diff options
| -rw-r--r-- | .hgignore | 1 | ||||
| -rw-r--r-- | example/expression/asm_to_ir.py (renamed from example/expression/manip_expression6.py) | 0 | ||||
| -rw-r--r-- | example/expression/basic_op.py (renamed from example/expression/manip_expression1.py) | 0 | ||||
| -rw-r--r-- | example/expression/basic_simplification.py (renamed from example/expression/manip_expression3.py) | 0 | ||||
| -rw-r--r-- | example/expression/expr_grapher.py (renamed from example/expression/manip_expression7.py) | 0 | ||||
| -rw-r--r-- | example/expression/get_read_write.py (renamed from example/expression/manip_expression2.py) | 0 | ||||
| -rw-r--r-- | example/expression/graph_dataflow.py (renamed from example/expression/manip_expression4.py) | 0 | ||||
| -rw-r--r-- | example/expression/simplification_add.py | 51 | ||||
| -rw-r--r-- | example/expression/simplification_tools.py (renamed from example/expression/manip_expression5.py) | 0 | ||||
| -rw-r--r-- | example/test_symbexec.py | 141 | ||||
| -rw-r--r-- | test/test_all.py | 15 |
11 files changed, 60 insertions, 148 deletions
diff --git a/.hgignore b/.hgignore index f30a0566..d43f92c2 100644 --- a/.hgignore +++ b/.hgignore @@ -1,2 +1,3 @@ ^build/ ~$ +\.pyc$ \ No newline at end of file diff --git a/example/expression/manip_expression6.py b/example/expression/asm_to_ir.py index b5fe0ec5..b5fe0ec5 100644 --- a/example/expression/manip_expression6.py +++ b/example/expression/asm_to_ir.py diff --git a/example/expression/manip_expression1.py b/example/expression/basic_op.py index a9ed00e3..a9ed00e3 100644 --- a/example/expression/manip_expression1.py +++ b/example/expression/basic_op.py diff --git a/example/expression/manip_expression3.py b/example/expression/basic_simplification.py index 27c86096..27c86096 100644 --- a/example/expression/manip_expression3.py +++ b/example/expression/basic_simplification.py diff --git a/example/expression/manip_expression7.py b/example/expression/expr_grapher.py index d1cbb73b..d1cbb73b 100644 --- a/example/expression/manip_expression7.py +++ b/example/expression/expr_grapher.py diff --git a/example/expression/manip_expression2.py b/example/expression/get_read_write.py index faa3f9df..faa3f9df 100644 --- a/example/expression/manip_expression2.py +++ b/example/expression/get_read_write.py diff --git a/example/expression/manip_expression4.py b/example/expression/graph_dataflow.py index bbf721f7..bbf721f7 100644 --- a/example/expression/manip_expression4.py +++ b/example/expression/graph_dataflow.py diff --git a/example/expression/simplification_add.py b/example/expression/simplification_add.py new file mode 100644 index 00000000..008e094b --- /dev/null +++ b/example/expression/simplification_add.py @@ -0,0 +1,51 @@ +import miasm2.expression.expression as m2_expr +from miasm2.expression.simplifications import expr_simp +from pdb import pm +import os + +filename = os.environ.get('PYTHONSTARTUP') +if filename and os.path.isfile(filename): + execfile(filename) + +print """ +Expression simplification demo: Adding a simplification: +a + a + a == a * 3 + +More detailed examples can be found in miasm2/expression/simplification*. +""" + +# Define the simplification method +## @expr_simp is the current expression simplifier instance +## (for recursive simplifications) +## @expr is the expression to (perhaps) simplify +def simp_add_mul(expr_simp, expr): + "Naive Simplification: a + a + a == a * 3" + + # Match the expected form + ## isinstance(expr, m2_expr.ExprOp) is not needed: simplifications are + ## attached to expression types + if expr.op == "+" and \ + len(expr.args) == 3 and \ + expr.args.count(expr.args[0]) == len(expr.args): + + # Effective simplification + return m2_expr.ExprOp("*", expr.args[0], + m2_expr.ExprInt_from(expr.args[0], 3)) + else: + # Do not simplify + return expr + +a = m2_expr.ExprId('a') +base_expr = a + a + a +print "Without adding the simplification:" +print "\t%s = %s" % (base_expr, expr_simp(base_expr)) + +# Enable pass +expr_simp.enable_passes({m2_expr.ExprOp: [simp_add_mul]}) + +print "After adding the simplification:" +print "\t%s = %s" % (base_expr, expr_simp(base_expr)) + +# Automatic fail +assert(expr_simp(base_expr) == m2_expr.ExprOp("*", a, + m2_expr.ExprInt_from(a, 3))) diff --git a/example/expression/manip_expression5.py b/example/expression/simplification_tools.py index ed147c04..ed147c04 100644 --- a/example/expression/manip_expression5.py +++ b/example/expression/simplification_tools.py diff --git a/example/test_symbexec.py b/example/test_symbexec.py deleted file mode 100644 index 1eabe824..00000000 --- a/example/test_symbexec.py +++ /dev/null @@ -1,141 +0,0 @@ -import sys -import os -from elfesteem import * -from elfesteem.strpatchwork import StrPatchwork -import inspect -import logging -from pdb import pm -import struct -from optparse import OptionParser -from miasm2.expression.expression import * -from miasm2.core import asmbloc - -from miasm2.arch.x86.arch import mn_x86 -from miasm2.jitter.jitload import load_pe_in_vm, load_elf_in_vm, bin_stream_vm, get_import_address_elf -from miasm2.jitter.jitter import updt_bloc_emul -from miasm2.jitter.vm_mngr import * -from miasm2.jitter.arch import Jit_x86 -from miasm2.jitter.arch import Jit_arm -from miasm2.ir.ir2C import init_arch_C - - -from miasm2.core.bin_stream import bin_stream -# from jitter import * -from miasm2.jitter.os_dep import win_api_x86_32 - -from miasm2.ir.symbexec import symbexec - -from miasm2.ir.ir2C import bloc2IR - -from miasm2.arch.x86.regs import * - - -def whoami(): - return inspect.stack()[1][3] - - -log = logging.getLogger("dis") -console_handler = logging.StreamHandler() -console_handler.setFormatter(logging.Formatter("%(levelname)-5s: %(message)s")) -log.addHandler(console_handler) -log.setLevel(logging.INFO) - -filename = os.environ.get('PYTHONSTARTUP') -if filename and os.path.isfile(filename): - execfile(filename) - - -parser = OptionParser(usage="usage: %prog [options] file") -parser.add_option('-a', "--address", dest="address", metavar="ADDRESS", - help="force eop address", default=None) -parser.add_option('-m', "--architecture", dest="machine", metavar="MACHINE", - help="architecture to use for disasm: arm, x86_32, x86_64, ppc, java") -parser.add_option('-s', "--segm", dest="usesegm", action="store_true", - help="use segments fs:", default=False) -parser.add_option('-d', "--hdr", dest="loadhdr", action="store_true", - help="load pe hdr", default=False) -parser.add_option( - '-l', "--loadbasedll", dest="loadbasedll", action="store_true", - help="load base dll", default=False) -parser.add_option('-x', "--dumpall", dest="dumpall", action="store_true", - help="load base dll", default=False) -parser.add_option('-e', "--loadmainpe", dest="loadmainpe", action="store_true", - help="load main pe", default=False) - -parser.add_option('-b', "--dumpblocs", dest="dumpblocs", action="store_true", - help="log disasm blogs", default=False) - -parser.add_option('-r', "--parse_resources", dest="parse_resources", - action="store_true", help="parse pe resources", default=False) - -(options, args) = parser.parse_args(sys.argv[1:]) -if not args: - parser.print_help() - sys.exit(0) - - -log.info("import machine...") -mode = None -if options.machine == "arm": - from miasm2.arch.arm.arch import mn_arm as mn -elif options.machine == "sh4": - from miasm2.arch.sh4_arch import mn_sh4 as mn -elif options.machine == "x86_32": - from miasm2.arch.x86.arch import mn_x86 as mn -elif options.machine == "x86_64": - from miasm2.arch.x86.arch import mn_x86 as mn -else: - raise ValueError('unknown machine') -log.info('ok') -machines = {'arm': (mn, 'arm'), - 'sh4': (mn, None), - 'x86_32': (mn, 32), - 'x86_64': (mn, 64), - } - -mn, attrib = machines[options.machine] - -arch2jit = {'x86': Jit_x86, - 'arm': Jit_arm} - -jitarch = arch2jit[mn.name] - -e, in_str, runtime_dll, segm_to_do, symbol_pool, stack_ad = load_pe_in_vm( - mn, args[0], options) -# e, in_str, runtime_dll, segm_to_do, symbol_pool, stack_ad = -# load_elf_in_vm(mn, args[0], options) -init_arch_C(mn) - -win_api_x86_32.winobjs.runtime_dll = runtime_dll -""" -regs = jitarch.vm_get_gpreg() -regs['RSP'] = stack_ad -jitarch.vm_set_gpreg(regs) -""" - -symbol_pool = asmbloc.asm_symbol_pool() -known_blocs = {} -code_blocs_mem_range = [] - - -ad = 0x951DAF -ad = 0x9518C6 -ad = 0x9519FE -symbols_init = {} -for i, r in enumerate(all_regs_ids): - symbols_init[r] = all_regs_ids_init[i] - - -def se_bloc(ad, arch, attrib, sb): - l = asmbloc.asm_label(ad) - b = asmbloc.asm_bloc(l) - job_done = set() - asmbloc.dis_bloc(arch, in_str, b, ad, job_done, symbol_pool, - attrib=attrib) # , lines_wd = 8) - print b - bloc_ir = bloc2IR(arch, attrib, in_str, b, [], symbol_pool) - sb.emulbloc(arch, bloc_ir) - sb.dump_mem() - -sb = symbexec(mn, symbols_init) -se_bloc(ad, mn, attrib, sb) diff --git a/test/test_all.py b/test/test_all.py index a7b73d86..f931b776 100644 --- a/test/test_all.py +++ b/test/test_all.py @@ -75,14 +75,15 @@ all_tests = { ], "expression": [ ["symbol_exec.py"], - ["expression/manip_expression1.py"], - ["expression/manip_expression2.py"], - ["expression/manip_expression3.py"], - ["expression/manip_expression4.py", + ["expression/basic_op.py"], + ["expression/get_read_write.py"], + ["expression/basic_simplification.py"], + ["expression/graph_dataflow.py", "expression/sc_connect_back.bin", "0x2e"], - ["expression/manip_expression5.py"], - ["expression/manip_expression6.py"], - ["expression/manip_expression7.py"], + ["expression/simplification_tools.py"], + ["expression/asm_to_ir.py"], + ["expression/expr_grapher.py"], + ["expression/simplification_add.py"], ["test_dis.py", "-g", "-s", "-m", "arm", "demo_arm.bin", "0"], ["test_dis.py", "-g", "-s", "-m", "x86_32", "box_x86_32.bin", "0x401000"], |