about summary refs log tree commit diff stats
path: root/example/expression
diff options
context:
space:
mode:
Diffstat (limited to 'example/expression')
-rw-r--r--example/expression/manip_expression1.py28
-rw-r--r--example/expression/manip_expression2.py27
-rw-r--r--example/expression/manip_expression3.py20
-rw-r--r--example/expression/manip_expression4.py107
-rw-r--r--example/expression/manip_expression5.py82
-rw-r--r--example/expression/sc_connect_back.binbin0 -> 290 bytes
6 files changed, 264 insertions, 0 deletions
diff --git a/example/expression/manip_expression1.py b/example/expression/manip_expression1.py
new file mode 100644
index 00000000..7c6c8965
--- /dev/null
+++ b/example/expression/manip_expression1.py
@@ -0,0 +1,28 @@
+from miasm.expression.expression import *
+
+print 'simple expression manipulation demo'
+# define 2 ID
+a = ExprId('eax', 32)
+b = ExprId('ebx', 32)
+print a, b
+# eax ebx
+
+# add those ID
+c = ExprOp('+', a, b)
+print c
+# (eax + ebx)
+
+# + automaticaly generates ExprOp('+', a, b)
+c = a + b
+print c
+# (eax + ebx)
+
+# ax is a slice of eax
+ax = a[:16]
+print ax
+# eax[0:16]
+
+#memory deref
+d = ExprMem(c, 32)
+print d
+# @32[(eax + ebx)]
diff --git a/example/expression/manip_expression2.py b/example/expression/manip_expression2.py
new file mode 100644
index 00000000..cbdd8f9d
--- /dev/null
+++ b/example/expression/manip_expression2.py
@@ -0,0 +1,27 @@
+from miasm.arch.ia32_sem import *
+
+print 'simple expression use demo: get read/written stuff for instruction:'
+print 'add eax, [ebx]'
+print
+
+def get_rw(exprs):
+    o_r = set()
+    o_w = set()
+    for e in exprs:
+        o_r.update(e.get_r(mem_read=True))
+    for e in exprs:
+        o_w.update(e.get_w())
+    return o_r, o_w
+
+a = ExprId('eax')
+b = ExprMem(ExprId('ebx'), 32)
+
+exprs = add(('u32', 'u32'), a, b)
+o_r, o_w = get_rw(exprs)
+# read ID
+print 'r:', [str(x) for x in o_r]
+# ['eax', '@32[ebx]', 'ebx']
+
+# written ID
+print 'w:', [str(x) for x in o_w]
+# ['eax', 'pf', 'af', 'of', 'zf', 'cf', 'nf']
diff --git a/example/expression/manip_expression3.py b/example/expression/manip_expression3.py
new file mode 100644
index 00000000..06b3f77a
--- /dev/null
+++ b/example/expression/manip_expression3.py
@@ -0,0 +1,20 @@
+from miasm.arch.ia32_sem import *
+from miasm.expression.expression_helper import *
+
+print 'simple expression simplification demo'
+print
+
+a = ExprId('eax')
+b = ExprId('ebx')
+c = a + b
+d = c - a
+print d
+# ((eax + ebx) - eax)
+print "=>", expr_simp(d)
+print
+# ebx
+e = ExprInt(uint32(0x12)) + ExprInt(uint32(0x30)) - a
+print e
+# ((0x12 + 0x30) - eax)
+print "=>",  expr_simp(e)
+# (0x42 - eax)
diff --git a/example/expression/manip_expression4.py b/example/expression/manip_expression4.py
new file mode 100644
index 00000000..2cc4abf9
--- /dev/null
+++ b/example/expression/manip_expression4.py
@@ -0,0 +1,107 @@
+from miasm.arch.ia32_sem import *
+from miasm.arch.ia32_arch import x86_mn
+from miasm.core import asmbloc
+from miasm.core.bin_stream import bin_stream
+from miasm.tools.emul_helper import *
+
+from elfesteem import pe_init
+import sys
+
+print 'simple expression use for generating dataflow graph'
+
+def get_rw(exprs):
+    o_r = set()
+    o_w = set()
+    for e in exprs:
+        o_r.update(e.get_r(mem_read=True))
+        if isinstance(e.dst, ExprMem):
+            o_r.update(e.dst.arg.get_r(mem_read=True))
+    for e in exprs:
+        o_w.update(e.get_w())
+    return o_r, o_w
+
+
+def bloc2expr(b):
+    out = []
+    for i, l in enumerate(b.lines):
+        print i, l
+        args = []
+        ex = get_instr_expr(l, ExprInt(uint32(l.offset)), args)
+        out.append(ex)
+    return out
+
+def node_x_2_id(n, x):
+    return hash(str(n)+str(x))& 0xffffffffffffffff
+
+def gen_bloc_data_flow_graph(b):
+    out_str = """
+digraph asm_graph {
+size="80,50";
+node [
+fontsize = "16",
+shape = "box"
+];
+
+"""
+    all_lines = bloc2expr(b)
+    current_nodes = {}
+    out = []
+    all_nodes = {}
+    out_str_2 = ""
+    for i, exprs in enumerate(all_lines):
+        n_r, n_w = get_rw(exprs)
+        src = []
+        for n in n_r:
+            x = current_nodes.get(n, 0)
+            current_nodes[n] = x
+            src.append(((n, x), i))
+        dst = []
+        for n in n_w:
+            x = current_nodes.get(n, 0) + 1
+            current_nodes[n] = x
+            dst.append((i, (n, x)))
+        out.append((src, dst))
+    for src, dst in out:
+        #print "---"
+        print src
+        print dst
+        for (n, x), i in src:
+            #print node_x_2_id(n, x), i
+            out_str_2 += "%s -> %s\n"%(node_x_2_id(n, x), i)
+            all_nodes[node_x_2_id(n, x)] = (n, x)
+
+        for i, (n, x) in dst:
+            out_str_2 += "%s -> %s\n"%(i, node_x_2_id(n, x))
+            all_nodes[node_x_2_id(n, x)] = (n, i)
+
+
+    for n, v in all_nodes.items():
+        out_str += '%s [label=\n"%s"\n];\n'%(n, str(v[1])+"_"+str(v[0]))
+    for i, l in enumerate(b.lines):
+        out_str += '%s [fillcolor=lightblue,style=filled,label=\n"%s"\n];\n'%(i, str(i)+" "+str(l))
+    out_str += out_str_2
+    out_str+="};\n"
+    open('out.txt', 'w').write(out_str)
+
+if len(sys.argv) != 2:
+    print "%s sc_connect_back.bin"%sys.argv[0]
+    sys.exit(-1)
+data = open(sys.argv[1]).read()
+in_str = bin_stream(data)
+
+job_done = set()
+symbol_pool = asmbloc.asm_symbol_pool()
+l = asmbloc.asm_label('toto')
+b = asmbloc.asm_bloc(l)
+
+ad = 0x2E
+asmbloc.dis_bloc(x86_mn, in_str, b, ad, job_done, symbol_pool)
+print 'generating dataflow graph for:'
+gen_bloc_data_flow_graph(b)
+
+print """
+Generate ps with pdf:
+ dot -Tps out.txt -o graph.ps
+or:
+ dotty out.txt
+"""
diff --git a/example/expression/manip_expression5.py b/example/expression/manip_expression5.py
new file mode 100644
index 00000000..cc54515d
--- /dev/null
+++ b/example/expression/manip_expression5.py
@@ -0,0 +1,82 @@
+from miasm.expression.expression import *
+
+print 'simple expression canonization demo'
+
+# define 2 ID
+a = ExprId('eax', 32)
+b = ExprId('ebx', 32)
+print a, b
+# eax ebx
+
+# add those ID
+c = ExprOp('+', a, b)
+print c
+# (eax + ebx)
+
+# + automaticaly generates ExprOp('+', a, b)
+c = a + b
+print c
+# (eax + ebx)
+
+# ax is a slice of eax
+ax = a[:16]
+print ax
+# eax[0:16]
+
+#memory deref
+d = ExprMem(c, 32)
+print d
+# @32[(eax + ebx)]
+
+print (a+b).canonize()
+print (b+a).canonize()
+
+m = ExprMem(a)
+
+print (a+m).canonize()
+print (m+a).canonize()
+
+s = a[:8]
+
+print (a+s).canonize()
+print (s+a).canonize()
+
+print (m+s).canonize()
+print (s+m).canonize()
+
+i1 = ExprInt(uint32(0x1))
+i2 = ExprInt(uint32(0x2))
+
+print (i1+i2).canonize()
+print (i2+i1).canonize()
+
+print (a+i2).canonize()
+print (i2+a).canonize()
+
+print (m+i2).canonize()
+print (i2+m).canonize()
+
+print (s+i2).canonize()
+print (i2+s).canonize()
+
+cc = ExprCond(a, b, c)
+
+o = ExprCompose([ExprSliceTo(a[:8], 8, 16),
+                 ExprSliceTo(a[8:16], 0, 8)])
+print o
+print o.canonize()
+
+o = ExprCompose([ExprSliceTo(a[8:16], 0, 8),
+                 ExprSliceTo(a[:8], 8, 16)])
+print o
+print o.canonize()
+
+print ExprMem(o).canonize()
+
+l = [a, b, c, m, s, i1, i2, o]
+print l
+print ExprOp('+', *l).canonize()
+l.reverse()
+print l
+print ExprOp('+', *l).canonize()
+
diff --git a/example/expression/sc_connect_back.bin b/example/expression/sc_connect_back.bin
new file mode 100644
index 00000000..9e9c80a5
--- /dev/null
+++ b/example/expression/sc_connect_back.bin
Binary files differ