diff options
Diffstat (limited to 'example/ida')
| -rw-r--r-- | example/ida/ctype_propagation.py | 60 | ||||
| -rw-r--r-- | example/ida/depgraph.py | 31 | ||||
| -rw-r--r-- | example/ida/graph_ir.py | 12 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 12 | ||||
| -rw-r--r-- | example/ida/utils.py | 11 |
5 files changed, 70 insertions, 56 deletions
diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index f459022e..db324833 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -10,7 +10,7 @@ from miasm2.arch.x86.ctype import CTypeAMD64_unk, CTypeX86_unk from miasm2.arch.msp430.ctype import CTypeMSP430_unk from miasm2.core.objc import CTypesManagerNotPacked, ExprToAccessC, CHandler from miasm2.core.ctypesmngr import CAstTypes -from miasm2.expression.expression import ExprId, ExprInt, ExprOp, ExprAff +from miasm2.expression.expression import ExprLoc, ExprInt, ExprOp, ExprAff from miasm2.ir.symbexec_types import SymbExecCType from miasm2.expression.parser import str_to_expr from miasm2.analysis.cst_propag import add_state, propagate_cst_expr @@ -19,9 +19,7 @@ from utils import guess_machine class TypePropagationForm(ida_kernwin.Form): - def __init__(self, ira): - - self.ira = ira + def __init__(self): default_types_info = r"""ExprId("RDX", 64): char *""" archs = ["AMD64_unk", "X86_32_unk", "msp430_unk"] @@ -204,7 +202,6 @@ class SymbExecCTypeFix(SymbExecCType): expr = self.cst_propag_link.get((irb.loc_key, index), {}).get(expr, expr) offset2cmt.setdefault(instr.offset, set()).add( "\n%s: %s\n%s" % (expr, c_str, c_type)) - self.eval_updt_assignblk(assignblk) for offset, value in offset2cmt.iteritems(): idc.MakeComm(offset, '\n'.join(value)) @@ -243,38 +240,38 @@ def get_ira_call_fixer(ira): def analyse_function(): - - # Init - machine = guess_machine() - mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira - - bs = bin_stream_ida() - mdis = dis_engine(bs, dont_dis_nulstart_bloc=True) - - - iraCallStackFixer = get_ira_call_fixer(ira) - ir_arch = iraCallStackFixer(mdis.symbol_pool) - - # Get settings - settings = TypePropagationForm(ir_arch) + settings = TypePropagationForm() ret = settings.Execute() if not ret: return + + end = None if settings.cScope.value == 0: addr = settings.functionAddr.value else: addr = settings.startAddr.value if settings.cScope.value == 2: end = settings.endAddr - mdis.dont_dis = [end] - blocks = mdis.dis_multiblock(addr) + # Init + machine = guess_machine(addr=addr) + mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira + + bs = bin_stream_ida() + mdis = dis_engine(bs, dont_dis_nulstart_bloc=True) + if end is not None: + mdis.dont_dis = [end] + + + iraCallStackFixer = get_ira_call_fixer(ira) + ir_arch = iraCallStackFixer(mdis.symbol_pool) + + asmcfg = mdis.dis_multiblock(addr) # Generate IR - for block in blocks: + for block in asmcfg.blocks: ir_arch.add_block(block) - cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } @@ -298,7 +295,8 @@ def analyse_function(): expr_str, ctype_str = expr_str.strip(), ctype_str.strip() expr = str_to_expr(expr_str) ast = mychandler.types_mngr.types_ast.parse_c_type( - ctype_str) + ctype_str + ) ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0]) objc = types_mngr.get_objc(ctype) print '=' * 20 @@ -309,12 +307,15 @@ def analyse_function(): lbl_real_start = ir_arch.symbol_pool.getby_offset(addr) lbl_head = ir_arch.symbol_pool.getby_name_create("start") - first_block = blocks.label2block(lbl_real_start) + first_block = asmcfg.label2block(lbl_real_start) - assignblk_head = AssignBlock([ExprAff(ir_arch.IRDst, ExprId(lbl_real_start, ir_arch.IRDst.size)), - ExprAff( - ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) - ], first_block.lines[0]) + assignblk_head = AssignBlock( + [ + ExprAff(ir_arch.IRDst, ExprLoc(lbl_real_start, ir_arch.IRDst.size)), + ExprAff(ir_arch.sp, ir_arch.arch.regs.regs_init[ir_arch.sp]) + ], + first_block.lines[0] + ) irb_head = IRBlock(lbl_head, [assignblk_head]) ir_arch.blocks[lbl_head] = irb_head ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start) @@ -332,7 +333,6 @@ def analyse_function(): done.add((lbl, state)) if lbl not in ir_arch.blocks: continue - symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) addr = symbexec_engine.run_block_at(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index ece02ad4..4320be8d 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -39,8 +39,8 @@ class depGraphSettingsForm(ida_kernwin.Form): if assignblk.instr.offset == self.address: break assert line_nb is not None - cur_label = str(cur_block.loc_key) - labels = sorted(map(str, ira.blocks.keys())) + cur_loc_key = str(cur_block.loc_key) + loc_keys = sorted(map(str, ira.blocks.keys())) regs = sorted(ira.arch.regs.all_regs_ids_byname.keys()) regs += self.stk_args.keys() reg_default = regs[0] @@ -86,21 +86,21 @@ Method to use: tp=ida_kernwin.Form.FT_RAWHEX, value=line_nb), 'cbBBL': ida_kernwin.Form.DropdownListControl( - items=labels, + items=loc_keys, readonly=False, - selval=cur_label), + selval=cur_loc_key), 'cColor': ida_kernwin.Form.ColorInput(value=0xc0c020), }) self.Compile() @property - def label(self): + def loc_key(self): value = self.cbBBL.value - for real_label in self.ira.blocks: - if str(real_label) == value: - return real_label - raise ValueError("Bad label") + for real_loc_key in self.ira.blocks: + if str(real_loc_key) == value: + return real_loc_key + raise ValueError("Bad loc_key") @property def line_nb(self): @@ -198,8 +198,12 @@ def next_element(): def launch_depgraph(): global graphs, comments, sol_nb, settings, addr, ir_arch + # Get the current function + addr = idc.ScreenEA() + func = ida_funcs.get_func(addr) + # Init - machine = guess_machine() + machine = guess_machine(addr=func.startEA) mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira bs = bin_stream_ida() @@ -212,9 +216,6 @@ def launch_depgraph(): continue mdis.symbol_pool.add_location(name, ad) - # Get the current function - addr = idc.ScreenEA() - func = ida_funcs.get_func(addr) asmcfg = mdis.dis_multiblock(func.startEA) # Generate IR @@ -225,7 +226,7 @@ def launch_depgraph(): settings = depGraphSettingsForm(ir_arch) settings.Execute() - label, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb + loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb # Simplify affectations for irb in ir_arch.blocks.values(): irs = [] @@ -249,7 +250,7 @@ def launch_depgraph(): # Get dependency graphs dg = settings.depgraph - graphs = dg.get(label, elements, line_nb, + graphs = dg.get(loc_key, elements, line_nb, set([ir_arch.symbol_pool.getby_offset(func.startEA)])) # Display the result diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index 370500e5..dd842281 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -98,7 +98,9 @@ class GraphMiasmIR(idaapi.GraphViewer): def build_graph(verbose=False, simplify=False): - machine = guess_machine() + start_addr = idc.ScreenEA() + + machine = guess_machine(addr=start_addr) mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira if verbose: @@ -114,7 +116,6 @@ def build_graph(verbose=False, simplify=False): # populate symbols with ida names for addr, name in idautils.Names(): - # print hex(ad), repr(name) if name is None: continue if (mdis.symbol_pool.getby_offset(addr) or @@ -125,17 +126,16 @@ def build_graph(verbose=False, simplify=False): if verbose: print "start disasm" - addr = idc.ScreenEA() if verbose: print hex(addr) - asmcfg = mdis.dis_multiblock(addr) + asmcfg = mdis.dis_multiblock(start_addr) if verbose: print "generating graph" open('asm_flow.dot', 'w').write(asmcfg.dot()) - print "generating IR... %x" % addr + print "generating IR... %x" % start_addr for block in asmcfg.blocks: if verbose: @@ -144,7 +144,7 @@ def build_graph(verbose=False, simplify=False): ir_arch.add_block(block) if verbose: - print "IR ok... %x" % addr + print "IR ok... %x" % start_addr for irb in ir_arch.blocks.itervalues(): irs = [] diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index 63014ece..0d8c63c2 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -128,11 +128,16 @@ def symbolic_exec(): from utils import guess_machine + start, end = idc.SelStart(), idc.SelEnd() + bs = bin_stream_ida() - machine = guess_machine() + machine = guess_machine(addr=start) mdis = machine.dis_engine(bs) - start, end = idc.SelStart(), idc.SelEnd() + + if start == idc.BADADDR and end == idc.BADADDR: + start = idc.ScreenEA() + end = idc.next_head(start) # Get next instruction address mdis.dont_dis = [end] asmcfg = mdis.dis_multiblock(start) @@ -151,7 +156,8 @@ def symbolic_exec(): view = symbolicexec_t() all_views.append(view) if not view.Create(modified, machine, mdis.symbol_pool, - "Symbolic Execution - 0x%x to 0x%x" % (start, end)): + "Symbolic Execution - 0x%x to 0x%x" + % (start, idc.prev_head(end))): return view.Show() diff --git a/example/ida/utils.py b/example/ida/utils.py index 481220a9..5620a881 100644 --- a/example/ida/utils.py +++ b/example/ida/utils.py @@ -5,7 +5,7 @@ from miasm2.analysis.machine import Machine from miasm2.ir.translators import Translator import miasm2.expression.expression as m2_expr -def guess_machine(): +def guess_machine(addr=None): "Return an instance of Machine corresponding to the IDA guessed processor" processor_name = GetLongPrm(INF_PROCNAME) @@ -39,7 +39,14 @@ def guess_machine(): (False, 64, True): "aarch64b", (False, 64, False): "aarch64l", } - is_armt = globals().get('armt', False) + + # Get T reg to detect arm/thumb function + # Default is arm + is_armt = False + if addr is not None: + t_reg = GetReg(addr, "T") + is_armt = t_reg == 1 + is_bigendian = info.is_be() infos = (is_armt, size, is_bigendian) if not infos in info2machine: |