diff options
29 files changed, 42 insertions, 57 deletions
diff --git a/README.md b/README.md index 24eca858..5c518efd 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [](https://travis-ci.org/cea-sec/miasm) -[](https://ci.appveyor.com/project/serpilliere/miasm-g9v6o/branch/master) +[](https://ci.appveyor.com/project/serpilliere/miasm-6lfba/branch/master) [](https://codeclimate.com/github/cea-sec/miasm) Reverse engineering framework in Python diff --git a/example/disasm/full.py b/example/disasm/full.py index ac8bf522..03094a55 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -10,7 +10,7 @@ from miasm2.analysis.data_flow import dead_simp, DiGraphDefUse, \ ReachingDefinitions, merge_blocks, remove_empty_assignblks, \ PropagateExpr, replace_stack_vars, load_from_int from miasm2.expression.simplifications import expr_simp -from miasm2.analysis.ssa import SSAPath, SSADiGraph, remove_phi +from miasm2.analysis.ssa import SSADiGraph, remove_phi from miasm2.ir.ir import AssignBlock, IRBlock log = logging.getLogger("dis") diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 3c8a745a..a3d6df8b 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -337,7 +337,7 @@ def analyse_function(): if lbl not in ircfg.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) - addr = symbexec_engine.run_block_at(ircfg, lbl) + symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) sons = ircfg.successors(lbl) @@ -351,7 +351,7 @@ def analyse_function(): if lbl not in ircfg.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) - addr = symbexec_engine.run_block_at(ircfg, lbl) + symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) diff --git a/example/jitter/run_with_linuxenv.py b/example/jitter/run_with_linuxenv.py index 933459f4..c9abe699 100644 --- a/example/jitter/run_with_linuxenv.py +++ b/example/jitter/run_with_linuxenv.py @@ -1,6 +1,5 @@ from argparse import ArgumentParser import logging -import os import re from elfesteem import elf as elf_csts diff --git a/miasm2/analysis/cst_propag.py b/miasm2/analysis/cst_propag.py index 7f74324f..48d588c8 100644 --- a/miasm2/analysis/cst_propag.py +++ b/miasm2/analysis/cst_propag.py @@ -52,9 +52,8 @@ def is_expr_cst(ir_arch, expr): if element.is_int(): continue return False - else: - # Expr is a constant - return True + # Expr is a constant + return True class SymbExecStateFix(SymbolicExecutionEngine): diff --git a/miasm2/analysis/data_flow.py b/miasm2/analysis/data_flow.py index f3881df9..83dae92d 100644 --- a/miasm2/analysis/data_flow.py +++ b/miasm2/analysis/data_flow.py @@ -957,7 +957,7 @@ def read_mem(bs, expr): var_bytes = bs.getbytes(ptr, expr.size / 8)[::-1] try: value = int(var_bytes.encode('hex'), 16) - except: + except ValueError: return expr return ExprInt(value, expr.size) diff --git a/miasm2/analysis/depgraph.py b/miasm2/analysis/depgraph.py index 46a83d2d..0d4a3719 100644 --- a/miasm2/analysis/depgraph.py +++ b/miasm2/analysis/depgraph.py @@ -50,6 +50,9 @@ class DependencyNode(object): self.element == depnode.element and self.line_nb == depnode.line_nb) + def __ne__(self, other): + return not self.__eq__(other) + def __cmp__(self, node): """Compares @self with @node.""" if not isinstance(node, self.__class__): @@ -195,8 +198,9 @@ class DependencyResult(DependencyState): """Container and methods for DependencyGraph results""" def __init__(self, ircfg, initial_state, state, inputs): + + super(DependencyResult, self).__init__(state.loc_key, state.pending) self.initial_state = initial_state - self.loc_key = state.loc_key self.history = state.history self.pending = state.pending self.line_nb = state.line_nb @@ -205,7 +209,6 @@ class DependencyResult(DependencyState): self._ircfg = ircfg # Init lazy elements - self._graph = None self._has_loop = None @property diff --git a/miasm2/analysis/expression_range.py b/miasm2/analysis/expression_range.py index a2c4a8df..f09a18d0 100644 --- a/miasm2/analysis/expression_range.py +++ b/miasm2/analysis/expression_range.py @@ -8,7 +8,6 @@ _op_range_handler = { "|": lambda x, y: x | y, "^": lambda x, y: x ^ y, "*": lambda x, y: x * y, - ">>": lambda x, y: x >> y, "a>>": lambda x, y: x.arithmetic_shift_right(y), "<<": lambda x, y: x << y, ">>": lambda x, y: x >> y, diff --git a/miasm2/analysis/ssa.py b/miasm2/analysis/ssa.py index a8a50351..61aa987f 100644 --- a/miasm2/analysis/ssa.py +++ b/miasm2/analysis/ssa.py @@ -509,7 +509,7 @@ class SSADiGraph(SSA): self._rename_phi_rhs(successor) # Save current SSA variable stack for successors in the dominator tree - for successor in dominator_tree.successors_iter(loc_key): + for _ in dominator_tree.successors_iter(loc_key): stack.append(self._stack_rhs) def _rename_phi_lhs(self, loc_key): diff --git a/miasm2/arch/aarch64/arch.py b/miasm2/arch/aarch64/arch.py index 15a7bd77..598aca83 100644 --- a/miasm2/arch/aarch64/arch.py +++ b/miasm2/arch/aarch64/arch.py @@ -357,7 +357,7 @@ class instruction_aarch64(instruction): raise NotImplementedError("bad op") def dstflow(self): - return self.name in self.name in BRCOND + ["B", "BL", "BR", "BLR"] + return self.name in BRCOND + ["B", "BL", "BR", "BLR"] def mnemo_flow_to_dst_index(self, name): if self.name in ['CBZ', 'CBNZ']: diff --git a/miasm2/arch/aarch64/sem.py b/miasm2/arch/aarch64/sem.py index 4247a47f..3f70d7a7 100644 --- a/miasm2/arch/aarch64/sem.py +++ b/miasm2/arch/aarch64/sem.py @@ -723,7 +723,7 @@ def mrs(ir, insr, arg1, arg2, arg3, arg4, arg5): out.append(nf) e.append(ExprAff(arg1, ExprCompose(*out).zeroExtend(arg1.size))) else: - raise NotImplementedError("MSR not implemented") + raise NotImplementedError("MRS not implemented") return e, [] def msr(ir, instr, arg1, arg2, arg3, arg4, arg5): @@ -735,7 +735,7 @@ def msr(ir, instr, arg1, arg2, arg3, arg4, arg5): e.append(ExprAff(cf, arg5[29:30])) e.append(ExprAff(of, arg5[28:29])) else: - raise NotImplementedError("MRS not implemented") + raise NotImplementedError("MSR not implemented") return e, [] diff --git a/miasm2/arch/arm/arch.py b/miasm2/arch/arm/arch.py index 74d4a89f..e1b015a5 100644 --- a/miasm2/arch/arm/arch.py +++ b/miasm2/arch/arm/arch.py @@ -2373,7 +2373,7 @@ armtop("addsp", [bs('10110000'), bs_addsubsp_name, sp, off7], [sp, off7]) armtop("pushpop", [bs('1011'), bs_pushpop_name, bs('10'), pclr, trlistpclr], [trlistpclr]) armtop("btransfersp", [bs('1100'), bs_tbtransfer_name, rbl_wb, trlist]) armtop("br", [bs('1101'), bs_br_name, offs8]) -armtop("blx", [bs("01000111"), bs('10'), rnl, bs('000')]) +armtop("blx", [bs("01000111"), bs('1'), rm, bs('000')]) armtop("svc", [bs('11011111'), imm8]) armtop("b", [bs('11100'), offs11]) armtop("und", [bs('1101'), bs('1110'), imm8_d1]) diff --git a/miasm2/arch/arm/sem.py b/miasm2/arch/arm/sem.py index 7dca6242..600ad586 100644 --- a/miasm2/arch/arm/sem.py +++ b/miasm2/arch/arm/sem.py @@ -283,7 +283,8 @@ def rsb(ir, instr, a, b, c=None): e = [] if c is None: b, c = a, b - r = c - b + arg1, arg2 = c, b + r = arg1 - arg2 e.append(ExprAff(a, r)) dst = get_dst(a) if dst is not None: @@ -297,10 +298,8 @@ def rsbs(ir, instr, a, b, c=None): b, c = a, b arg1, arg2 = c, b r = arg1 - arg2 - e += update_flag_arith_sub_zn(arg1, arg2) e += update_flag_arith_sub_co(arg1, arg2) - e.append(ExprAff(a, r)) dst = get_dst(a) if dst is not None: @@ -398,11 +397,8 @@ def l_cmp(ir, instr, a, b, c=None): if c is None: b, c = a, b arg1, arg2 = b, c - r = b - c - e += update_flag_arith_sub_zn(arg1, arg2) e += update_flag_arith_sub_co(arg1, arg2) - return e, [] @@ -411,11 +407,8 @@ def cmn(ir, instr, a, b, c=None): if c is None: b, c = a, b arg1, arg2 = b, c - r = b + c - e += update_flag_arith_add_zn(arg1, arg2) e += update_flag_arith_add_co(arg1, arg2) - return e, [] @@ -448,7 +441,7 @@ def orrs(ir, instr, a, b, c=None): if c is None: b, c = a, b arg1, arg2 = b, c - r = b | c + r = arg1 | arg2 e += [ExprAff(zf, ExprOp('FLAG_EQ', r))] e += update_flag_nf(r) @@ -525,7 +518,7 @@ def mrs(ir, instr, a, b): out.append(nf) e.append(ExprAff(a, ExprCompose(*out))) else: - raise NotImplementedError("MSR not implemented") + raise NotImplementedError("MRS not implemented") return e, [] def msr(ir, instr, a, b): @@ -536,7 +529,7 @@ def msr(ir, instr, a, b): e.append(ExprAff(cf, b[29:30])) e.append(ExprAff(of, b[28:29])) else: - raise NotImplementedError("MRS not implemented") + raise NotImplementedError("MSR not implemented") return e, [] diff --git a/miasm2/arch/ppc/arch.py b/miasm2/arch/ppc/arch.py index c100cde3..f198312e 100644 --- a/miasm2/arch/ppc/arch.py +++ b/miasm2/arch/ppc/arch.py @@ -313,7 +313,7 @@ class ppc_gpreg_or_0(ppc_reg): parser = reg_info.parser def decode(self, v): - ret = super(ppc_reg, self).decode(v) + ret = super(ppc_gpreg_or_0, self).decode(v) if ret == False: return False reg = self.expr diff --git a/miasm2/arch/ppc/sem.py b/miasm2/arch/ppc/sem.py index 3c885d12..82a662c2 100644 --- a/miasm2/arch/ppc/sem.py +++ b/miasm2/arch/ppc/sem.py @@ -135,7 +135,7 @@ def mn_do_cr(ir, instr, crd, cra, crb): elif op == 'XOR': r = a ^ b else: - raise "Unknown operation on CR" + raise RuntimeError("Unknown operation on CR") return [ ExprAff(d, r) ], [] def mn_do_div(ir, instr, rd, ra, rb): @@ -294,10 +294,10 @@ def mn_do_lswi(ir, instr, rd, ra, nb): if nb == 0: nb = 32 i = 32 - raise "%r not implemented" % instr + raise RuntimeError("%r not implemented" % instr) def mn_do_lswx(ir, instr, rd, ra, nb): - raise "%r not implemented" % instr + raise RuntimeError("%r not implemented" % instr) def mn_do_mcrf(ir, instr, crfd, crfs): ret = [] diff --git a/miasm2/arch/x86/arch.py b/miasm2/arch/x86/arch.py index 3e41d46e..2abd5bbc 100644 --- a/miasm2/arch/x86/arch.py +++ b/miasm2/arch/x86/arch.py @@ -939,7 +939,6 @@ class bs_modname_size(bs_divert): osize = v_opmode_info(size, opmode, 1, 0) nfields[i] = f nfields = nfields[:-1] - args = dict(self.args) ndct = dict(dct) if osize in self.args['name']: ndct['name'] = self.args['name'][osize] @@ -951,7 +950,6 @@ class bs_modname_size(bs_divert): f = bs("0", l=0, cls=(bs_fbit,), fname="rex_w") osize = v_opmode_info(size, opmode, 0, 0) nfields[i] = f - args = dict(self.args) ndct = dict(dct) if osize in self.args['name']: ndct['name'] = self.args['name'][osize] @@ -960,7 +958,6 @@ class bs_modname_size(bs_divert): l = opmode_prefix((dct['mode'], dct['opmode'], dct['admode'])) osize = v_opmode_info(size, opmode, None, 0) nfields = fields[:-1] - args = dict(self.args) ndct = dict(dct) if osize in self.args['name']: ndct['name'] = self.args['name'][osize] @@ -2897,9 +2894,7 @@ class bs_rel_off(bs_cond_imm): if not isinstance(self.expr, ExprInt): raise StopIteration arg0_expr = self.parent.args[0].expr - if self.l != 0: - l = self.l - else: + if self.l == 0: l = self.parent.v_opmode() self.l = l l = offsize(self.parent) diff --git a/miasm2/arch/x86/sem.py b/miasm2/arch/x86/sem.py index f07e2285..816608cb 100644 --- a/miasm2/arch/x86/sem.py +++ b/miasm2/arch/x86/sem.py @@ -1441,7 +1441,6 @@ def ret(ir, instr, src=None): myesp = mRSP[instr.mode][:size] if src is None: - src = m2_expr.ExprInt(0, size) value = (myesp + (m2_expr.ExprInt((size / 8), size))) else: src = m2_expr.ExprInt(int(src), size) @@ -1490,7 +1489,6 @@ def retf(ir, instr, src=None): def leave(ir, instr): - opmode, admode = instr.v_opmode(), instr.v_admode() size = instr.mode myesp = mRSP[size] e = [] @@ -4427,7 +4425,6 @@ def pslldq(_, instr, dst, src): def psrldq(_, instr, dst, src): assert src.is_int() - e = [] count = int(src) if count > 15: return [m2_expr.ExprAff(dst, m2_expr.ExprInt(0, dst.size))], [] @@ -4924,7 +4921,6 @@ def maskmovq(ir, instr, src, mask): # Build write blocks dst_addr = mRDI[instr.mode] for i, start in enumerate(xrange(0, mask.size, 8)): - bit = mask[start + 7: start + 8] cur_label = write_labels[i] next_check_label = check_labels[i + 1] if (i + 1) < len(check_labels) else loc_next_expr write_addr = dst_addr + m2_expr.ExprInt(i, dst_addr.size) @@ -5664,13 +5660,9 @@ class ir_x86_16(IntermediateRepresentation): return instr_ir, extra_ir instr.additional_info.except_on_instr = True - # get instruction size - s = {"B": 8, "W": 16, "D": 32, 'Q': 64}[instr.name[-1]] - size = instr.v_opmode() admode = instr.v_admode() c_reg = mRCX[instr.mode][:admode] - out_ir = [] zf_val = None # set if zf is tested (cmps, scas) for e in instr_ir: # +[updt_c]: diff --git a/miasm2/core/asmblock.py b/miasm2/core/asmblock.py index 2f336617..97113be1 100644 --- a/miasm2/core/asmblock.py +++ b/miasm2/core/asmblock.py @@ -169,7 +169,6 @@ class AsmBlock(object): def split(self, loc_db, offset): loc_key = loc_db.get_or_create_offset_location(offset) log_asmblock.debug('split at %x', offset) - i = -1 offsets = [x.offset for x in self.lines] offset = loc_db.get_location_offset(loc_key) if offset not in offsets: diff --git a/miasm2/core/cpu.py b/miasm2/core/cpu.py index 071991b7..813ac47d 100644 --- a/miasm2/core/cpu.py +++ b/miasm2/core/cpu.py @@ -684,7 +684,7 @@ class m_arg(object): self.expr = expr return start, stop - def asm_ast_to_expr(self, arg, loc_db): + def asm_ast_to_expr(self, arg, loc_db, **kwargs): raise NotImplementedError("Virtual") diff --git a/miasm2/core/ctypesmngr.py b/miasm2/core/ctypesmngr.py index ef14451f..5daf8950 100644 --- a/miasm2/core/ctypesmngr.py +++ b/miasm2/core/ctypesmngr.py @@ -36,6 +36,9 @@ class CTypeBase(object): def _typerepr(self): return self.__repr + def __eq__(self, other): + raise NotImplementedError("Abstract method") + def __ne__(self, other): return not self.__eq__(other) diff --git a/miasm2/core/types.py b/miasm2/core/types.py index e6ba1ccf..a60077ac 100644 --- a/miasm2/core/types.py +++ b/miasm2/core/types.py @@ -340,6 +340,9 @@ class Type(object): def __neq__(self, other): return not self == other + def __eq__(self, other): + raise NotImplementedError("Abstract method") + def __ne__(self, other): return not self.__eq__(other) diff --git a/miasm2/expression/expression.py b/miasm2/expression/expression.py index c4b3cca1..d617a8fa 100644 --- a/miasm2/expression/expression.py +++ b/miasm2/expression/expression.py @@ -1943,7 +1943,6 @@ def expr_is_IEEE754_zero(expr): """Return 1 or 0 on 1 bit if expr represent a zero value according to IEEE754 """ - info = size_to_IEEE754_info[expr.size] # Sign is the msb expr_no_sign = expr[:expr.size - 1] return ExprCond(expr_no_sign, ExprInt(0, 1), ExprInt(1, 1)) diff --git a/miasm2/jitter/codegen.py b/miasm2/jitter/codegen.py index ff6c1485..e1185944 100644 --- a/miasm2/jitter/codegen.py +++ b/miasm2/jitter/codegen.py @@ -6,7 +6,7 @@ from miasm2.expression.expression import Expr, ExprId, ExprLoc, ExprInt, \ ExprMem, ExprCond, LocKey from miasm2.ir.ir import IRBlock, AssignBlock -from miasm2.ir.translators.C import TranslatorC, int_size_to_bn +from miasm2.ir.translators.C import TranslatorC from miasm2.core.asmblock import AsmBlockBad from miasm2.expression.simplifications import expr_simp_high_to_explicit diff --git a/miasm2/jitter/llvmconvert.py b/miasm2/jitter/llvmconvert.py index 1c2b453b..3ef45e60 100644 --- a/miasm2/jitter/llvmconvert.py +++ b/miasm2/jitter/llvmconvert.py @@ -398,7 +398,7 @@ class LLVMContext_JIT(LLVMContext): builder.store(value, ret) value_ptr = builder.bitcast(ret, llvm_ir.IntType(8).as_pointer()) - ret = builder.call( + builder.call( fc_ptr, [ func.local_vars["jitcpu"], @@ -581,7 +581,6 @@ class LLVMFunction(): ptr = builder.gep(self.local_vars["vmcpu"], [llvm_ir.Constant(LLVMType.IntType(), offset)]) - regs = self.llvm_context.ir_arch.arch.regs pointee_type = LLVMType.IntType(expr.size) ptr_casted = builder.bitcast(ptr, llvm_ir.PointerType(pointee_type)) diff --git a/miasm2/jitter/loader/elf.py b/miasm2/jitter/loader/elf.py index af078ab5..d1df8c3f 100644 --- a/miasm2/jitter/loader/elf.py +++ b/miasm2/jitter/loader/elf.py @@ -166,7 +166,6 @@ def apply_reloc_x86(elf, vm, section, base_addr, loc_db): for reloc in section.reltab: # Parse relocation info - r_addend = reloc.addend if hasattr(reloc, "addend") else 0 r_info = reloc.info if elf.size == 64: r_info_sym = (r_info >> 32) & 0xFFFFFFFF diff --git a/miasm2/jitter/loader/pe.py b/miasm2/jitter/loader/pe.py index 9bc0ef8b..e4cd57ee 100644 --- a/miasm2/jitter/loader/pe.py +++ b/miasm2/jitter/loader/pe.py @@ -404,7 +404,6 @@ class libimp_pe(libimp): # Ensure function entry is created _ = self.lib_get_add_func(new_lib_base, exp_fname) - c_name = canon_libname_libfunc(exp_dname, exp_fname) libad_tmp = self.name2off[exp_dname] ad = self.lib_imp2ad[libad_tmp][exp_fname] diff --git a/miasm2/os_dep/linux/syscall.py b/miasm2/os_dep/linux/syscall.py index 87839dc4..5bf7d64c 100644 --- a/miasm2/os_dep/linux/syscall.py +++ b/miasm2/os_dep/linux/syscall.py @@ -1,7 +1,6 @@ import fcntl import functools import logging -import os import struct import termios diff --git a/miasm2/os_dep/win_api_x86_32.py b/miasm2/os_dep/win_api_x86_32.py index 19f8c994..db6cfa19 100644 --- a/miasm2/os_dep/win_api_x86_32.py +++ b/miasm2/os_dep/win_api_x86_32.py @@ -1530,6 +1530,8 @@ def my_GetVolumeInformation(jitter, funcname, get_str, set_str): "nfilesystemnamesize"]) if args.lprootpathname: s = get_str(args.lprootpathname) + log.info('GetVolumeInformation %r', s) + if args.lpvolumenamebuffer: s = "volumename" @@ -2066,7 +2068,7 @@ def msvcrt_swprintf(jitter): def msvcrt_fprintf(jitter): ret_addr, args = jitter.func_args_cdecl(['file', 'fmt']) cur_arg, fmt = 2, args.fmt - output = get_fmt_args(jitter, fmt, cur_arg) + output = get_fmt_args(jitter, fmt, cur_arg, jitter.get_str_ansi) ret = len(output) log.info("fprintf(%x, '%s') = '%s'" % (args.file, jitter.get_str_ansi(args.fmt), output)) diff --git a/test/arch/arm/arch.py b/test/arch/arm/arch.py index 8e3284dc..2110ccf7 100644 --- a/test/arch/arm/arch.py +++ b/test/arch/arm/arch.py @@ -431,6 +431,9 @@ reg_tests_armt = [ ("00000000 BLX R7", "B847"), + ("00000000 BLX R8", + "C047"), + ("00000000 CBZ R4, 0x2E", "bcb1"), ("00000000 CBNZ R0, 0x2A", |