasm-9527fde87a9e8dec9d5ffde761fab247d9f6b4c7.tar.gz miasm-9527fde87a9e8dec9d5ffde761fab247d9f6b4c7.zip | |
Merge pull request #262 from commial/fix-symbexec-example
Fix symbexec example
Diffstat (limited to 'example/symbol_exec/single_instr.py')
| -rw-r--r-- | example/symbol_exec/single_instr.py | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index 416909f2..e4dcdba6 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -1,31 +1,41 @@ # Minimalist Symbol Exec example -from miasm2.core.bin_stream import bin_stream_str -from miasm2.arch.x86.arch import mn_x86 -from miasm2.arch.x86.ira import ir_a_x86_32 -from miasm2.arch.x86.regs import all_regs_ids, all_regs_ids_init -from miasm2.ir.symbexec import symbexec -from miasm2.arch.x86.disasm import dis_x86_32 as dis_engine -import miasm2.expression.expression as m2_expr +from miasm2.core.bin_stream import bin_stream_str +from miasm2.ir.symbexec import symbexec +from miasm2.analysis.machine import Machine -l = mn_x86.fromstring("MOV EAX, EBX", 32) -asm = mn_x86.asm(l)[0] +START_ADDR = 0 +machine = Machine("x86_32") -bin_stream = bin_stream_str(asm) +# Assemble and disassemble a MOV +## Ensure that attributes 'offset' and 'l' are set +line = machine.mn.fromstring("MOV EAX, EBX", 32) +asm = machine.mn.asm(line)[0] -mdis = dis_engine(bin_stream) -disasm = mdis.dis_multibloc(0) +# Get back block +bin_stream = bin_stream_str(asm) +mdis = machine.dis_engine(bin_stream) +asm_block = mdis.dis_bloc(START_ADDR) -ir = ir_a_x86_32(mdis.symbol_pool) -for bbl in disasm: ir.add_bloc(bbl) +# Translate ASM -> IR +ira = machine.ira(mdis.symbol_pool) +ira.add_bloc(asm_block) -symbols_init = {} -for i, r in enumerate(all_regs_ids): - symbols_init[r] = all_regs_ids_init[i] -symb = symbexec(ir, symbols_init) +# Instanciate a Symbolic Execution engine with default value for registers +## EAX = EAX_init, ... +symbols_init = ira.arch.regs.regs_init +symb = symbexec(ira, symbols_init) -block = ir.get_bloc(0) +# Emulate one IR basic block +## Emulation of several basic blocks can be done through .emul_ir_blocs +cur_addr = symb.emul_ir_bloc(ira, START_ADDR) -cur_addr = symb.emulbloc(block) -assert(symb.symbols[m2_expr.ExprId("EAX")] == symbols_init[m2_expr.ExprId("EBX")]) -print 'modified registers:' +# Modified elements +print 'Modified registers:' symb.dump_id() +print 'Modified memory (should be empty):' +symb.dump_mem() + +# Check final status +eax, ebx = ira.arch.regs.EAX, ira.arch.regs.EBX +assert symb.symbols[eax] == symbols_init[ebx] +assert eax in symb.modified() |