diff options
Diffstat (limited to 'example/ida')
| -rw-r--r-- | example/ida/ctype_propagation.py | 27 | ||||
| -rw-r--r-- | example/ida/depgraph.py | 24 | ||||
| -rw-r--r-- | example/ida/graph_ir.py | 42 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 5 |
4 files changed, 47 insertions, 51 deletions
diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index f236cf26..e8b52e3e 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -270,12 +270,12 @@ def analyse_function(): asmcfg = mdis.dis_multiblock(addr) # Generate IR - for block in asmcfg.blocks: - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + cst_propag_link = {} if settings.cUnalias.value: init_infos = {ir_arch.sp: ir_arch.arch.regs.regs_init[ir_arch.sp] } - cst_propag_link = propagate_cst_expr(ir_arch, addr, init_infos) + cst_propag_link = propagate_cst_expr(ir_arch, ircfg, addr, init_infos) types_mngr = get_types_mngr(settings.headerFile.value, settings.arch.value) @@ -317,8 +317,8 @@ def analyse_function(): first_block.lines[0] ) irb_head = IRBlock(lbl_head, [assignblk_head]) - ir_arch.blocks[lbl_head] = irb_head - ir_arch.graph.add_uniq_edge(lbl_head, lbl_real_start) + ircfg.blocks[lbl_head] = irb_head + ircfg.add_uniq_edge(lbl_head, lbl_real_start) state = TypePropagationEngine.StateEngine(infos_types) states = {lbl_head: state} @@ -331,23 +331,24 @@ def analyse_function(): if (lbl, state) in done: continue done.add((lbl, state)) - if lbl not in ir_arch.blocks: + if lbl not in ircfg.blocks: continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) - addr = symbexec_engine.run_block_at(lbl) + addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) - ir_arch._graph = None - sons = ir_arch.graph.successors(lbl) + sons = ircfg.successors(lbl) for son in sons: - add_state(ir_arch, todo, states, son, - symbexec_engine.get_state()) + add_state( + ircfg, todo, states, son, + symbexec_engine.get_state() + ) for lbl, state in states.iteritems(): - if lbl not in ir_arch.blocks: + if lbl not in ircfg.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) - addr = symbexec_engine.run_block_at(lbl) + addr = symbexec_engine.run_block_at(ircfg, lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 1ba7bee7..297877a1 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -19,16 +19,17 @@ from utils import guess_machine class depGraphSettingsForm(ida_kernwin.Form): - def __init__(self, ira): + def __init__(self, ira, ircfg): self.ira = ira + self.ircfg = ircfg self.stk_args = {'ARG%d' % i:i for i in xrange(10)} self.stk_unalias_force = False self.address = idc.ScreenEA() cur_block = None - for block in ira.getby_offset(self.address): - offset = self.ira.loc_db.get_location_offset(block.loc_key) + for block in ircfg.getby_offset(self.address): + offset = self.ircfg.loc_db.get_location_offset(block.loc_key) if offset is not None: # Only one block non-generated assert cur_block is None @@ -40,7 +41,7 @@ class depGraphSettingsForm(ida_kernwin.Form): break assert line_nb is not None cur_loc_key = str(cur_block.loc_key) - loc_keys = sorted(map(str, ira.blocks.keys())) + loc_keys = sorted(map(str, ircfg.blocks.keys())) regs = sorted(ira.arch.regs.all_regs_ids_byname.keys()) regs += self.stk_args.keys() reg_default = regs[0] @@ -97,7 +98,7 @@ Method to use: @property def loc_key(self): value = self.cbBBL.value - for real_loc_key in self.ira.blocks: + for real_loc_key in self.ircfg.blocks: if str(real_loc_key) == value: return real_loc_key raise ValueError("Bad loc_key") @@ -111,13 +112,13 @@ Method to use: elif mode == 1: return value + 1 else: - return len(self.ira.blocks[self.loc_key]) + return len(self.ircfg.blocks[self.loc_key]) @property def elements(self): value = self.cbReg.value if value in self.stk_args: - line = self.ira.blocks[self.loc_key][self.line_nb].instr + line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.GetSpd(line.offset), ir_arch.sp.size) stk_off = m2_expr.ExprInt(self.ira.sp.size/8 * arg_num, ir_arch.sp.size) @@ -135,7 +136,7 @@ Method to use: @property def depgraph(self): value = self.cMethod.value - return DependencyGraph(self.ira, + return DependencyGraph(self.ircfg, implicit=value & 4, follow_mem=value & 1, follow_call=value & 2) @@ -185,7 +186,7 @@ def treat_element(): if graph.has_loop: print 'Graph has dependency loop: symbolic execution is inexact' else: - print "Possible value: %s" % graph.emul().values()[0] + print "Possible value: %s" % graph.emul(self.ira).values()[0] for offset, elements in comments.iteritems(): idc.MakeComm(offset, ", ".join(map(str, elements))) @@ -219,11 +220,10 @@ def launch_depgraph(): asmcfg = mdis.dis_multiblock(func.startEA) # Generate IR - for block in asmcfg.blocks: - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Get settings - settings = depGraphSettingsForm(ir_arch) + settings = depGraphSettingsForm(ir_arch, ircfg) settings.Execute() loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index 50895b88..afd00d5c 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -54,29 +54,29 @@ def color_irblock(irblock, ir_arch): class GraphMiasmIR(idaapi.GraphViewer): - def __init__(self, ir_arch, title, result): + def __init__(self, ircfg, title, result): idaapi.GraphViewer.__init__(self, title) - self.ir_arch = ir_arch + self.ircfg = ircfg self.result = result self.names = {} def OnRefresh(self): self.Clear() addr_id = {} - for irblock in self.ir_arch.blocks.values(): - id_irblock = self.AddNode(color_irblock(irblock, self.ir_arch)) + for irblock in self.ircfg.blocks.values(): + id_irblock = self.AddNode(color_irblock(irblock, self.ircfg)) addr_id[irblock] = id_irblock - for irblock in self.ir_arch.blocks.values(): + for irblock in self.ircfg.blocks.values(): if not irblock: continue - all_dst = self.ir_arch.dst_trackback(irblock) + all_dst = self.ircfg.dst_trackback(irblock) for dst in all_dst: if not dst.is_loc(): continue - if not dst.loc_key in self.ir_arch.blocks: + if not dst.loc_key in self.ircfg.blocks: continue - dst_block = self.ir_arch.blocks[dst.loc_key] + dst_block = self.ircfg.blocks[dst.loc_key] node1 = addr_id[irblock] node2 = addr_id[dst_block] self.AddEdge(node1, node2) @@ -137,16 +137,12 @@ def build_graph(verbose=False, simplify=False): print "generating IR... %x" % start_addr - for block in asmcfg.blocks: - if verbose: - print 'ADD' - print block - ir_arch.add_block(block) + ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) if verbose: print "IR ok... %x" % start_addr - for irb in ir_arch.blocks.itervalues(): + for irb in ircfg.blocks.itervalues(): irs = [] for assignblk in irb: new_assignblk = { @@ -154,27 +150,27 @@ def build_graph(verbose=False, simplify=False): for dst, src in assignblk.iteritems() } irs.append(AssignBlock(new_assignblk, instr=assignblk.instr)) - ir_arch.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) + ircfg.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) if verbose: - out = ir_arch.graph.dot() + out = ircfg.dot() open(os.path.join(tempfile.gettempdir(), 'graph.dot'), 'wb').write(out) title = "Miasm IR graph" if simplify: - dead_simp(ir_arch) + dead_simp(ir_arch, ircfg) - ir_arch.simplify(expr_simp) + ircfg.simplify(expr_simp) modified = True while modified: modified = False - modified |= dead_simp(ir_arch) - modified |= ir_arch.remove_empty_assignblks() - modified |= ir_arch.remove_jmp_blocks() - modified |= ir_arch.merge_blocks() + modified |= dead_simp(ir_arch, ircfg) + modified |= ircfg.remove_empty_assignblks() + modified |= ircfg.remove_jmp_blocks() + modified |= ircfg.merge_blocks() title += " (simplified)" - g = GraphMiasmIR(ir_arch, title, None) + g = GraphMiasmIR(ircfg, title, None) g.Show() diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index 43100943..ffaa9b27 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -142,12 +142,11 @@ def symbolic_exec(): mdis.dont_dis = [end] asmcfg = mdis.dis_multiblock(start) ira = machine.ira(loc_db=mdis.loc_db) - for block in asmcfg.blocks: - ira.add_block(block) + ircfg = ira.new_ircfg_from_asmcfg(asmcfg) print "Run symbolic execution..." sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) - sb.run_at(start) + sb.run_at(ircfg, start) modified = {} for dst, src in sb.modified(init_state=machine.mn.regs.regs_init): |