diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2018-05-18 14:43:57 +0200 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2018-06-09 00:33:48 +0200 |
| commit | 61551fa78e9dd22ed1f982b4fe171fd6383c39a6 (patch) | |
| tree | b10543391f9a66ddd5e3f6852c30d96b169b623d /example | |
| parent | a2637cdf0b40df074865d23a7fd71f082ad7f40a (diff) | |
| download | miasm-61551fa78e9dd22ed1f982b4fe171fd6383c39a6.tar.gz miasm-61551fa78e9dd22ed1f982b4fe171fd6383c39a6.zip | |
Core: replace AsmLabel by LocKey
Diffstat (limited to 'example')
| -rwxr-xr-x | example/asm/shellcode.py | 14 | ||||
| -rw-r--r-- | example/asm/simple.py | 10 | ||||
| -rw-r--r-- | example/disasm/callback.py | 25 | ||||
| -rw-r--r-- | example/disasm/full.py | 29 | ||||
| -rw-r--r-- | example/disasm/function.py | 6 | ||||
| -rw-r--r-- | example/expression/access_c.py | 6 | ||||
| -rw-r--r-- | example/expression/asm_to_ir.py | 8 | ||||
| -rw-r--r-- | example/expression/constant_propagation.py | 4 | ||||
| -rw-r--r-- | example/expression/graph_dataflow.py | 20 | ||||
| -rw-r--r-- | example/expression/solve_condition_stp.py | 19 | ||||
| -rw-r--r-- | example/ida/ctype_propagation.py | 2 | ||||
| -rw-r--r-- | example/ida/depgraph.py | 24 | ||||
| -rw-r--r-- | example/ida/graph_ir.py | 22 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 23 | ||||
| -rw-r--r-- | example/ida/utils.py | 34 | ||||
| -rw-r--r-- | example/jitter/sandbox_call.py | 3 | ||||
| -rw-r--r-- | example/jitter/unpack_upx.py | 9 | ||||
| -rw-r--r-- | example/symbol_exec/depgraph.py | 6 |
18 files changed, 145 insertions, 119 deletions
diff --git a/example/asm/shellcode.py b/example/asm/shellcode.py index 0c08a8a3..0ee32146 100755 --- a/example/asm/shellcode.py +++ b/example/asm/shellcode.py @@ -67,7 +67,7 @@ with open(args.source) as fstream: symbol_pool = asmblock.AsmSymbolPool() -blocks, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source, symbol_pool) +asmcfg, symbol_pool = parse_asm.parse_txt(machine.mn, attrib, source, symbol_pool) # Fix shellcode addrs symbol_pool.set_offset(symbol_pool.getby_name("main"), addr_main) @@ -77,19 +77,21 @@ if args.PE: pe.DirImport.get_funcvirt('USER32.dll', 'MessageBoxA')) # Print and graph firsts blocks before patching it -for block in blocks: +for block in asmcfg.blocks: print block -open("graph.dot", "w").write(blocks.dot()) +open("graph.dot", "w").write(asmcfg.dot()) # Apply patches patches = asmblock.asm_resolve_final(machine.mn, - blocks, + asmcfg, symbol_pool, dst_interval) if args.encrypt: # Encrypt code - ad_start = symbol_pool.getby_name_create(args.encrypt[0]).offset - ad_stop = symbol_pool.getby_name_create(args.encrypt[1]).offset + loc_start = symbol_pool.getby_name_create(args.encrypt[0]) + loc_stop = symbol_pool.getby_name_create(args.encrypt[1]) + ad_start = symbol_pool.loc_key_to_offset(loc_start) + ad_stop = symbol_pool.loc_key_to_offset(loc_stop) new_patches = dict(patches) for ad, val in patches.items(): diff --git a/example/asm/simple.py b/example/asm/simple.py index 62d2ff80..09df8d94 100644 --- a/example/asm/simple.py +++ b/example/asm/simple.py @@ -6,7 +6,7 @@ from miasm2.core import parse_asm, asmblock # Assemble code -blocks, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' +asmcfg, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' main: MOV EAX, 1 MOV EBX, 2 @@ -21,14 +21,14 @@ loop: RET ''') -# Set 'main' label's offset +# Set 'main' loc_key's offset symbol_pool.set_offset(symbol_pool.getby_name("main"), 0x0) # Spread information and resolve instructions offset -patches = asmblock.asm_resolve_final(mn_x86, blocks, symbol_pool) +patches = asmblock.asm_resolve_final(mn_x86, asmcfg, symbol_pool) -# Show resolved blocks -for block in blocks: +# Show resolved asmcfg +for block in asmcfg.blocks: print block # Print offset -> bytes diff --git a/example/disasm/callback.py b/example/disasm/callback.py index 6b7b2b81..bbf0afaf 100644 --- a/example/disasm/callback.py +++ b/example/disasm/callback.py @@ -1,5 +1,5 @@ from miasm2.core.bin_stream import bin_stream_str -from miasm2.core.asmblock import AsmLabel, AsmConstraint +from miasm2.core.asmblock import AsmConstraint from miasm2.arch.x86.disasm import dis_x86_32, cb_x86_funcs @@ -21,14 +21,15 @@ def cb_x86_callpop(cur_bloc, symbol_pool, *args, **kwargs): last_instr = cur_bloc.lines[-1] if last_instr.name != 'CALL': return - ## The destination must be a label + ## The destination must be a location dst = last_instr.args[0] - if not dst.is_label(): + if not dst.is_loc(): return - label = symbol_pool.loc_key_to_label(dst.loc_key) + loc_key = dst.loc_key + offset = symbol_pool.loc_key_to_offset(loc_key) ## The destination must be the next instruction - if label.offset != last_instr.offset + last_instr.l: + if offset != last_instr.offset + last_instr.l: return # Update instruction instance @@ -36,7 +37,7 @@ def cb_x86_callpop(cur_bloc, symbol_pool, *args, **kwargs): # Update next blocks to process in the disassembly engine cur_bloc.bto.clear() - cur_bloc.add_cst(label.offset, AsmConstraint.c_next, symbol_pool) + cur_bloc.add_cst(loc_key, AsmConstraint.c_next, symbol_pool) # Prepare a tiny shellcode @@ -48,8 +49,8 @@ bin_stream = bin_stream_str(shellcode) mdis = dis_x86_32(bin_stream) print "Without callback:\n" -blocks = mdis.dis_multiblock(0) -print "\n".join(str(block) for block in blocks) +asmcfg = mdis.dis_multiblock(0) +print "\n".join(str(block) for block in asmcfg.blocks) # Enable callback cb_x86_funcs.append(cb_x86_callpop) @@ -58,9 +59,9 @@ cb_x86_funcs.append(cb_x86_callpop) print "=" * 40 print "With callback:\n" -blocks_after = mdis.dis_multiblock(0) -print "\n".join(str(block) for block in blocks_after) +asmcfg_after = mdis.dis_multiblock(0) +print "\n".join(str(block) for block in asmcfg_after.blocks) # Ensure the callback has been called -assert blocks.heads()[0].lines[0].name == "CALL" -assert blocks_after.heads()[0].lines[0].name == "PUSH" +assert asmcfg.loc_key_to_block(asmcfg.heads()[0]).lines[0].name == "CALL" +assert asmcfg_after.loc_key_to_block(asmcfg_after.heads()[0]).lines[0].name == "PUSH" diff --git a/example/disasm/full.py b/example/disasm/full.py index e693a687..b0c34bff 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -3,7 +3,7 @@ from argparse import ArgumentParser from pdb import pm from miasm2.analysis.binary import Container -from miasm2.core.asmblock import log_asmblock, AsmLabel, AsmCFG +from miasm2.core.asmblock import log_asmblock, AsmCFG from miasm2.expression.expression import ExprId from miasm2.core.interval import interval from miasm2.analysis.machine import Machine @@ -99,7 +99,9 @@ for addr in args.address: addrs.append(int(addr, 0)) except ValueError: # Second chance, try with symbol - addrs.append(mdis.symbol_pool.getby_name(addr).offset) + loc_key = mdis.symbol_pool.getby_name(addr) + offset = mdis.symbol_pool.loc_key_to_offset(loc_key) + addrs.append(offset) if len(addrs) == 0 and default_addr is not None: addrs.append(default_addr) @@ -121,27 +123,28 @@ while not finish and todo: if ad in done: continue done.add(ad) - allblocks = mdis.dis_multiblock(ad) + asmcfg = mdis.dis_multiblock(ad) log.info('func ok %.16x (%d)' % (ad, len(all_funcs))) all_funcs.add(ad) - all_funcs_blocks[ad] = allblocks - for block in allblocks: + all_funcs_blocks[ad] = asmcfg + for block in asmcfg.blocks: for l in block.lines: done_interval += interval([(l.offset, l.offset + l.l)]) if args.funcswatchdog is not None: args.funcswatchdog -= 1 if args.recurfunctions: - for block in allblocks: + for block in asmcfg.blocks: instr = block.get_subcall_instr() if not instr: continue for dest in instr.getdstflow(mdis.symbol_pool): - if not (isinstance(dest, ExprId) and isinstance(dest.name, AsmLabel)): + if not dest.is_loc(): continue - todo.append((mdis, instr, dest.name.offset)) + offset = mdis.symbol_pool.loc_key_to_offset(dest.loc_key) + todo.append((mdis, instr, offset)) if args.funcswatchdog is not None and args.funcswatchdog <= 0: finish = True @@ -155,13 +158,13 @@ while not finish and todo: # Generate dotty graph -all_blocks = AsmCFG(mdis.symbol_pool) +all_asmcfg = AsmCFG(mdis.symbol_pool) for blocks in all_funcs_blocks.values(): - all_blocks += blocks + all_asmcfg += blocks log.info('generate graph file') -open('graph_execflow.dot', 'w').write(all_blocks.dot(offset=True)) +open('graph_execflow.dot', 'w').write(all_asmcfg.dot(offset=True)) log.info('generate intervals') @@ -190,9 +193,9 @@ if args.gen_ir: ir_arch_a = ira(mdis.symbol_pool) ir_arch.blocks = {} ir_arch_a.blocks = {} - for ad, all_block in all_funcs_blocks.items(): + for ad, asmcfg in all_funcs_blocks.items(): log.info("generating IR... %x" % ad) - for block in all_block: + for block in asmcfg.blocks: ir_arch_a.add_block(block) ir_arch.add_block(block) diff --git a/example/disasm/function.py b/example/disasm/function.py index 89f65abb..10495dbc 100644 --- a/example/disasm/function.py +++ b/example/disasm/function.py @@ -8,9 +8,9 @@ from miasm2.arch.x86.disasm import dis_x86_32 # RET shellcode = '\xb8\xef\xbe7\x13\xb9\x04\x00\x00\x00\xc1\xc0\x08\xe2\xfb\xc3' mdis = dis_x86_32(shellcode) -blocks = mdis.dis_multiblock(0) +asmcfg = mdis.dis_multiblock(0) -for block in blocks: +for block in asmcfg.blocks: print block -open('graph.dot', 'w').write(blocks.dot()) +open('graph.dot', 'w').write(asmcfg.dot()) diff --git a/example/expression/access_c.py b/example/expression/access_c.py index de158730..8856f6f8 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -100,7 +100,7 @@ def get_funcs_arg0(ctx, ira, lbl_head): for irb, index in find_call(ira): instr = irb[index].instr print 'Analysing references from:', hex(instr.offset), instr - g_list = g_dep.get(irb.label, set([element]), index, set([lbl_head])) + g_list = g_dep.get(irb.loc_key, set([element]), index, set([lbl_head])) for dep in g_list: emul_result = dep.emul(ctx) value = emul_result[element] @@ -143,11 +143,11 @@ dis_engine, ira = machine.dis_engine, machine.ira mdis = dis_engine(cont.bin_stream, symbol_pool=cont.symbol_pool) addr_head = 0 -blocks = mdis.dis_multiblock(addr_head) +asmcfg = mdis.dis_multiblock(addr_head) lbl_head = mdis.symbol_pool.getby_offset(addr_head) ir_arch_a = ira(mdis.symbol_pool) -for block in blocks: +for block in asmcfg.blocks: ir_arch_a.add_block(block) open('graph_irflow.dot', 'w').write(ir_arch_a.graph.dot()) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 786b860e..36965bfa 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -8,7 +8,7 @@ from miasm2.arch.x86.ira import ir_a_x86_32 from miasm2.analysis.data_flow import dead_simp # First, asm code -blocks, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' +asmcfg, symbol_pool = parse_asm.parse_txt(mn_x86, 32, ''' main: MOV EAX, 1 MOV EBX, 2 @@ -25,17 +25,17 @@ loop: symbol_pool.set_offset(symbol_pool.getby_name("main"), 0x0) -for block in blocks: +for block in asmcfg.blocks: print block print "symbols:" print symbol_pool -patches = asmblock.asm_resolve_final(mn_x86, blocks, symbol_pool) +patches = asmblock.asm_resolve_final(mn_x86, asmcfg, symbol_pool) # Translate to IR ir_arch = ir_a_x86_32(symbol_pool) -for block in blocks: +for block in asmcfg.blocks: print 'add block' print block ir_arch.add_block(block) diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index 70394580..3a81d909 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -32,8 +32,8 @@ ir_arch = ira(mdis.symbol_pool) addr = int(args.address, 0) -blocks = mdis.dis_multiblock(addr) -for block in blocks: +asmcfg = mdis.dis_multiblock(addr) +for block in asmcfg.blocks: ir_arch.add_block(block) diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index dd7e37a1..9b45a52d 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -47,7 +47,7 @@ def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): all_mems.update(get_expr_mem(n)) for n in all_mems: - node_n_w = get_node_name(irblock.label, 0, n) + node_n_w = get_node_name(irblock.loc_key, 0, n) if not n == src: continue o_r = n.arg.get_r(mem_read=False, cst_read=True) @@ -55,7 +55,7 @@ def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): if n_r in current_nodes: node_n_r = current_nodes[n_r] else: - node_n_r = get_node_name(irblock.label, i, n_r) + node_n_r = get_node_name(irblock.loc_key, i, n_r) if not n_r in in_nodes: in_nodes[n_r] = node_n_r flow_graph.add_uniq_edge(node_n_r, node_n_w) @@ -69,13 +69,13 @@ def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): if n_r in current_nodes: node_n_r = current_nodes[n_r] else: - node_n_r = get_node_name(irblock.label, 0, n_r) + node_n_r = get_node_name(irblock.loc_key, 0, n_r) if not n_r in in_nodes: in_nodes[n_r] = node_n_r flow_graph.add_node(node_n_r) for n_w in nodes_w: - node_n_w = get_node_name(irblock.label, 1, n_w) + node_n_w = get_node_name(irblock.loc_key, 1, n_w) out_nodes[n_w] = node_n_w flow_graph.add_node(node_n_w) @@ -96,8 +96,9 @@ def gen_block_data_flow_graph(ir_arch, ad, block_flow_cb): irblock_0 = None for irblock in ir_arch.blocks.values(): - label = ir_arch.symbol_pool.loc_key_to_label(irblock.label) - if label.offset == ad: + loc_key = irblock.loc_key + offset = ir_arch.symbol_pool.loc_key_to_offset(loc_key) + if offset == ad: irblock_0 = irblock break assert(irblock_0 is not None) @@ -120,7 +121,7 @@ def gen_block_data_flow_graph(ir_arch, ad, block_flow_cb): print 'OUT', [str(x) for x in irb_out_nodes[label]] print '*' * 20, 'interblock', '*' * 20 - inter_block_flow(ir_arch, flow_graph, irblock_0.label, irb_in_nodes, irb_out_nodes) + inter_block_flow(ir_arch, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt # graph_qt(flow_graph) @@ -133,15 +134,14 @@ ad = int(args.addr, 16) print 'disasm...' mdis = dis_x86_32(data) mdis.follow_call = True -ab = mdis.dis_multiblock(ad) +asmcfg = mdis.dis_multiblock(ad) print 'ok' print 'generating dataflow graph for:' ir_arch = ir_a_x86_32(mdis.symbol_pool) -blocks = ab -for block in blocks: +for block in asmcfg.blocks: print block ir_arch.add_block(block) for irblock in ir_arch.blocks.values(): diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 76dff96c..42e6670c 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -54,8 +54,8 @@ def emul_symb(ir_arch, mdis, states_todo, states_done): cond_group_b = {addr.cond: ExprInt(1, addr.cond.size)} addr_a = expr_simp(symbexec.eval_expr(addr.replace_expr(cond_group_a), {})) addr_b = expr_simp(symbexec.eval_expr(addr.replace_expr(cond_group_b), {})) - if not (addr_a.is_int() or addr_a.is_label() and - addr_b.is_int() or addr_b.is_label()): + if not (addr_a.is_int() or addr_a.is_loc() and + addr_b.is_int() or addr_b.is_loc()): print str(addr_a), str(addr_b) raise ValueError("Unsupported condition") if isinstance(addr_a, ExprInt): @@ -70,8 +70,7 @@ def emul_symb(ir_arch, mdis, states_todo, states_done): elif addr.is_int(): addr = int(addr.arg) states_todo.add((addr, symbexec.symbols.copy(), tuple(conds))) - elif addr.is_label(): - addr = ir_arch.symbol_pool.loc_key_to_label(addr.loc_key) + elif addr.is_loc(): states_todo.add((addr, symbexec.symbols.copy(), tuple(conds))) else: raise ValueError("Unsupported destination") @@ -93,7 +92,7 @@ if __name__ == '__main__': symbexec = SymbolicExecutionEngine(ir_arch, symbols_init) - blocks, symbol_pool = parse_asm.parse_txt(machine.mn, 32, ''' + asmcfg, symbol_pool = parse_asm.parse_txt(machine.mn, 32, ''' init: PUSH argv PUSH argc @@ -107,16 +106,16 @@ if __name__ == '__main__': ret_addr_lbl = symbol_pool.getby_name('ret_addr') init_lbl = symbol_pool.getby_name('init') - argc = ExprLoc(argc_lbl.loc_key, 32) - argv = ExprLoc(argv_lbl.loc_key, 32) - ret_addr = ExprLoc(ret_addr_lbl.loc_key, 32) + argc = ExprLoc(argc_lbl, 32) + argv = ExprLoc(argv_lbl, 32) + ret_addr = ExprLoc(ret_addr_lbl, 32) - block = list(blocks)[0] + block = asmcfg.loc_key_to_block(init_lbl) print block # add fake address and len to parsed instructions ir_arch.add_block(block) - irb = ir_arch.blocks[init_lbl.loc_key] + irb = ir_arch.blocks[init_lbl] symbexec.eval_updt_irblock(irb) symbexec.dump(ids=False) # reset ir_arch blocks diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 9b9c2e95..f459022e 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -201,7 +201,7 @@ class SymbExecCTypeFix(SymbExecCType): if expr.is_int(): continue for c_str, c_type in self.chandler.expr_to_c_and_types(expr, self.symbols): - expr = self.cst_propag_link.get((irb.label, index), {}).get(expr, expr) + expr = self.cst_propag_link.get((irb.loc_key, index), {}).get(expr, expr) offset2cmt.setdefault(instr.offset, set()).add( "\n%s: %s\n%s" % (expr, c_str, c_type)) diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 5342313a..ece02ad4 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -28,7 +28,8 @@ class depGraphSettingsForm(ida_kernwin.Form): self.address = idc.ScreenEA() cur_block = None for block in ira.getby_offset(self.address): - if block.label.offset is not None: + offset = self.ira.symbol_pool.loc_key_to_offset(block.loc_key) + if offset is not None: # Only one block non-generated assert cur_block is None cur_block = block @@ -38,7 +39,7 @@ class depGraphSettingsForm(ida_kernwin.Form): if assignblk.instr.offset == self.address: break assert line_nb is not None - cur_label = str(cur_block.label) + cur_label = str(cur_block.loc_key) labels = sorted(map(str, ira.blocks.keys())) regs = sorted(ira.arch.regs.all_regs_ids_byname.keys()) regs += self.stk_args.keys() @@ -110,13 +111,13 @@ Method to use: elif mode == 1: return value + 1 else: - return len(self.ira.blocks[self.label]) + return len(self.ira.blocks[self.loc_key]) @property def elements(self): value = self.cbReg.value if value in self.stk_args: - line = self.ira.blocks[self.label][self.line_nb].instr + line = self.ira.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.GetSpd(line.offset), ir_arch.sp.size) stk_off = m2_expr.ExprInt(self.ira.sp.size/8 * arg_num, ir_arch.sp.size) @@ -174,7 +175,7 @@ def treat_element(): for node in graph.relevant_nodes: try: - offset = ir_arch.blocks[node.label][node.line_nb].instr.offset + offset = ir_arch.blocks[node.loc_key][node.line_nb].instr.offset except IndexError: print "Unable to highlight %s" % node continue @@ -209,26 +210,27 @@ def launch_depgraph(): for ad, name in idautils.Names(): if name is None: continue - mdis.symbol_pool.add_label(name, ad) + mdis.symbol_pool.add_location(name, ad) # Get the current function addr = idc.ScreenEA() func = ida_funcs.get_func(addr) - blocks = mdis.dis_multiblock(func.startEA) + asmcfg = mdis.dis_multiblock(func.startEA) # Generate IR - for block in blocks: + for block in asmcfg.blocks: ir_arch.add_block(block) # Get settings settings = depGraphSettingsForm(ir_arch) settings.Execute() - label, elements, line_nb = settings.label, settings.elements, settings.line_nb + label, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb # Simplify affectations for irb in ir_arch.blocks.values(): irs = [] - fix_stack = irb.label.offset is not None and settings.unalias_stack + offset = ir_arch.symbol_pool.loc_key_to_offset(irb.loc_key) + fix_stack = offset is not None and settings.unalias_stack for assignblk in irb: if fix_stack: stk_high = m2_expr.ExprInt(idc.GetSpd(assignblk.instr.offset), ir_arch.sp.size) @@ -243,7 +245,7 @@ def launch_depgraph(): dst, src = expr_simp(dst), expr_simp(src) new_assignblk[dst] = src irs.append(AssignBlock(new_assignblk, instr=assignblk.instr)) - ir_arch.blocks[irb.label] = IRBlock(irb.label, irs) + ir_arch.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) # Get dependency graphs dg = settings.depgraph diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index fad793ff..370500e5 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -6,7 +6,7 @@ import idc import idautils from miasm2.core.bin_stream_ida import bin_stream_ida -from miasm2.core.asmblock import AsmLabel, is_int +from miasm2.core.asmblock import is_int from miasm2.expression.simplifications import expr_simp from miasm2.analysis.data_flow import dead_simp from miasm2.ir.ir import AssignBlock, IRBlock @@ -33,17 +33,15 @@ def label_str(self): else: return "%s:%s" % (self.name, str(self.offset)) -AsmLabel.__init__ = label_init -AsmLabel.__str__ = label_str def color_irblock(irblock, ir_arch): out = [] - lbl = idaapi.COLSTR(str(irblock.label), idaapi.SCOLOR_INSN) + lbl = idaapi.COLSTR(ir_arch.symbol_pool.str_loc_key(irblock.loc_key), idaapi.SCOLOR_INSN) out.append(lbl) for assignblk in irblock: for dst, src in sorted(assignblk.iteritems()): - dst_f = expr2colorstr(ir_arch.arch.regs.all_regs_ids, dst) - src_f = expr2colorstr(ir_arch.arch.regs.all_regs_ids, src) + dst_f = expr2colorstr(dst, symbol_pool=ir_arch.symbol_pool) + src_f = expr2colorstr(src, symbol_pool=ir_arch.symbol_pool) line = idaapi.COLSTR("%s = %s" % (dst_f, src_f), idaapi.SCOLOR_INSN) out.append(' %s' % line) out.append("") @@ -74,7 +72,7 @@ class GraphMiasmIR(idaapi.GraphViewer): continue all_dst = self.ir_arch.dst_trackback(irblock) for dst in all_dst: - if not dst.is_label(): + if not dst.is_loc(): continue if not dst.loc_key in self.ir_arch.blocks: continue @@ -123,7 +121,7 @@ def build_graph(verbose=False, simplify=False): mdis.symbol_pool.getby_name(name)): # Symbol alias continue - mdis.symbol_pool.add_label(name, addr) + mdis.symbol_pool.add_location(name, addr) if verbose: print "start disasm" @@ -131,15 +129,15 @@ def build_graph(verbose=False, simplify=False): if verbose: print hex(addr) - blocks = mdis.dis_multiblock(addr) + asmcfg = mdis.dis_multiblock(addr) if verbose: print "generating graph" - open('asm_flow.dot', 'w').write(blocks.dot()) + open('asm_flow.dot', 'w').write(asmcfg.dot()) print "generating IR... %x" % addr - for block in blocks: + for block in asmcfg.blocks: if verbose: print 'ADD' print block @@ -156,7 +154,7 @@ def build_graph(verbose=False, simplify=False): for dst, src in assignblk.iteritems() } irs.append(AssignBlock(new_assignblk, instr=assignblk.instr)) - ir_arch.blocks[irb.label] = IRBlock(irb.label, irs) + ir_arch.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) if verbose: out = ir_arch.graph.dot() diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index f019f77d..63014ece 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -34,8 +34,16 @@ class ActionHandlerTranslate(ActionHandler): class symbolicexec_t(idaapi.simplecustviewer_t): def add(self, key, value): - self.AddLine("%s = %s" % (expr2colorstr(self.machine.mn.regs.all_regs_ids, key), - expr2colorstr(self.machine.mn.regs.all_regs_ids, value))) + self.AddLine("%s = %s" % ( + expr2colorstr( + key, + symbol_pool=self.symbol_pool + ), + expr2colorstr( + value, + symbol_pool=self.symbol_pool + ) + )) def expand(self, linenum): element = self.line2eq[linenum] @@ -61,11 +69,12 @@ class symbolicexec_t(idaapi.simplecustviewer_t): form.Compile() form.Execute() - def Create(self, equations, machine, *args, **kwargs): + def Create(self, equations, machine, symbol_pool, *args, **kwargs): if not super(symbolicexec_t, self).Create(*args, **kwargs): return False self.machine = machine + self.symbol_pool = symbol_pool self.line2eq = sorted(equations.items(), key=operator.itemgetter(0)) self.lines_expanded = set() @@ -126,9 +135,9 @@ def symbolic_exec(): start, end = idc.SelStart(), idc.SelEnd() mdis.dont_dis = [end] - blocks = mdis.dis_multiblock(start) - ira = machine.ira() - for block in blocks: + asmcfg = mdis.dis_multiblock(start) + ira = machine.ira(symbol_pool=mdis.symbol_pool) + for block in asmcfg.blocks: ira.add_block(block) print "Run symbolic execution..." @@ -141,7 +150,7 @@ def symbolic_exec(): view = symbolicexec_t() all_views.append(view) - if not view.Create(modified, machine, + if not view.Create(modified, machine, mdis.symbol_pool, "Symbolic Execution - 0x%x to 0x%x" % (start, end)): return diff --git a/example/ida/utils.py b/example/ida/utils.py index e026f2fc..481220a9 100644 --- a/example/ida/utils.py +++ b/example/ida/utils.py @@ -72,22 +72,29 @@ class TranslatorIDA(Translator): # Implemented language __LANG__ = "ida_w_color" - def __init__(self, regs_ids=None, **kwargs): + def __init__(self, symbol_pool=None, **kwargs): super(TranslatorIDA, self).__init__(**kwargs) - if regs_ids is None: - regs_ids = {} - self.regs_ids = regs_ids + self.symbol_pool = symbol_pool def str_protected_child(self, child, parent): - return ("(%s)" % self.from_expr(child)) if m2_expr.should_parenthesize_child(child, parent) else self.from_expr(child) + return ("(%s)" % ( + self.from_expr(child)) if m2_expr.should_parenthesize_child(child, parent) + else self.from_expr(child) + ) def from_ExprInt(self, expr): return idaapi.COLSTR(str(expr), idaapi.SCOLOR_NUMBER) def from_ExprId(self, expr): - out = str(expr) - if expr in self.regs_ids: - out = idaapi.COLSTR(out, idaapi.SCOLOR_REG) + out = idaapi.COLSTR(str(expr), idaapi.SCOLOR_REG) + return out + + def from_ExprLoc(self, expr): + if self.symbol_pool is not None: + out = self.symbol_pool.str_loc_key(expr.loc_key) + else: + out = str(expr) + out = idaapi.COLSTR(out, idaapi.SCOLOR_REG) return out def from_ExprMem(self, expr): @@ -126,20 +133,23 @@ class TranslatorIDA(Translator): return (' ' + expr._op + ' ').join([self.str_protected_child(arg, expr) for arg in expr._args]) return (expr._op + '(' + - ', '.join([self.from_expr(arg) for arg in expr._args]) + ')') + ', '.join( + self.from_expr(arg) + for arg in expr._args + ) + ')') def from_ExprAff(self, expr): return "%s = %s" % tuple(map(expr.from_expr, (expr.dst, expr.src))) -def expr2colorstr(regs_ids, expr): +def expr2colorstr(expr, symbol_pool): """Colorize an Expr instance for IDA - @regs_ids: list of ExprId corresponding to available registers @expr: Expr instance to colorize + @symbol_pool: AsmSymbolPool instance """ - translator = TranslatorIDA(regs_ids) + translator = TranslatorIDA(symbol_pool=symbol_pool) return translator.from_expr(expr) diff --git a/example/jitter/sandbox_call.py b/example/jitter/sandbox_call.py index dc64af15..7a9fd946 100644 --- a/example/jitter/sandbox_call.py +++ b/example/jitter/sandbox_call.py @@ -15,7 +15,8 @@ sb = Sandbox_Linux_arml(options.filename, options, globals()) with open(options.filename, "rb") as fdesc: cont = Container.from_stream(fdesc) - addr_to_call = cont.symbol_pool.getby_name("md5_starts").offset + loc_key = cont.symbol_pool.getby_name("md5_starts") + addr_to_call = cont.symbol_pool.loc_key_to_offset(loc_key) # Calling md5_starts(malloc(0x64)) addr = linobjs.heap.alloc(sb.jitter, 0x64) diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index f9b0aed1..b86724d6 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -59,10 +59,11 @@ leaves = list(ab.get_bad_blocks_predecessors()) assert(len(leaves) == 1) l = leaves.pop() logging.info(l) -end_label = l.label.offset -logging.info('final label') -logging.info(end_label) +end_loc_key = mdis.symbol_pool.loc_key_to_offset(l) + +logging.info('final loc_key') +logging.info(end_loc_key) # Export CFG graph (dot format) if options.graph is True: @@ -85,7 +86,7 @@ def update_binary(jitter): return False # Set callbacks -sb.jitter.add_breakpoint(end_label, update_binary) +sb.jitter.add_breakpoint(end_loc_key, update_binary) # Run sb.run() diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index b8d838ae..621e8fca 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -59,10 +59,10 @@ if args.rename_args: init_ctx[e_mem] = ExprId("arg%d" % i, 32) # Disassemble the targeted function -blocks = mdis.dis_multiblock(int(args.func_addr, 0)) +asmcfg = mdis.dis_multiblock(int(args.func_addr, 0)) # Generate IR -for block in blocks: +for block in asmcfg.blocks: ir_arch.add_block(block) # Get the instance @@ -81,7 +81,7 @@ for assignblk_index, assignblk in enumerate(current_block): # Enumerate solutions json_solutions = [] -for sol_nb, sol in enumerate(dg.get(current_block.label, elements, assignblk_index, set())): +for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_index, set())): fname = "sol_%d.dot" % sol_nb with open(fname, "w") as fdesc: fdesc.write(sol.graph.dot()) |