diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2018-06-22 19:49:09 +0200 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2018-07-05 16:14:26 +0200 |
| commit | 195c688da01add6d4d964addfe7e34bea78bdb03 (patch) | |
| tree | 80b346193da5609d19cdfc389ea84ad66399fa67 /example | |
| parent | 3e86fb7046eef0adef023207cb4875174b26beea (diff) | |
| download | miasm-195c688da01add6d4d964addfe7e34bea78bdb03.tar.gz miasm-195c688da01add6d4d964addfe7e34bea78bdb03.zip | |
IR: gen ircfg from ir_arch
Diffstat (limited to 'example')
| -rw-r--r-- | example/disasm/full.py | 26 | ||||
| -rw-r--r-- | example/expression/access_c.py | 20 | ||||
| -rw-r--r-- | example/expression/asm_to_ir.py | 16 | ||||
| -rw-r--r-- | example/expression/constant_propagation.py | 19 | ||||
| -rw-r--r-- | example/expression/get_read_write.py | 14 | ||||
| -rw-r--r-- | example/expression/graph_dataflow.py | 30 | ||||
| -rw-r--r-- | example/expression/solve_condition_stp.py | 13 | ||||
| -rw-r--r-- | example/ida/ctype_propagation.py | 27 | ||||
| -rw-r--r-- | example/ida/depgraph.py | 24 | ||||
| -rw-r--r-- | example/ida/graph_ir.py | 42 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 5 | ||||
| -rw-r--r-- | example/symbol_exec/depgraph.py | 17 | ||||
| -rw-r--r-- | example/symbol_exec/single_instr.py | 5 |
13 files changed, 125 insertions, 133 deletions
diff --git a/example/disasm/full.py b/example/disasm/full.py index ddf91e29..cfbfc80c 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -191,13 +191,17 @@ if args.gen_ir: ir_arch = ir(mdis.loc_db) ir_arch_a = ira(mdis.loc_db) + + ircfg = ir_arch.new_ircfg() + ircfg_a = ir_arch.new_ircfg() + ir_arch.blocks = {} ir_arch_a.blocks = {} for ad, asmcfg in all_funcs_blocks.items(): log.info("generating IR... %x" % ad) for block in asmcfg.blocks: - ir_arch_a.add_block(block) - ir_arch.add_block(block) + ir_arch.add_asmblock_to_ircfg(block, ircfg) + ir_arch_a.add_asmblock_to_ircfg(block, ircfg_a) log.info("Print blocks (without analyse)") for label, block in ir_arch.blocks.iteritems(): @@ -210,25 +214,25 @@ if args.gen_ir: print block if args.simplify > 0: - dead_simp(ir_arch_a) + dead_simp(ir_arch_a, ircfg_a) if args.defuse: reachings = ReachingDefinitions(ir_arch_a) open('graph_defuse.dot', 'w').write(DiGraphDefUse(reachings).dot()) - out = ir_arch_a.graph.dot() + out = ircfg.dot() open('graph_irflow.dot', 'w').write(out) - out = ir_arch.graph.dot() + out = ircfg_a.dot() open('graph_irflow_raw.dot', 'w').write(out) if args.simplify > 1: - ir_arch_a.simplify(expr_simp) + ircfg_a.simplify(expr_simp) modified = True while modified: modified = False - modified |= dead_simp(ir_arch_a) - modified |= ir_arch_a.remove_empty_assignblks() - modified |= ir_arch_a.remove_jmp_blocks() - modified |= ir_arch_a.merge_blocks() + modified |= dead_simp(ir_arch_a, ircfg_a) + modified |= ircfg_a.remove_empty_assignblks() + modified |= ircfg_a.remove_jmp_blocks() + modified |= ircfg_a.merge_blocks() - open('graph_irflow_reduced.dot', 'w').write(ir_arch_a.graph.dot()) + open('graph_irflow_reduced.dot', 'w').write(ircfg_a.dot()) diff --git a/example/expression/access_c.py b/example/expression/access_c.py index 8e440cc1..e8d5e318 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -54,11 +54,10 @@ from miasm2.core.objc import ExprToAccessC, CHandler from miasm2.core.objc import CTypesManagerNotPacked from miasm2.core.ctypesmngr import CAstTypes, CTypePtr, CTypeStruct - -def find_call(ira): +def find_call(ircfg): """Returns (irb, index) which call""" - for irb in ira.blocks.values(): + for irb in ircfg.blocks.values(): out = set() if len(irb) < 2: continue @@ -92,17 +91,17 @@ class MyExprToAccessC(ExprToAccessC): reduction_rules = ExprToAccessC.reduction_rules + [reduce_compose] -def get_funcs_arg0(ctx, ira, lbl_head): +def get_funcs_arg0(ctx, ira, ircfg, lbl_head): """Compute DependencyGraph on the func @lbl_head""" - g_dep = DependencyGraph(ira, follow_call=False) + g_dep = DependencyGraph(ircfg, follow_call=False) element = ira.arch.regs.RSI - for irb, index in find_call(ira): + for irb, index in find_call(ircfg): instr = irb[index].instr print 'Analysing references from:', hex(instr.offset), instr g_list = g_dep.get(irb.loc_key, set([element]), index, set([lbl_head])) for dep in g_list: - emul_result = dep.emul(ctx) + emul_result = dep.emul(ira, ctx) value = emul_result[element] yield value @@ -147,10 +146,9 @@ asmcfg = mdis.dis_multiblock(addr_head) lbl_head = mdis.loc_db.get_offset_location(addr_head) ir_arch_a = ira(mdis.loc_db) -for block in asmcfg.blocks: - ir_arch_a.add_block(block) +ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg) -open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot()) +open('graph_irflow.dot', 'w').write(ircfg.dot()) # Main function's first argument's type is "struct ll_human*" ptr_llhuman = types_mngr.get_objc(CTypePtr(CTypeStruct('ll_human'))) @@ -161,7 +159,7 @@ expr_types = {arg0: (ptr_llhuman,), mychandler = MyCHandler(types_mngr, expr_types) -for expr in get_funcs_arg0(ctx, ir_arch_a, lbl_head): +for expr in get_funcs_arg0(ctx, ir_arch_a, ircfg, lbl_head): print "Access:", expr for c_str, ctype in mychandler.expr_to_c_and_types(expr): print '\taccess:', c_str diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 6db07e9b..7036d960 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -7,6 +7,7 @@ from miasm2.core import asmblock from miasm2.arch.x86.ira import ir_a_x86_32 from miasm2.analysis.data_flow import dead_simp + # First, asm code asmcfg, loc_db = parse_asm.parse_txt(mn_x86, 32, ''' main: @@ -35,22 +36,19 @@ patches = asmblock.asm_resolve_final(mn_x86, asmcfg, loc_db) # Translate to IR ir_arch = ir_a_x86_32(loc_db) -for block in asmcfg.blocks: - print 'add block' - print block - ir_arch.add_block(block) +ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Display IR -for lbl, irblock in ir_arch.blocks.items(): +for lbl, irblock in ircfg.blocks.items(): print irblock # Dead propagation -open('graph.dot', 'w').write(ir_arch.graph.dot()) +open('graph.dot', 'w').write(ircfg.dot()) print '*' * 80 -dead_simp(ir_arch) -open('graph2.dot', 'w').write(ir_arch.graph.dot()) +dead_simp(ir_arch, ircfg) +open('graph2.dot', 'w').write(ircfg.dot()) # Display new IR print 'new ir blocks' -for lbl, irblock in ir_arch.blocks.items(): +for lbl, irblock in ircfg.blocks.items(): print irblock diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index b39bcafd..d9c5fe65 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -31,24 +31,21 @@ mdis = dis_engine(cont.bin_stream) ir_arch = ira(mdis.loc_db) addr = int(args.address, 0) - asmcfg = mdis.dis_multiblock(addr) -for block in asmcfg.blocks: - ir_arch.add_block(block) - +ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) init_infos = ir_arch.arch.regs.regs_init -cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos) +cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) if args.simplify: - ir_arch.simplify(expr_simp) + ircfg.simplify(expr_simp) modified = True while modified: modified = False - modified |= dead_simp(ir_arch) - modified |= ir_arch.remove_empty_assignblks() - modified |= ir_arch.remove_jmp_blocks() - modified |= ir_arch.merge_blocks() + modified |= dead_simp(ir_arch, ircfg) + modified |= ircfg.remove_empty_assignblks() + modified |= ircfg.remove_jmp_blocks() + modified |= ircfg.merge_blocks() -open("%s.propag.dot" % args.filename, 'w').write(ir_arch.graph.dot()) +open("%s.propag.dot" % args.filename, 'w').write(ircfg.dot()) diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index 1bacb251..34d0f94a 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -12,14 +12,14 @@ Get read/written registers for a given instruction """ arch = mn_x86 -ir_arch = ir_a_x86_32() - -l = arch.fromstring('LODSB', loc_db, 32) -l.offset, l.l = 0, 15 -ir_arch.add_instr(l) +ir_arch = ir_a_x86_32(loc_db) +ircfg = ir_arch.new_ircfg() +instr = arch.fromstring('LODSB', loc_db, 32) +instr.offset, instr.l = 0, 15 +ir_arch.add_instr_to_ircfg(instr, ircfg) print '*' * 80 -for lbl, irblock in ir_arch.blocks.iteritems(): +for lbl, irblock in ircfg.blocks.iteritems(): print irblock for assignblk in irblock: rw = assignblk.get_rw() @@ -28,4 +28,4 @@ for lbl, irblock in ir_arch.blocks.iteritems(): print 'written:', dst print -open('graph_instr.dot', 'w').write(ir_arch.graph.dot()) +open('graph_instr.dot', 'w').write(ircfg.dot()) diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index dd9d3e9b..b30bd29f 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -28,7 +28,7 @@ def get_node_name(label, i, n): return n_name -def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): +def intra_block_flow_symb(ir_arch, _, flow_graph, irblock, in_nodes, out_nodes): symbols_init = ir_arch.arch.regs.regs_init.copy() sb = SymbolicExecutionEngine(ir_arch, symbols_init) sb.eval_updt_irblock(irblock) @@ -87,17 +87,17 @@ def node2str(self, node): return out -def gen_block_data_flow_graph(ir_arch, ad, block_flow_cb): - for irblock in ir_arch.blocks.values(): +def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): + for irblock in ircfg.blocks.values(): print irblock - dead_simp(ir_arch) + dead_simp(ir_arch, ircfg) irblock_0 = None - for irblock in ir_arch.blocks.values(): + for irblock in ircfg.blocks.values(): loc_key = irblock.loc_key - offset = ir_arch.loc_db.get_location_offset(loc_key) + offset = ircfg.loc_db.get_location_offset(loc_key) if offset == ad: irblock_0 = irblock break @@ -108,20 +108,20 @@ def gen_block_data_flow_graph(ir_arch, ad, block_flow_cb): irb_in_nodes = {} irb_out_nodes = {} - for label in ir_arch.blocks: + for label in ircfg.blocks: irb_in_nodes[label] = {} irb_out_nodes[label] = {} - for label, irblock in ir_arch.blocks.iteritems(): - block_flow_cb(ir_arch, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) + for label, irblock in ircfg.blocks.iteritems(): + block_flow_cb(ir_arch, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) - for label in ir_arch.blocks: + for label in ircfg.blocks: print label print 'IN', [str(x) for x in irb_in_nodes[label]] print 'OUT', [str(x) for x in irb_out_nodes[label]] print '*' * 20, 'interblock', '*' * 20 - inter_block_flow(ir_arch, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) + inter_block_flow(ir_arch, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt # graph_qt(flow_graph) @@ -140,11 +140,9 @@ print 'ok' print 'generating dataflow graph for:' ir_arch = ir_a_x86_32(mdis.loc_db) +ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) -for block in asmcfg.blocks: - print block - ir_arch.add_block(block) -for irblock in ir_arch.blocks.values(): +for irblock in ircfg.blocks.values(): print irblock @@ -153,7 +151,7 @@ if args.symb: else: block_flow_cb = intra_block_flow_raw -gen_block_data_flow_graph(ir_arch, ad, block_flow_cb) +gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb) print '*' * 40 print """ diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 3c850445..acb3abf4 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -13,7 +13,6 @@ from miasm2.core import parse_asm from miasm2.arch.x86.disasm import dis_x86_32 as dis_engine from miasm2.ir.translators.translator import Translator - machine = Machine("x86_32") @@ -27,7 +26,7 @@ if not args: sys.exit(0) -def emul_symb(ir_arch, mdis, states_todo, states_done): +def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): while states_todo: addr, symbols, conds = states_todo.pop() print '*' * 40, "addr", addr, '*' * 40 @@ -39,7 +38,7 @@ def emul_symb(ir_arch, mdis, states_todo, states_done): symbexec.symbols = symbols.copy() if ir_arch.pc in symbexec.symbols: del symbexec.symbols[ir_arch.pc] - irblock = get_block(ir_arch, mdis, addr) + irblock = get_block(ir_arch, ircfg, mdis, addr) print 'Run block:' print irblock @@ -88,7 +87,7 @@ if __name__ == '__main__': ir_arch = machine.ir(mdis.loc_db) - + ircfg = ir_arch.new_ircfg() symbexec = SymbolicExecutionEngine(ir_arch) asmcfg, loc_db = parse_asm.parse_txt(machine.mn, 32, ''' @@ -127,8 +126,8 @@ if __name__ == '__main__': print block # add fake address and len to parsed instructions - ir_arch.add_block(block) - irb = ir_arch.blocks[init_lbl] + ir_arch.add_asmblock_to_ircfg(block, ircfg) + irb = ircfg.blocks[init_lbl] symbexec.eval_updt_irblock(irb) symbexec.dump(ids=False) # reset ir_arch blocks @@ -139,7 +138,7 @@ if __name__ == '__main__': states_todo.add((addr, symbexec.symbols, ())) # emul blocks, propagate states - emul_symb(ir_arch, mdis, states_todo, states_done) + emul_symb(ir_arch, ircfg, mdis, states_todo, states_done) all_info = [] diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index f236cf26..e8b52e3e 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -270,12 +270,12 @@ def analyse_function(): asmcfg = mdis.dis_multiblock(addr) # Generate IR - for block in asmcfg.blocks: - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } - cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos) + cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) @@ -317,8 +317,8 @@ def analyse_function(): first_block.lines[0] ) irb_head = IRBlock(lbl_head, [assignblk_head]) - ir_arch.blocks[lbl_head] = irb_head - ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start) + ircfg.blocks[lbl_head] = irb_head + ircfg.add_uniq_edge(lbl_head, lbl_real_start) state = TypePropagationEngine.StateEngine(infos_types) states = {lbl_head: state} @@ -331,23 +331,24 @@ def analyse_function(): if (lbl, state) in done: continue done.add((lbl, state)) - if lbl not in ir_arch.blocks: + if lbl not in ircfg.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) - addr = symbexec_engine.run_block_at(lbl) + addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) - ir_arch._graph = None - sons = ir_arch.graph.successors(lbl) + sons = ircfg.successors(lbl) for son in sons: - add_state(ir_arch, todo, states, son, - symbexec_engine.get_state()) + add_state( + ircfg, todo, states, son, + symbexec_engine.get_state() + ) for lbl, state in states.iteritems(): - if lbl not in ir_arch.blocks: + if lbl not in ircfg.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) - addr = symbexec_engine.run_block_at(lbl) + addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 1ba7bee7..297877a1 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -19,16 +19,17 @@ from utils import guess_machine class depGraphSettingsForm(ida_kernwin.Form): - def __init__(self, ira): + def __init__(self, ira, ircfg): self.ira = ira + self.ircfg = ircfg self.stk_args = {'ARG%d' % i:i for i in xrange(10)} self.stk_unalias_force = False self.address = idc.ScreenEA() cur_block = None - for block in ira.getby_offset(self.address): - offset = self.ira.loc_db.get_location_offset(block.loc_key) + for block in ircfg.getby_offset(self.address): + offset = self.ircfg.loc_db.get_location_offset(block.loc_key) if offset is not None: # Only one block non-generated assert cur_block is None @@ -40,7 +41,7 @@ class depGraphSettingsForm(ida_kernwin.Form): break assert line_nb is not None cur_loc_key = str(cur_block.loc_key) - loc_keys = sorted(map(str, ira.blocks.keys())) + loc_keys = sorted(map(str, ircfg.blocks.keys())) regs = sorted(ira.arch.regs.all_regs_ids_byname.keys()) regs += self.stk_args.keys() reg_default = regs[0] @@ -97,7 +98,7 @@ Method to use: @property def loc_key(self): value = self.cbBBL.value - for real_loc_key in self.ira.blocks: + for real_loc_key in self.ircfg.blocks: if str(real_loc_key) == value: return real_loc_key raise ValueError("Bad loc_key") @@ -111,13 +112,13 @@ Method to use: elif mode == 1: return value + 1 else: - return len(self.ira.blocks[self.loc_key]) + return len(self.ircfg.blocks[self.loc_key]) @property def elements(self): value = self.cbReg.value if value in self.stk_args: - line = self.ira.blocks[self.loc_key][self.line_nb].instr + line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.GetSpd(line.offset), ir_arch.sp.size) stk_off = m2_expr.ExprInt(self.ira.sp.size/8 * arg_num, ir_arch.sp.size) @@ -135,7 +136,7 @@ Method to use: @property def depgraph(self): value = self.cMethod.value - return DependencyGraph(self.ira, + return DependencyGraph(self.ircfg, implicit=value & 4, follow_mem=value & 1, follow_call=value & 2) @@ -185,7 +186,7 @@ def treat_element(): if graph.has_loop: print 'Graph has dependency loop: symbolic execution is inexact' else: - print "Possible value: %s" % graph.emul().values()[0] + print "Possible value: %s" % graph.emul(self.ira).values()[0] for offset, elements in comments.iteritems(): idc.MakeComm(offset, ", ".join(map(str, elements))) @@ -219,11 +220,10 @@ def launch_depgraph(): asmcfg = mdis.dis_multiblock(func.startEA) # Generate IR - for block in asmcfg.blocks: - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Get settings - settings = depGraphSettingsForm(ir_arch) + settings = depGraphSettingsForm(ir_arch, ircfg) settings.Execute() loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index 50895b88..afd00d5c 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -54,29 +54,29 @@ def color_irblock(irblock, ir_arch): class GraphMiasmIR(idaapi.GraphViewer): - def __init__(self, ir_arch, title, result): + def __init__(self, ircfg, title, result): idaapi.GraphViewer.__init__(self, title) - self.ir_arch = ir_arch + self.ircfg = ircfg self.result = result self.names = {} def OnRefresh(self): self.Clear() addr_id = {} - for irblock in self.ir_arch.blocks.values(): - id_irblock = self.AddNode(color_irblock(irblock, self.ir_arch)) + for irblock in self.ircfg.blocks.values(): + id_irblock = self.AddNode(color_irblock(irblock, self.ircfg)) addr_id[irblock] = id_irblock - for irblock in self.ir_arch.blocks.values(): + for irblock in self.ircfg.blocks.values(): if not irblock: continue - all_dst = self.ir_arch.dst_trackback(irblock) + all_dst = self.ircfg.dst_trackback(irblock) for dst in all_dst: if not dst.is_loc(): continue - if not dst.loc_key in self.ir_arch.blocks: + if not dst.loc_key in self.ircfg.blocks: continue - dst_block = self.ir_arch.blocks[dst.loc_key] + dst_block = self.ircfg.blocks[dst.loc_key] node1 = addr_id[irblock] node2 = addr_id[dst_block] self.AddEdge(node1, node2) @@ -137,16 +137,12 @@ def build_graph(verbose=False, simplify=False): print "generating IR... %x" % start_addr - for block in asmcfg.blocks: - if verbose: - print 'ADD' - print block - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) if verbose: print "IR ok... %x" % start_addr - for irb in ir_arch.blocks.itervalues(): + for irb in ircfg.blocks.itervalues(): irs = [] for assignblk in irb: new_assignblk = { @@ -154,27 +150,27 @@ def build_graph(verbose=False, simplify=False): for dst, src in assignblk.iteritems() } irs.append(AssignBlock(new_assignblk, instr=assignblk.instr)) - ir_arch.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) + ircfg.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) if verbose: - out = ir_arch.graph.dot() + out = ircfg.dot() open(os.path.join(tempfile.gettempdir(), 'graph.dot'), 'wb').write(out) title = "Miasm IR graph" if simplify: - dead_simp(ir_arch) + dead_simp(ir_arch, ircfg) - ir_arch.simplify(expr_simp) + ircfg.simplify(expr_simp) modified = True while modified: modified = False - modified |= dead_simp(ir_arch) - modified |= ir_arch.remove_empty_assignblks() - modified |= ir_arch.remove_jmp_blocks() - modified |= ir_arch.merge_blocks() + modified |= dead_simp(ir_arch, ircfg) + modified |= ircfg.remove_empty_assignblks() + modified |= ircfg.remove_jmp_blocks() + modified |= ircfg.merge_blocks() title += " (simplified)" - g = GraphMiasmIR(ir_arch, title, None) + g = GraphMiasmIR(ircfg, title, None) g.Show() diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index 43100943..ffaa9b27 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -142,12 +142,11 @@ def symbolic_exec(): mdis.dont_dis = [end] asmcfg = mdis.dis_multiblock(start) ira = machine.ira(loc_db=mdis.loc_db) - for block in asmcfg.blocks: - ira.add_block(block) + ircfg = ira.new_ircfg_from_asmcfg(asmcfg) print "Run symbolic execution..." sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) - sb.run_at(start) + sb.run_at(ircfg, start) modified = {} for dst, src in sb.modified(init_state=machine.mn.regs.regs_init): diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index 88540a83..f306e6e3 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -62,18 +62,19 @@ if args.rename_args: asmcfg = mdis.dis_multiblock(int(args.func_addr, 0)) # Generate IR -for block in asmcfg.blocks: - ir_arch.add_block(block) +ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Get the instance -dg = DependencyGraph(ir_arch, implicit=args.implicit, - apply_simp=not args.do_not_simplify, - follow_mem=not args.unfollow_mem, - follow_call=not args.unfollow_call) +dg = DependencyGraph( + ircfg, implicit=args.implicit, + apply_simp=not args.do_not_simplify, + follow_mem=not args.unfollow_mem, + follow_call=not args.unfollow_call +) # Build information target_addr = int(args.target_addr, 0) -current_block = list(ir_arch.getby_offset(target_addr))[0] +current_block = list(ircfg.getby_offset(target_addr))[0] assignblk_index = 0 for assignblk_index, assignblk in enumerate(current_block): if assignblk.instr.offset == target_addr: @@ -86,7 +87,7 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i with open(fname, "w") as fdesc: fdesc.write(sol.graph.dot()) - results = sol.emul(ctx=init_ctx) + results = sol.emul(ir_arch, ctx=init_ctx) tokens = {str(k): str(v) for k, v in results.iteritems()} if not args.json: result = ", ".join("=".join(x) for x in tokens.iteritems()) diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index 6ddd2608..c78f1f7f 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -21,14 +21,15 @@ asm_block = mdis.dis_block(START_ADDR) # Translate ASM -> IR ira = machine.ira(mdis.loc_db) -ira.add_block(asm_block) +ircfg = ira.new_ircfg() +ira.add_asmblock_to_ircfg(asm_block, ircfg) # Instanciate a Symbolic Execution engine with default value for registers symb = SymbolicExecutionEngine(ira) # Emulate one IR basic block ## Emulation of several basic blocks can be done through .emul_ir_blocks -cur_addr = symb.run_at(START_ADDR) +cur_addr = symb.run_at(ircfg, START_ADDR) # Modified elements print 'Modified registers:' |