about summary refs log tree commit diff stats
path: root/example/expression
diff options
context:
space:
mode:
Diffstat (limited to 'example/expression')
-rw-r--r--example/expression/find_conditions.py123
-rw-r--r--example/expression/manip_expression1.py28
-rw-r--r--example/expression/manip_expression2.py27
-rw-r--r--example/expression/manip_expression3.py25
-rw-r--r--example/expression/manip_expression4.py107
-rw-r--r--example/expression/manip_expression5.py82
-rw-r--r--example/expression/manip_expression6.py138
-rw-r--r--example/expression/obf.binbin1929 -> 0 bytes
-rw-r--r--example/expression/sc_connect_back.binbin290 -> 0 bytes
-rw-r--r--example/expression/simple_testsbin160 -> 0 bytes
-rw-r--r--example/expression/symbolic_exec.py38
11 files changed, 0 insertions, 568 deletions
diff --git a/example/expression/find_conditions.py b/example/expression/find_conditions.py
deleted file mode 100644
index f57a83ad..00000000
--- a/example/expression/find_conditions.py
+++ /dev/null
@@ -1,123 +0,0 @@
-import sys
-from miasm.arch.ia32_arch import *
-from miasm.tools.emul_helper import *
-from miasm.core.bin_stream import bin_stream
-from miasm.tools.to_c_helper import *
-from optparse import OptionParser
-
-
-
-"""
-Symbolic execute a function, and generate conditions list used to
-explore whole binary control flow
-
-python  find_conditions.py -a 0   simple_tests
-"""
-
-parser = OptionParser(usage = "usage: %prog [options] file")
-parser.add_option('-a', "--address", dest="address", metavar="ADDRESS",
-                  help="address to disasemble", default="0")
-
-
-(options, args) = parser.parse_args(sys.argv[1:])
-if not args:
-    parser.print_help()
-    sys.exit(0)
-fname = args[0]
-ad_to_dis = options.address
-
-data = (open(fname).read())
-in_str = bin_stream(data)
-symbol_pool = asmbloc.asm_symbol_pool()
-
-def add_bloc_to_disasm(ad, all_blocs, job_done):
-    b = asmbloc.dis_bloc_all(x86_mn, in_str, ad, set(),
-                             symbol_pool, bloc_wd = 1)[0]
-    all_blocs[ad] = b
-
-
-def get_bloc(ad, all_blocs, job_done):
-    if not ad in all_blocs:
-        add_bloc_to_disasm(ad, all_blocs, job_done)
-    return all_blocs[ad]
-
-init_state = x86_machine().pool
-def print_state(state):
-    to_out= []
-    for r in [eax, ebx, ecx, edx, esi, edi, esp, ebp]:
-        if state[r] == init_state[r]:
-            continue
-        to_out.append((r, state[r]))
-    for k, v in state.items():
-        if isinstance(k, ExprMem):
-            to_out.append((k, v))
-    for k, v in to_out:
-        print k, '=', v
-
-def emul_mn(states_todo, states_done, all_blocs, job_done):
-    while states_todo:
-        ad, pool = states_todo.pop()
-        if (ad, pool) in states_done:
-            print 'skip', ad
-            continue
-        states_done.add((ad, pool))
-        machine = x86_machine()
-        machine.pool = pool.copy()
-        ad = int(ad.arg)
-        b = get_bloc(ad, all_blocs, job_done)
-        ad = emul_bloc(machine, b)
-        print_state(machine.pool)
-        if isinstance(ad, ExprCond):
-            # Create 2 states, each including complementary conditions
-            p1 = machine.pool.copy()
-            p2 = machine.pool.copy()
-            c1 = {ad.cond: ExprInt(uint32(0))}
-            c2 = {ad.cond: ExprInt(uint32(1))}
-            p1[ad.cond] = ExprInt(uint32(0))
-            p2[ad.cond] = ExprInt(uint32(1))
-            ad1 = machine.eval_expr(ad.replace_expr(c1), {})
-            ad2 = machine.eval_expr(ad.replace_expr(c2), {})
-            if not (isinstance(ad1, ExprInt) and isinstance(ad2, ExprInt)):
-                print str(ad1), str(ad2)
-                raise ValueError("zarb condition")
-            states_todo.add((ad1, p1))
-            states_todo.add((ad2, p2))
-        elif isinstance(ad, ExprInt):
-            pass
-        elif ad == ret_addr:
-            continue
-        else:
-            raise ValueError("zarb eip")
-
-all_blocs = {}
-job_done = set()
-machine = x86_machine()
-
-argc = ExprId('argc')
-argv = ExprId('argv')
-ret_addr = ExprId('ret_addr')
-
-machine.eval_instr(push(ia32info(), argv))
-machine.eval_instr(push(ia32info(), argc))
-machine.eval_instr(push(ia32info(), ret_addr))
-
-ad = int(ad_to_dis, 16)
-print 'disasm', hex(ad)
-
-states_todo = set()
-states_todo.add((ExprInt(uint32(ad)), machine.pool))
-states_done = set()
-emul_mn(states_todo, states_done, all_blocs, job_done)
-
-all_info = set()
-print '*'*40, 'conditions to match', '*'*40
-for ad, pool in states_done:
-    for k, v in pool.items():
-        t = (k, v)
-        # filter conditions which are argc aware
-        if argc in k:
-            all_info.add(t)
-
-machine = x86_machine()
-for k, v in list(all_info):
-    print machine.eval_expr(k.replace_expr({}), {}), "=", v
diff --git a/example/expression/manip_expression1.py b/example/expression/manip_expression1.py
deleted file mode 100644
index 7c6c8965..00000000
--- a/example/expression/manip_expression1.py
+++ /dev/null
@@ -1,28 +0,0 @@
-from miasm.expression.expression import *
-
-print 'simple expression manipulation demo'
-# define 2 ID
-a = ExprId('eax', 32)
-b = ExprId('ebx', 32)
-print a, b
-# eax ebx
-
-# add those ID
-c = ExprOp('+', a, b)
-print c
-# (eax + ebx)
-
-# + automaticaly generates ExprOp('+', a, b)
-c = a + b
-print c
-# (eax + ebx)
-
-# ax is a slice of eax
-ax = a[:16]
-print ax
-# eax[0:16]
-
-#memory deref
-d = ExprMem(c, 32)
-print d
-# @32[(eax + ebx)]
diff --git a/example/expression/manip_expression2.py b/example/expression/manip_expression2.py
deleted file mode 100644
index e8b73a92..00000000
--- a/example/expression/manip_expression2.py
+++ /dev/null
@@ -1,27 +0,0 @@
-from miasm.arch.ia32_sem import *
-
-print 'simple expression use demo: get read/written stuff for instruction:'
-print 'add eax, [ebx]'
-print
-
-def get_rw(exprs):
-    o_r = set()
-    o_w = set()
-    for e in exprs:
-        o_r.update(e.get_r(mem_read=True))
-    for e in exprs:
-        o_w.update(e.get_w())
-    return o_r, o_w
-
-a = ExprId('eax')
-b = ExprMem(ExprId('ebx'), 32)
-
-exprs = add(ia32info(), a, b)
-o_r, o_w = get_rw(exprs)
-# read ID
-print 'r:', [str(x) for x in o_r]
-# ['eax', '@32[ebx]', 'ebx']
-
-# written ID
-print 'w:', [str(x) for x in o_w]
-# ['eax', 'pf', 'af', 'of', 'zf', 'cf', 'nf']
diff --git a/example/expression/manip_expression3.py b/example/expression/manip_expression3.py
deleted file mode 100644
index ed3123bb..00000000
--- a/example/expression/manip_expression3.py
+++ /dev/null
@@ -1,25 +0,0 @@
-from miasm.arch.ia32_sem import *
-from miasm.expression.expression_helper import *
-
-print 'simple expression simplification demo'
-print
-
-a = ExprId('eax')
-b = ExprId('ebx')
-c = a + b
-d = c - a
-print d
-# ((eax + ebx) - eax)
-print "=>", expr_simp(d)
-print
-# ebx
-e = ExprInt(uint32(0x12)) + ExprInt(uint32(0x30)) - a
-print e
-# ((0x12 + 0x30) - eax)
-print "=>",  expr_simp(e)
-# (0x42 - eax)
-
-o = ExprCompose([(a[:8], 0, 8),
-                 (a[8:16], 8, 16)])
-print o
-print expr_simp(o)
diff --git a/example/expression/manip_expression4.py b/example/expression/manip_expression4.py
deleted file mode 100644
index 65f1f2f4..00000000
--- a/example/expression/manip_expression4.py
+++ /dev/null
@@ -1,107 +0,0 @@
-from miasm.arch.ia32_sem import *
-from miasm.arch.ia32_arch import x86_mn
-from miasm.core import asmbloc
-from miasm.core.bin_stream import bin_stream
-from miasm.tools.emul_helper import *
-
-from elfesteem import pe_init
-import sys
-
-print 'simple expression use for generating dataflow graph'
-
-def get_rw(exprs):
-    o_r = set()
-    o_w = set()
-    for e in exprs:
-        o_r.update(e.get_r(mem_read=True))
-        if isinstance(e.dst, ExprMem):
-            o_r.update(e.dst.arg.get_r(mem_read=True))
-    for e in exprs:
-        o_w.update(e.get_w())
-    return o_r, o_w
-
-
-def bloc2expr(b):
-    out = []
-    for i, l in enumerate(b.lines):
-        print i, l
-        args = []
-        ex = get_instr_expr(l, ExprInt(uint32(l.offset)), args)
-        out.append(ex)
-    return out
-
-def node_x_2_id(n, x):
-    return hash(str(n)+str(x))& 0xffffffffffffffff
-
-def gen_bloc_data_flow_graph(b):
-    out_str = """
-digraph asm_graph {
-size="80,50";
-node [
-fontsize = "16",
-shape = "box"
-];
-
-"""
-    all_lines = bloc2expr(b)
-    current_nodes = {}
-    out = []
-    all_nodes = {}
-    out_str_2 = ""
-    for i, exprs in enumerate(all_lines):
-        n_r, n_w = get_rw(exprs)
-        src = []
-        for n in n_r:
-            x = current_nodes.get(n, 0)
-            current_nodes[n] = x
-            src.append(((n, x), i))
-        dst = []
-        for n in n_w:
-            x = current_nodes.get(n, 0) + 1
-            current_nodes[n] = x
-            dst.append((i, (n, x)))
-        out.append((src, dst))
-    for src, dst in out:
-        #print "---"
-        print src
-        print dst
-        for (n, x), i in src:
-            #print node_x_2_id(n, x), i
-            out_str_2 += "%s -> %s\n"%(node_x_2_id(n, x), i)
-            all_nodes[node_x_2_id(n, x)] = (n, x)
-
-        for i, (n, x) in dst:
-            out_str_2 += "%s -> %s\n"%(i, node_x_2_id(n, x))
-            all_nodes[node_x_2_id(n, x)] = (n, i)
-
-
-    for n, v in all_nodes.items():
-        out_str += '%s [label=\n"%s"\n];\n'%(n, str(v[1])+"_"+str(v[0]))
-    for i, l in enumerate(b.lines):
-        out_str += '%s [fillcolor=lightblue,style=filled,label=\n"%s"\n];\n'%(i, str(i)+" "+str(l))
-    out_str += out_str_2
-    out_str+="};\n"
-    open('out.txt', 'w').write(out_str)
-
-if len(sys.argv) != 2:
-    print "%s sc_connect_back.bin"%sys.argv[0]
-    sys.exit(-1)
-data = open(sys.argv[1]).read()
-in_str = bin_stream(data)
-
-job_done = set()
-symbol_pool = asmbloc.asm_symbol_pool()
-l = symbol_pool.add_label('toto')
-b = asmbloc.asm_bloc(l)
-
-ad = 0x2E
-asmbloc.dis_bloc(x86_mn, in_str, b, ad, job_done, symbol_pool)
-print 'generating dataflow graph for:'
-gen_bloc_data_flow_graph(b)
-
-print """
-Generate ps with pdf:
- dot -Tps out.txt -o graph.ps
-or:
- dotty out.txt
-"""
diff --git a/example/expression/manip_expression5.py b/example/expression/manip_expression5.py
deleted file mode 100644
index 165d9eef..00000000
--- a/example/expression/manip_expression5.py
+++ /dev/null
@@ -1,82 +0,0 @@
-from miasm.expression.expression import *
-
-print 'simple expression canonization demo'
-
-# define 2 ID
-a = ExprId('eax', 32)
-b = ExprId('ebx', 32)
-print a, b
-# eax ebx
-
-# add those ID
-c = ExprOp('+', a, b)
-print c
-# (eax + ebx)
-
-# + automaticaly generates ExprOp('+', a, b)
-c = a + b
-print c
-# (eax + ebx)
-
-# ax is a slice of eax
-ax = a[:16]
-print ax
-# eax[0:16]
-
-#memory deref
-d = ExprMem(c, 32)
-print d
-# @32[(eax + ebx)]
-
-print (a+b).canonize()
-print (b+a).canonize()
-
-m = ExprMem(a)
-
-print (a+m).canonize()
-print (m+a).canonize()
-
-s = a[:8]
-
-print (a+s).canonize()
-print (s+a).canonize()
-
-print (m+s).canonize()
-print (s+m).canonize()
-
-i1 = ExprInt(uint32(0x1))
-i2 = ExprInt(uint32(0x2))
-
-print (i1+i2).canonize()
-print (i2+i1).canonize()
-
-print (a+i2).canonize()
-print (i2+a).canonize()
-
-print (m+i2).canonize()
-print (i2+m).canonize()
-
-print (s+i2).canonize()
-print (i2+s).canonize()
-
-cc = ExprCond(a, b, c)
-
-o = ExprCompose([(a[:8], 8, 16),
-                 (a[8:16], 0, 8)])
-print o
-print o.canonize()
-
-o2 = ExprCompose([(a[8:16], 0, 8),
-                 (a[:8], 8, 16)])
-print o2
-print o2.canonize()
-
-print ExprMem(o).canonize()
-
-l = [a, b, c, m, s, i1, i2, o]
-print l
-print ExprOp('+', *l).canonize()
-l.reverse()
-print l
-print ExprOp('+', *l).canonize()
-
diff --git a/example/expression/manip_expression6.py b/example/expression/manip_expression6.py
deleted file mode 100644
index 7e32da4b..00000000
--- a/example/expression/manip_expression6.py
+++ /dev/null
@@ -1,138 +0,0 @@
-from miasm.expression.expression import *
-from miasm.expression.expression_helper import *
-import os
-
-filename = os.environ.get('PYTHONSTARTUP')
-if filename and os.path.isfile(filename):
-    execfile(filename)
-
-a = ExprId('a')
-b = ExprId('b')
-c = ExprId('c')
-d = ExprId('d')
-
-
-x = ExprMem(a+b+ExprInt32(0x42))
-
-def replace_expr(e):
-    #print 'visit', e
-    dct = {c+ExprInt32(0x42):d,
-           a+b:c,}
-    if e in dct:
-        return dct[e]
-    return e
-
-
-print x
-y = x.visit(replace_expr)
-print y
-print x.copy()
-print y.copy()
-print y == y.copy()
-print repr(y), repr(y.copy())
-
-
-z = ExprCompose([(a[5:9], 0, 8), (b, 8, 24), (x, 24, 32)])
-print z
-print z.copy()
-print z[:31].copy().visit(replace_expr)
-
-print 'replace'
-print x.replace_expr({c+ExprInt32(0x42):d,
-                      a+b:c,})
-print z.replace_expr({c+ExprInt32(0x42):d,
-                      a+b:c,})
-
-
-u = z.copy()
-print u
-u.args[-1][0].arg.args[1].arg = uint32(0x45)
-print u
-print z
-print u == z
-
-to_test = [(ExprInt32(1)-ExprInt32(1), ExprInt32(0)),
-           ((ExprInt32(5)+c+a+b-a+ExprInt32(1)-ExprInt32(5)),b+c+ExprInt32(1)),
-           (a+b+c-a-b-c+a,a),
-           (a+a+b+c-(a+(b+c)),a),
-           (c^b^a^c^b,a),
-           (a^ExprInt32(0),a),
-           ((a+b)-b,a),
-           (-(ExprInt32(0)-((a+b)-b)),a),
-
-           (ExprOp('<<<', a, ExprInt32(32)),a),
-           (ExprOp('>>>', a, ExprInt32(32)),a),
-           (ExprOp('>>>', a, ExprInt32(0)),a),
-           (ExprOp('<<', a, ExprInt32(0)),a),
-
-           (ExprOp('<<<', a, ExprOp('<<<', b, c)),
-            ExprOp('<<<', a, ExprOp('<<<', b, c))),
-           (ExprOp('<<<', ExprOp('<<<', a, b), c),
-            ExprOp('<<<', ExprOp('<<<', a, b), c)),
-           (ExprOp('<<<', ExprOp('>>>', a, b), c),
-            ExprOp('<<<', ExprOp('>>>', a, b), c)),
-           (ExprOp('>>>', ExprOp('<<<', a, b), c),
-            ExprOp('>>>', ExprOp('<<<', a, b), c)),
-           (ExprOp('>>>', ExprOp('<<<', a, b), b),
-            ExprOp('>>>', ExprOp('<<<', a, b), b)),
-
-
-           (ExprOp('>>>', ExprOp('<<<', a, ExprInt32(10)), ExprInt32(2)),
-            ExprOp('<<<', a, ExprInt32(8))),
-
-           (ExprOp('>>>', ExprOp('<<<', a, ExprInt32(10)), ExprInt32(2)) ^ ExprOp('>>>', ExprOp('<<<', a, ExprInt32(10)), ExprInt32(2)),
-            ExprInt32(0)),
-           (ExprOp(">>", (a & ExprInt32(0xF)), ExprInt32(0x15)),
-            ExprInt32(0)),
-           (ExprOp("==", ExprInt32(12), ExprInt32(10)), ExprInt32(0)),
-           (ExprOp("==", ExprInt32(12), ExprInt32(12)), ExprInt32(1)),
-           (ExprOp("==", a|ExprInt32(12), ExprInt32(0)),ExprInt32(0)),
-           (ExprOp("==", a|ExprInt32(12), ExprInt32(14)),
-            ExprOp("==", a|ExprInt32(12), ExprInt32(14))),
-           (ExprOp("parity", ExprInt32(0xf)), ExprInt32(1)),
-           (ExprOp("parity", ExprInt32(0xe)), ExprInt32(0)),
-           (ExprInt32(0x4142)[:32],ExprInt32(0x4142)),
-           (ExprInt32(0x4142)[:8],ExprInt8(0x42)),
-           (ExprInt32(0x4142)[8:16],ExprInt8(0x41)),
-           (a[:32], a),
-           (a[:8][:8],a[:8]),
-           (a[:16][:8],a[:8]),
-           (a[8:16][:8],a[8:16]),
-           (a[8:32][:8],a[8:16]),
-           (a[:16][8:16],a[8:16]),
-           (ExprCompose([(a, 0, 32)]),a),
-           (ExprCompose([(a[:16], 0, 16)]), a[:16]),
-           (ExprCompose([(a[:16], 0, 16), (a, 16, 32)]),
-            ExprCompose([(a[:16], 0, 16), (a, 16, 32)]),),
-           (ExprCompose([(a[:16], 0, 16), (a[16:32], 16, 32)]), a),
-
-           (ExprMem(a)[:32], ExprMem(a)),
-           (ExprMem(a)[:16], ExprMem(a, size=16)),
-
-           (ExprCond(ExprInt32(1), a, b), a),
-           (ExprCond(ExprInt32(0), b, a), a),
-
-           (ExprInt32(0x80000000)[31:32], ExprInt32(1)),
-           (ExprCompose([(ExprInt16(0x1337)[:8], 0, 8),(ExprInt16(0x1337)[8:16], 8, 16)]),
-            ExprInt16(0x1337)),
-
-           (ExprCompose([(ExprInt32(0x1337beef)[8:16], 8, 16),
-                        (ExprInt32(0x1337beef)[:8], 0, 8),
-                        (ExprInt32(0x1337beef)[16:32], 16, 32)]),
-            ExprInt32(0x1337BEEF)),
-
-
-           ]
-
-
-for e, e_check in to_test[:]:
-    #
-    print "#"*80
-    e_check = expr_simp(e_check)
-    print "#"*80
-    print str(e), str(e_check)
-    e_new = expr_simp(e)
-    print "orig", str(e), "new", str(e_new), "check", str(e_check)
-    rez = e_new == e_check
-    if not rez:
-        fdsfds
diff --git a/example/expression/obf.bin b/example/expression/obf.bin
deleted file mode 100644
index bdb3c43e..00000000
--- a/example/expression/obf.bin
+++ /dev/null
Binary files differdiff --git a/example/expression/sc_connect_back.bin b/example/expression/sc_connect_back.bin
deleted file mode 100644
index 9e9c80a5..00000000
--- a/example/expression/sc_connect_back.bin
+++ /dev/null
Binary files differdiff --git a/example/expression/simple_tests b/example/expression/simple_tests
deleted file mode 100644
index 96fbdc25..00000000
--- a/example/expression/simple_tests
+++ /dev/null
Binary files differdiff --git a/example/expression/symbolic_exec.py b/example/expression/symbolic_exec.py
deleted file mode 100644
index 40e9dc07..00000000
--- a/example/expression/symbolic_exec.py
+++ /dev/null
@@ -1,38 +0,0 @@
-import sys
-from miasm.arch.ia32_arch import *
-from miasm.tools.emul_helper import *
-from miasm.core.bin_stream import bin_stream
-
-print "symbolic execution & simplification demo"
-
-def loop_emul(ad, machine, all_bloc):
-    ad = ExprInt(uint32(ad))
-    while isinstance(ad, ExprInt):
-        b = asmbloc.getblocby_offset(all_bloc, ad.arg)
-        if not b:
-            raise ValueError('unknown bloc', repr(ad))
-        print '*'*20, 'emul bloc:', '*'*20
-        print b
-        ad = emul_bloc(machine, b)
-    return ad
-
-if len(sys.argv) != 2:
-    print "%s obf.bin"%sys.argv[0]
-    sys.exit(-1)
-
-data = open(sys.argv[1]).read()
-in_str = bin_stream(data)
-
-symbol_pool = asmbloc.asm_symbol_pool()
-ad = 0
-
-all_bloc = asmbloc.dis_bloc_all(x86_mn, in_str, ad, set(), symbol_pool, dontdis_retcall = True)
-
-machine = x86_machine()
-ad = loop_emul(ad, machine, all_bloc)
-print
-print "emulation result:"
-print dump_reg(machine.pool)
-print "eip", ad
-print
-print dump_mem(machine.pool)