about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/disasm/dis_binary.py29
-rw-r--r--example/disasm/dis_binary_ir.py35
-rw-r--r--example/disasm/dis_binary_ira.py37
-rw-r--r--example/disasm/dis_x86_string.py22
-rw-r--r--example/samples/test_x86_32_dis.S12
-rwxr-xr-xtest/test_all.py29
6 files changed, 155 insertions, 9 deletions
diff --git a/example/disasm/dis_binary.py b/example/disasm/dis_binary.py
new file mode 100644
index 00000000..3e12ca91
--- /dev/null
+++ b/example/disasm/dis_binary.py
@@ -0,0 +1,29 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+fdesc = open(sys.argv[1], 'rb')
+
+# The Container will provide a *bin_stream*, bytes source for the disasm engine
+# It will prodive a view from a PE or an ELF.
+cont = Container.from_stream(fdesc)
+
+# The Machine, instantiated with the detected architecture, will provide tools
+# (disassembler, etc.) to work with this architecture
+machine = Machine(cont.arch)
+
+# Instantiate a disassembler engine, using the previous bin_stream and its
+# associated location DB. The assembly listing will use the binary symbols
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+# Run a recursive traversal disassembling from the entry point
+# (do not follow sub functions by default)
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+# Display each basic blocks
+for block in asmcfg.blocks:
+    print block
+
+# Output control flow graph in a dot file
+open('bin_cfg.dot', 'w').write(asmcfg.dot())
diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py
new file mode 100644
index 00000000..6d98d692
--- /dev/null
+++ b/example/disasm/dis_binary_ir.py
@@ -0,0 +1,35 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+#####################################
+# Common section from dis_binary.py #
+#####################################
+
+fdesc = open(sys.argv[1], 'rb')
+
+cont = Container.from_stream(fdesc)
+
+machine = Machine(cont.arch)
+
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+#####################################
+#    End common section             #
+#####################################
+
+# Get an IR convertor
+ir_arch = machine.ir(mdis.loc_db)
+
+# Get the IR of the asmcfg
+ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg)
+
+# Display each IR basic blocks
+for irblock in ircfg.blocks.values():
+    print irblock
+
+# Output ir control flow graph in a dot file
+open('bin_ir_cfg.dot', 'w').write(ircfg.dot())
diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py
new file mode 100644
index 00000000..c1bd5dc0
--- /dev/null
+++ b/example/disasm/dis_binary_ira.py
@@ -0,0 +1,37 @@
+import sys
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+#####################################
+# Common section from dis_binary.py #
+#####################################
+
+fdesc = open(sys.argv[1], 'rb')
+
+cont = Container.from_stream(fdesc)
+
+machine = Machine(cont.arch)
+
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+addr = cont.entry_point
+asmcfg = mdis.dis_multiblock(addr)
+
+#####################################
+#    End common section             #
+#####################################
+
+# Get an IRA convertor
+# The sub call are modelised by default operators
+# call_func_ret and call_func_stack
+ir_arch_analysis = machine.ira(mdis.loc_db)
+
+# Get the IR of the asmcfg
+ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg)
+
+# Display each IR basic blocks
+for irblock in ircfg_analysis.blocks.values():
+    print irblock
+
+# Output ir control flow graph in a dot file
+open('bin_ira_cfg.dot', 'w').write(ircfg_analysis.dot())
diff --git a/example/disasm/dis_x86_string.py b/example/disasm/dis_x86_string.py
new file mode 100644
index 00000000..8f919e4e
--- /dev/null
+++ b/example/disasm/dis_x86_string.py
@@ -0,0 +1,22 @@
+from miasm2.analysis.binary import Container
+from miasm2.analysis.machine import Machine
+
+# The Container will provide a *bin_stream*, bytes source for the disasm engine
+cont = Container.from_string("\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3")
+
+# Instantiate a x86 32 bit architecture
+machine = Machine("x86_32")
+
+# Instantiate a disassembler engine, using the previous bin_stream and its
+# associated location DB.
+mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db)
+
+# Run a recursive traversal disassembling from address 0
+asmcfg = mdis.dis_multiblock(0)
+
+# Display each basic blocks
+for block in asmcfg.blocks:
+    print block
+
+# Output control flow graph in a dot file
+open('str_cfg.dot', 'w').write(asmcfg.dot())
diff --git a/example/samples/test_x86_32_dis.S b/example/samples/test_x86_32_dis.S
new file mode 100644
index 00000000..d2e77bf9
--- /dev/null
+++ b/example/samples/test_x86_32_dis.S
@@ -0,0 +1,12 @@
+main:
+	CMP    EAX, 0x10
+	JZ     lbl2
+	MOV    ESI, EAX
+	CMOVA  EAX, EBX
+	JMP    end
+lbl2:
+	MOV    EAX, ECX
+	CALL   0x11223344
+	INC    EAX
+end:
+	RET
diff --git a/test/test_all.py b/test/test_all.py
index 42843e90..459d529e 100755
--- a/test/test_all.py
+++ b/test/test_all.py
@@ -538,6 +538,11 @@ test_x86_32_if_reg = ExampleShellcode(['x86_32', 'x86_32_if_reg.S', "x86_32_if_r
 test_x86_32_seh = ExampleShellcode(["x86_32", "x86_32_seh.S", "x86_32_seh.bin",
                                     "--PE"])
 test_x86_32_dead = ExampleShellcode(['x86_32', 'x86_32_dead.S', "x86_32_dead.bin"])
+test_x86_32_dis = ExampleShellcode(
+    [
+        "x86_32", "test_x86_32_dis.S", "test_x86_32_dis.bin", "--PE"
+    ]
+)
 
 test_human = ExampleShellcode(["x86_64", "human.S", "human.bin"])
 
@@ -557,6 +562,7 @@ testset += test_x86_32_if_reg
 testset += test_x86_32_seh
 testset += test_x86_32_dead
 testset += test_human
+testset += test_x86_32_dis
 
 class ExampleDisassembler(Example):
     """Disassembler examples specificities:
@@ -565,15 +571,20 @@ class ExampleDisassembler(Example):
     example_dir = "disasm"
 
 
-for script, prods in [(["single_instr.py"], []),
-                      (["callback.py"], []),
-                      (["function.py"], ["graph.dot"]),
-                      (["file.py", Example.get_sample("box_upx.exe"),
-                        "0x407570"], ["graph.dot"]),
-                      (["full.py", Example.get_sample("box_upx.exe")],
-                       ["graph_execflow.dot", "lines.dot"]),
-                      ]:
-    testset += ExampleDisassembler(script, products=prods)
+for script, prods, depends in [
+        (["single_instr.py"], [], []),
+        (["callback.py"], [], []),
+        (["dis_x86_string.py"], ["str_cfg.dot"], []),
+        (["dis_binary.py", Example.get_sample("test_x86_32_dis.bin"),
+        ], ["bin_cfg.dot"], [test_x86_32_dis]),
+        (["dis_binary_ir.py", Example.get_sample("test_x86_32_dis.bin"),
+        ], ["bin_ir_cfg.dot"], [test_x86_32_dis]),
+        (["dis_binary_ira.py", Example.get_sample("test_x86_32_dis.bin"),
+        ], ["bin_ira_cfg.dot"], [test_x86_32_dis]),
+        (["full.py", Example.get_sample("box_upx.exe")],
+         ["graph_execflow.dot", "lines.dot"], []),
+]:
+    testset += ExampleDisassembler(script, products=prods, depends=depends)
 
 
 class ExampleDisasmFull(ExampleDisassembler):