about summary refs log tree commit diff stats
path: root/example/symbol_exec/single_instr.py
diff options
context:
space:
mode:
authorAjax <commial@gmail.com>2015-11-09 17:02:24 +0100
committerAjax <commial@gmail.com>2015-11-09 17:02:24 +0100
commitf266a5093fe9e323ea9bf489208693b10200f1af (patch)
tree7264f1911afc386fe7920bdb1837d4d063b4a584 /example/symbol_exec/single_instr.py
parentea2b165ae2b31d05dfac69bc723bb4625d434a82 (diff)
downloadmiasm-f266a5093fe9e323ea9bf489208693b10200f1af.tar.gz
miasm-f266a5093fe9e323ea9bf489208693b10200f1af.zip
Example/SymbolExec: enhance and comment
Diffstat (limited to 'example/symbol_exec/single_instr.py')
-rw-r--r--example/symbol_exec/single_instr.py42


1 files changed, 27 insertions, 15 deletions
diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py
index 416909f2..927b7aec 100644
--- a/example/symbol_exec/single_instr.py
+++ b/example/symbol_exec/single_instr.py
@@ -2,30 +2,42 @@
 from miasm2.core.bin_stream                 import bin_stream_str
 from miasm2.arch.x86.arch                   import mn_x86
 from miasm2.arch.x86.ira                    import ir_a_x86_32
-from miasm2.arch.x86.regs                   import all_regs_ids, all_regs_ids_init
+from miasm2.arch.x86.regs                   import regs_init
 from miasm2.ir.symbexec                     import symbexec
 from miasm2.arch.x86.disasm                 import dis_x86_32 as dis_engine
-import miasm2.expression.expression as m2_expr
+from miasm2.expression.expression           import ExprId
 
-l = mn_x86.fromstring("MOV EAX, EBX", 32)
-asm = mn_x86.asm(l)[0]
+START_ADDR = 0
 
-bin_stream = bin_stream_str(asm)
+# Assemble and disassemble a MOV
+## Ensure that attributes 'offset' and 'l' are set
+line = mn_x86.fromstring("MOV EAX, EBX", 32)
+asm = mn_x86.asm(line)[0]
 
+# Get back block
+bin_stream = bin_stream_str(asm)
 mdis = dis_engine(bin_stream)
-disasm = mdis.dis_multibloc(0)
+asm_block = mdis.dis_bloc(START_ADDR)
 
+# Translate ASM -> IR
 ir = ir_a_x86_32(mdis.symbol_pool)
-for bbl in disasm: ir.add_bloc(bbl)
+ir.add_bloc(asm_block)
 
-symbols_init =  {}
-for i, r in enumerate(all_regs_ids):
-    symbols_init[r] = all_regs_ids_init[i]
-symb = symbexec(ir, symbols_init)
+# Instanciate a Symbolic Execution engine with default value for registers
+## EAX = EAX_init, ...
+symb = symbexec(ir, regs_init)
 
-block = ir.get_bloc(0)
+# Emulate one IR basic block
+## Emulation of several basic blocks can be done through .emul_ir_blocs
+cur_addr = symb.emul_ir_bloc(ir, START_ADDR)
 
-cur_addr = symb.emulbloc(block)
-assert(symb.symbols[m2_expr.ExprId("EAX")] == symbols_init[m2_expr.ExprId("EBX")])
-print 'modified registers:'
+# Modified elements
+print 'Modified registers:'
 symb.dump_id()
+print 'Modified memory (should be empty):'
+symb.dump_mem()
+
+# Check final status
+eax, ebx = map(ExprId, ["EAX", "EBX"])
+assert symb.symbols[eax] == regs_init[ebx]
+assert eax in symb.modified()