diff options
Diffstat (limited to 'example')
44 files changed, 495 insertions, 360 deletions
diff --git a/example/asm/shellcode.py b/example/asm/shellcode.py index 9be5b517..b14b7441 100755 --- a/example/asm/shellcode.py +++ b/example/asm/shellcode.py @@ -1,7 +1,9 @@ #! /usr/bin/env python2 +from __future__ import print_function from argparse import ArgumentParser from pdb import pm +from future.utils import viewitems from elfesteem import pe_init from elfesteem.strpatchwork import StrPatchwork @@ -9,6 +11,7 @@ from miasm2.core import parse_asm, asmblock from miasm2.analysis.machine import Machine from miasm2.core.interval import interval from miasm2.core.locationdb import LocationDB +from miasm2.core.utils import iterbytes, int_to_byte parser = ArgumentParser("Multi-arch (32 bits) assembler") parser.add_argument('architecture', help="architecture: " + @@ -41,8 +44,17 @@ if args.PE: pe = pe_init.PE(wsize=size) s_text = pe.SHList.add_section(name="text", addr=0x1000, rawsize=0x1000) s_iat = pe.SHList.add_section(name="iat", rawsize=0x100) - new_dll = [({"name": "USER32.dll", - "firstthunk": s_iat.addr}, ["MessageBoxA"])] + new_dll = [ + ( + { + "name": "USER32.dll", + "firstthunk": s_iat.addr + }, + [ + "MessageBoxA" + ] + ) + ] pe.DirImport.add_dlldesc(new_dll) s_myimp = pe.SHList.add_section(name="myimp", rawsize=len(pe.DirImport)) pe.DirImport.set_rva(s_myimp.addr) @@ -51,8 +63,11 @@ if args.PE: addr_main = pe.rva2virt(s_text.addr) virt = pe.virt output = pe - dst_interval = interval([(pe.rva2virt(s_text.addr), - pe.rva2virt(s_text.addr + s_text.size))]) + dst_interval = interval( + [ + (pe.rva2virt(s_text.addr), pe.rva2virt(s_text.addr + s_text.size)) + ] + ) else: st = StrPatchwork() @@ -74,20 +89,26 @@ asmcfg, loc_db = parse_asm.parse_txt(machine.mn, attrib, source, loc_db) loc_db.set_location_offset(loc_db.get_name_location("main"), addr_main) if args.PE: - loc_db.set_location_offset(loc_db.get_or_create_name_location("MessageBoxA"), - pe.DirImport.get_funcvirt('USER32.dll', - 'MessageBoxA')) + loc_db.set_location_offset( + loc_db.get_or_create_name_location("MessageBoxA"), + pe.DirImport.get_funcvirt( + 'USER32.dll', + 'MessageBoxA' + ) + ) # Print and graph firsts blocks before patching it for block in asmcfg.blocks: - print block + print(block) open("graph.dot", "w").write(asmcfg.dot()) # Apply patches -patches = asmblock.asm_resolve_final(machine.mn, - asmcfg, - loc_db, - dst_interval) +patches = asmblock.asm_resolve_final( + machine.mn, + asmcfg, + loc_db, + dst_interval +) if args.encrypt: # Encrypt code loc_start = loc_db.get_or_create_name_location(args.encrypt[0]) @@ -95,20 +116,18 @@ if args.encrypt: ad_start = loc_db.get_location_offset(loc_start) ad_stop = loc_db.get_location_offset(loc_stop) - new_patches = dict(patches) - for ad, val in patches.items(): + for ad, val in list(viewitems(patches)): if ad_start <= ad < ad_stop: - new_patches[ad] = "".join([chr(ord(x) ^ 0x42) for x in val]) - patches = new_patches + patches[ad] = b"".join(int_to_byte(ord(x) ^ 0x42) for x in iterbytes(val)) -print patches +print(patches) if isinstance(virt, StrPatchwork): - for offset, raw in patches.items(): + for offset, raw in viewitems(patches): virt[offset] = raw else: - for offset, raw in patches.items(): + for offset, raw in viewitems(patches): virt.set(offset, raw) # Produce output -open(args.output, 'wb').write(str(output)) +open(args.output, 'wb').write(bytes(output)) diff --git a/example/asm/simple.py b/example/asm/simple.py index 5480e2f5..e46faa48 100644 --- a/example/asm/simple.py +++ b/example/asm/simple.py @@ -1,3 +1,4 @@ +from __future__ import print_function from pdb import pm from pprint import pprint @@ -29,7 +30,7 @@ patches = asmblock.asm_resolve_final(mn_x86, asmcfg, loc_db) # Show resolved asmcfg for block in asmcfg.blocks: - print block + print(block) # Print offset -> bytes pprint(patches) diff --git a/example/disasm/callback.py b/example/disasm/callback.py index 02416b38..95c165d4 100644 --- a/example/disasm/callback.py +++ b/example/disasm/callback.py @@ -1,3 +1,4 @@ +from __future__ import print_function from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine from miasm2.core.asmblock import AsmConstraint @@ -41,27 +42,28 @@ def cb_x86_callpop(cur_bloc, loc_db, *args, **kwargs): # Prepare a tiny shellcode -shellcode = ''.join(["\xe8\x00\x00\x00\x00", # CALL $ - "X", # POP EAX - "\xc3", # RET - ]) +shellcode = ( + b"\xe8\x00\x00\x00\x00" # CALL $ + b"X" # POP EAX + b"\xc3" # RET +) # Instantiate a x86 32 bit architecture machine = Machine("x86_32") cont = Container.from_string(shellcode) mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) -print "Without callback:\n" +print("Without callback:\n") asmcfg = mdis.dis_multiblock(0) -print "\n".join(str(block) for block in asmcfg.blocks) +print("\n".join(str(block) for block in asmcfg.blocks)) # Enable callback mdis.dis_block_callback = cb_x86_callpop -print "=" * 40 -print "With callback:\n" +print("=" * 40) +print("With callback:\n") asmcfg_after = mdis.dis_multiblock(0) -print "\n".join(str(block) for block in asmcfg_after.blocks) +print("\n".join(str(block) for block in asmcfg_after.blocks)) # Ensure the callback has been called assert asmcfg.loc_key_to_block(asmcfg.heads()[0]).lines[0].name == "CALL" diff --git a/example/disasm/dis_binary.py b/example/disasm/dis_binary.py index 3e12ca91..4ac5ef26 100644 --- a/example/disasm/dis_binary.py +++ b/example/disasm/dis_binary.py @@ -1,3 +1,4 @@ +from __future__ import print_function import sys from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine @@ -23,7 +24,7 @@ asmcfg = mdis.dis_multiblock(addr) # Display each basic blocks for block in asmcfg.blocks: - print block + print(block) # Output control flow graph in a dot file open('bin_cfg.dot', 'w').write(asmcfg.dot()) diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py index 197fccfd..ac642a36 100644 --- a/example/disasm/dis_binary_ir.py +++ b/example/disasm/dis_binary_ir.py @@ -1,4 +1,6 @@ +from __future__ import print_function import sys +from future.utils import viewvalues from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine @@ -28,8 +30,8 @@ ir_arch = machine.ir(mdis.loc_db) ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks -for irblock in ircfg.blocks.values(): - print irblock +for irblock in viewvalues(ircfg.blocks): + print(irblock) # Output ir control flow graph in a dot file open('bin_ir_cfg.dot', 'w').write(ircfg.dot()) diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py index 726f353e..04bddbbb 100644 --- a/example/disasm/dis_binary_ira.py +++ b/example/disasm/dis_binary_ira.py @@ -1,4 +1,6 @@ +from __future__ import print_function import sys +from future.utils import viewvalues from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine @@ -30,8 +32,8 @@ ir_arch_analysis = machine.ira(mdis.loc_db) ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) # Display each IR basic blocks -for irblock in ircfg_analysis.blocks.values(): - print irblock +for irblock in viewvalues(ircfg_analysis.blocks): + print(irblock) # Output ir control flow graph in a dot file open('bin_ira_cfg.dot', 'w').write(ircfg_analysis.dot()) diff --git a/example/disasm/dis_x86_string.py b/example/disasm/dis_x86_string.py index 8f919e4e..175e9264 100644 --- a/example/disasm/dis_x86_string.py +++ b/example/disasm/dis_x86_string.py @@ -1,8 +1,9 @@ +from __future__ import print_function from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine # The Container will provide a *bin_stream*, bytes source for the disasm engine -cont = Container.from_string("\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3") +cont = Container.from_string(b"\x83\xf8\x10\x74\x07\x89\xc6\x0f\x47\xc3\xeb\x08\x89\xc8\xe8\x31\x33\x22\x11\x40\xc3") # Instantiate a x86 32 bit architecture machine = Machine("x86_32") @@ -16,7 +17,7 @@ asmcfg = mdis.dis_multiblock(0) # Display each basic blocks for block in asmcfg.blocks: - print block + print(block) # Output control flow graph in a dot file open('str_cfg.dot', 'w').write(asmcfg.dot()) diff --git a/example/disasm/full.py b/example/disasm/full.py index 5161a299..de3f82ac 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -1,7 +1,10 @@ +from __future__ import print_function import logging from argparse import ArgumentParser from pdb import pm +from future.utils import viewitems, viewvalues + from miasm2.analysis.binary import Container from miasm2.core.asmblock import log_asmblock, AsmCFG from miasm2.core.interval import interval @@ -35,7 +38,8 @@ parser.add_argument('-n', "--funcswatchdog", default=None, type=int, help="Maximum number of function to disassemble") parser.add_argument('-r', "--recurfunctions", action="store_true", help="Disassemble founded functions") -parser.add_argument('-v', "--verbose", action="count", help="Verbose mode") +parser.add_argument('-v', "--verbose", action="count", help="Verbose mode", + default=0) parser.add_argument('-g', "--gen_ir", action="store_true", help="Compute the intermediate representation") parser.add_argument('-z', "--dis-nulstart-block", action="store_true", @@ -43,7 +47,8 @@ parser.add_argument('-z', "--dis-nulstart-block", action="store_true", parser.add_argument('-l', "--dontdis-retcall", action="store_true", help="If set, disassemble only call destinations") parser.add_argument('-s', "--simplify", action="count", - help="Apply simplifications rules (liveness, graph simplification, ...)") + help="Apply simplifications rules (liveness, graph simplification, ...)", + default=0) parser.add_argument("--base-address", default=0, type=lambda x: int(x, 0), help="Base address of the input binary") @@ -92,7 +97,7 @@ log.info("import machine...") # Use the guessed architecture or the specified one arch = args.architecture if args.architecture else cont.arch if not arch: - print "Architecture recognition fail. Please specify it in arguments" + print("Architecture recognition fail. Please specify it in arguments") exit(-1) # Instance the arch-dependent machine @@ -177,7 +182,7 @@ while not finish and todo: # Generate dotty graph all_asmcfg = AsmCFG(mdis.loc_db) -for blocks in all_funcs_blocks.values(): +for blocks in viewvalues(all_funcs_blocks): all_asmcfg += blocks @@ -189,7 +194,7 @@ log.info('generate intervals') all_lines = [] total_l = 0 -print done_interval +print(done_interval) if args.image: log.info('build img') done_interval.show() @@ -199,7 +204,7 @@ for i, j in done_interval.intervals: all_lines.sort(key=lambda x: x.offset) -open('lines.dot', 'w').write('\n'.join([str(l) for l in all_lines])) +open('lines.dot', 'w').write('\n'.join(str(l) for l in all_lines)) log.info('total lines %s' % total_l) @@ -217,7 +222,7 @@ class IRADelModCallStack(ira): for assignblk in assignblks: dct = dict(assignblk) dct = { - dst:src for (dst, src) in dct.iteritems() if dst != self.sp + dst:src for (dst, src) in viewitems(dct) if dst != self.sp } out.append(AssignBlock(dct, assignblk.instr)) return out, extra @@ -238,21 +243,21 @@ if args.gen_ir: head = list(entry_points)[0] - for ad, asmcfg in all_funcs_blocks.items(): + for ad, asmcfg in viewitems(all_funcs_blocks): log.info("generating IR... %x" % ad) for block in asmcfg.blocks: ir_arch.add_asmblock_to_ircfg(block, ircfg) ir_arch_a.add_asmblock_to_ircfg(block, ircfg_a) log.info("Print blocks (without analyse)") - for label, block in ir_arch.blocks.iteritems(): - print block + for label, block in viewitems(ir_arch.blocks): + print(block) log.info("Gen Graph... %x" % ad) log.info("Print blocks (with analyse)") - for label, block in ir_arch_a.blocks.iteritems(): - print block + for label, block in viewitems(ir_arch_a.blocks): + print(block) if args.simplify > 0: log.info("Simplify...") @@ -289,7 +294,7 @@ if args.propagexpr: continue if reg in regs_todo: out[reg] = dst - return set(out.values()) + return set(viewvalues(out)) # Add dummy dependency to uncover out regs assignment for loc in ircfg_a.leaves(): @@ -317,7 +322,7 @@ if args.propagexpr: """ try: - _ = bs.getbytes(addr, size/8) + _ = bs.getbytes(addr, size // 8) except IOError: return False return True diff --git a/example/disasm/single_instr.py b/example/disasm/single_instr.py index d17e303f..70b37220 100644 --- a/example/disasm/single_instr.py +++ b/example/disasm/single_instr.py @@ -1,14 +1,15 @@ +from __future__ import print_function from miasm2.arch.x86.arch import mn_x86 from miasm2.arch.x86.regs import EDX from miasm2.core.locationdb import LocationDB loc_db = LocationDB() l = mn_x86.fromstring('MOV EAX, EBX', loc_db, 32) -print "instruction:", l -print "arg:", l.args[0] +print("instruction:", l) +print("arg:", l.args[0]) x = mn_x86.asm(l) -print x +print(x) l.args[0] = EDX y = mn_x86.asm(l) -print y -print mn_x86.dis(y[0], 32) +print(y) +print(mn_x86.dis(y[0], 32)) diff --git a/example/expression/access_c.py b/example/expression/access_c.py index b23ba81b..c6f26a10 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -39,10 +39,12 @@ Then, in the C generator: ExprCompose(var1, 0) => var1 """ - +from __future__ import print_function import sys +from future.utils import viewitems, viewvalues + from miasm2.analysis.machine import Machine from miasm2.analysis.binary import Container from miasm2.expression.expression import ExprOp, ExprCompose, ExprId, ExprInt @@ -57,21 +59,21 @@ from miasm2.core.ctypesmngr import CAstTypes, CTypePtr, CTypeStruct def find_call(ircfg): """Returns (irb, index) which call""" - for irb in ircfg.blocks.values(): + for irb in viewvalues(ircfg.blocks): out = set() if len(irb) < 2: continue assignblk = irb[-2] - for src in assignblk.itervalues(): + for src in viewvalues(assignblk): if not isinstance(src, ExprOp): continue if not src.op.startswith('call_func'): continue - out.add((irb, len(irb) - 2)) + out.add((irb.loc_key, len(irb) - 2)) if len(out) != 1: continue - irb, index = out.pop() - yield irb, index + loc_key, index = out.pop() + yield loc_key, index class MyExprToAccessC(ExprToAccessC): @@ -96,9 +98,10 @@ def get_funcs_arg0(ctx, ira, ircfg, lbl_head): g_dep = DependencyGraph(ircfg, follow_call=False) element = ira.arch.regs.RSI - for irb, index in find_call(ircfg): + for loc_key, index in find_call(ircfg): + irb = ircfg.get_block(loc_key) instr = irb[index].instr - print 'Analysing references from:', hex(instr.offset), instr + print('Analysing references from:', hex(instr.offset), instr) g_list = g_dep.get(irb.loc_key, set([element]), index, set([lbl_head])) for dep in g_list: emul_result = dep.emul(ira, ctx) @@ -113,7 +116,7 @@ class MyCHandler(CHandler): -data = open(sys.argv[1]).read() +data = open(sys.argv[1], 'rb').read() # Digest C information text = """ struct human { @@ -160,7 +163,7 @@ expr_types = {arg0: (ptr_llhuman,), mychandler = MyCHandler(types_mngr, expr_types) for expr in get_funcs_arg0(ctx, ir_arch_a, ircfg, lbl_head): - print "Access:", expr + print("Access:", expr) for c_str, ctype in mychandler.expr_to_c_and_types(expr): - print '\taccess:', c_str - print '\tc type:', ctype + print('\taccess:', c_str) + print('\tc type:', ctype) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 7036d960..16f766e1 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -1,5 +1,8 @@ +from __future__ import print_function from pdb import pm +from future.utils import viewitems + from miasm2.arch.x86.arch import mn_x86 from miasm2.core import parse_asm from miasm2.expression.expression import * @@ -27,11 +30,11 @@ loop: loc_db.set_location_offset(loc_db.get_name_location("main"), 0x0) for block in asmcfg.blocks: - print block + print(block) -print "symbols:" -print loc_db +print("symbols:") +print(loc_db) patches = asmblock.asm_resolve_final(mn_x86, asmcfg, loc_db) # Translate to IR @@ -39,16 +42,16 @@ ir_arch = ir_a_x86_32(loc_db) ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) # Display IR -for lbl, irblock in ircfg.blocks.items(): - print irblock +for lbl, irblock in viewitems(ircfg.blocks): + print(irblock) # Dead propagation open('graph.dot', 'w').write(ircfg.dot()) -print '*' * 80 +print('*' * 80) dead_simp(ir_arch, ircfg) open('graph2.dot', 'w').write(ircfg.dot()) # Display new IR -print 'new ir blocks' -for lbl, irblock in ircfg.blocks.items(): - print irblock +print('new ir blocks') +for lbl, irblock in viewitems(ircfg.blocks): + print(irblock) diff --git a/example/expression/basic_op.py b/example/expression/basic_op.py index 6032f483..8b5d7e2b 100644 --- a/example/expression/basic_op.py +++ b/example/expression/basic_op.py @@ -1,31 +1,32 @@ +from __future__ import print_function from miasm2.expression.expression import * -print """ +print(""" Simple expression manipulation demo -""" +""") # define 2 ID a = ExprId('eax', 32) b = ExprId('ebx', 32) -print a, b +print(a, b) # eax ebx # add those ID c = ExprOp('+', a, b) -print c +print(c) # (eax + ebx) # + automatically generates ExprOp('+', a, b) c = a + b -print c +print(c) # (eax + ebx) # ax is a slice of eax ax = a[:16] -print ax +print(ax) # eax[0:16] # memory deref d = ExprMem(c, 32) -print d +print(d) # @32[(eax + ebx)] diff --git a/example/expression/basic_simplification.py b/example/expression/basic_simplification.py index eefdc765..5ecf21db 100644 --- a/example/expression/basic_simplification.py +++ b/example/expression/basic_simplification.py @@ -1,9 +1,10 @@ +from __future__ import print_function from miasm2.expression.expression import * from miasm2.expression.simplifications import expr_simp -print """ +print(""" Simple expression simplification demo -""" +""") a = ExprId('eax', 32) @@ -14,6 +15,6 @@ exprs = [a + b - a, ExprCompose(a[:8], a[8:16])] for e in exprs: - print '*' * 40 - print 'original expression:', e - print "simplified:", expr_simp(e) + print('*' * 40) + print('original expression:', e) + print("simplified:", expr_simp(e)) diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index e70f8163..1259758b 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -25,7 +25,7 @@ args = parser.parse_args() machine = Machine("x86_32") -cont = Container.from_stream(open(args.filename)) +cont = Container.from_stream(open(args.filename, 'rb')) mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) ir_arch = machine.ira(mdis.loc_db) addr = int(args.address, 0) diff --git a/example/expression/export_llvm.py b/example/expression/export_llvm.py index a0af66b7..c8ee14a5 100644 --- a/example/expression/export_llvm.py +++ b/example/expression/export_llvm.py @@ -1,3 +1,5 @@ +from future.utils import viewitems, viewvalues + from argparse import ArgumentParser from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine @@ -12,7 +14,7 @@ parser.add_argument("--architecture", "-a", help="Force architecture") args = parser.parse_args() # This part focus on obtaining an IRCFG to transform # -cont = Container.from_stream(open(args.target)) +cont = Container.from_stream(open(args.target, 'rb')) machine = Machine(args.architecture if args.architecture else cont.arch) ir = machine.ir(cont.loc_db) dis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) @@ -47,12 +49,14 @@ func.init_fc() # ... all_regs = set() -for block in ircfg.blocks.itervalues(): +for block in viewvalues(ircfg.blocks): for irs in block.assignblks: - for dst, src in irs.get_rw(mem_read=True).iteritems(): + for dst, src in viewitems(irs.get_rw(mem_read=True)): elem = src.union(set([dst])) - all_regs.update(x for x in elem - if x.is_id()) + all_regs.update( + x for x in elem + if x.is_id() + ) reg2glob = {} for var in all_regs: @@ -70,7 +74,7 @@ for var in all_regs: func.from_ircfg(ircfg, append_ret=False) # Finish the saving of registers (temporary version to global) -for reg, glob in reg2glob.iteritems(): +for reg, glob in viewitems(reg2glob): value = func.builder.load(func.local_vars_pointers[reg.name]) func.builder.store(value, glob) diff --git a/example/expression/expr_c.py b/example/expression/expr_c.py index 37c9f510..83cc727b 100644 --- a/example/expression/expr_c.py +++ b/example/expression/expr_c.py @@ -3,6 +3,7 @@ Parse C expression to access variables and retrieve information: * Miasm expression to access this variable * variable type """ +from __future__ import print_function from miasm2.core.ctypesmngr import CTypeStruct, CAstTypes, CTypePtr from miasm2.arch.x86.ctype import CTypeAMD64_unk @@ -56,6 +57,6 @@ c_acceses = ["ptr->width", for c_str in c_acceses: expr = mychandler.c_to_expr(c_str) c_type = mychandler.c_to_type(c_str) - print 'C access:', c_str - print '\tExpr:', expr - print '\tType:', c_type + print('C access:', c_str) + print('\tExpr:', expr) + print('\tType:', c_type) diff --git a/example/expression/expr_grapher.py b/example/expression/expr_grapher.py index e0562852..e1643b03 100644 --- a/example/expression/expr_grapher.py +++ b/example/expression/expr_grapher.py @@ -1,6 +1,8 @@ +from __future__ import print_function + from miasm2.expression.expression import * -print "Simple Expression grapher demo" +print("Simple Expression grapher demo") a = ExprId("A", 32) b = ExprId("B", 32) @@ -8,13 +10,13 @@ c = ExprId("C", 32) d = ExprId("D", 32) m = ExprMem(a + b + c + a, 32) -e1 = ExprCompose(a + b - (c * a) / m | b, a + m) +e1 = ExprCompose(a + b - ((c * a) // m) | b, a + m) e2 = ExprInt(15, 64) e = ExprCond(d, e1, e2)[0:32] -print "[+] Expression:" -print e +print("[+] Expression:") +print(e) g = e.graph() -print "[+] Graph:" -print g.dot() +print("[+] Graph:") +print(g.dot()) diff --git a/example/expression/expr_random.py b/example/expression/expr_random.py index 66c09f2e..5ac3be06 100644 --- a/example/expression/expr_random.py +++ b/example/expression/expr_random.py @@ -1,22 +1,24 @@ +from __future__ import print_function +from builtins import range import string import random from miasm2.expression.expression_helper import ExprRandom -print "Simple expression generator\n" +print("Simple expression generator\n") depth = 8 seed = 0 random.seed(seed) -print "- An ID:" -print ExprRandom.identifier() -print "- A number:" -print ExprRandom.number() +print("- An ID:") +print(ExprRandom.identifier()) +print("- A number:") +print(ExprRandom.number()) -print "- 3 expressions (without cleaning expression cache):" -for i in xrange(3): - print "\t%s\n" % ExprRandom.get(depth=depth, clean=False) +print("- 3 expressions (without cleaning expression cache):") +for i in range(3): + print("\t%s\n" % ExprRandom.get(depth=depth, clean=False)) class ExprRandom_NoPerfect_NoReuse_UppercaseIdent(ExprRandom): """ExprRandom extension with: @@ -27,8 +29,8 @@ class ExprRandom_NoPerfect_NoReuse_UppercaseIdent(ExprRandom): perfect_tree = False reuse_element = False - identifier_charset = string.uppercase + identifier_charset = string.ascii_uppercase -print "- 3 expressions with a custom generator:" -for i in xrange(3): - print "\t%s\n" % ExprRandom_NoPerfect_NoReuse_UppercaseIdent.get(depth=depth) +print("- 3 expressions with a custom generator:") +for i in range(3): + print("\t%s\n" % ExprRandom_NoPerfect_NoReuse_UppercaseIdent.get(depth=depth)) diff --git a/example/expression/expr_translate.py b/example/expression/expr_translate.py index e1505dae..1a36a64c 100644 --- a/example/expression/expr_translate.py +++ b/example/expression/expr_translate.py @@ -1,5 +1,8 @@ +from __future__ import print_function import random +from future.utils import viewitems + from miasm2.expression.expression import * from miasm2.expression.expression_helper import ExprRandom from miasm2.ir.translators import Translator @@ -13,32 +16,32 @@ class ExprRandom_OpSubRange(ExprRandom): } -print "[+] Compute a random expression:" +print("[+] Compute a random expression:") expr = ExprRandom_OpSubRange.get(depth=8) -print "-> %s" % expr -print +print("-> %s" % expr) +print() target_exprs = {lang:Translator.to_language(lang).from_expr(expr) for lang in Translator.available_languages()} -for target_lang, target_expr in target_exprs.iteritems(): - print "[+] Translate in %s:" % target_lang - print target_expr - print +for target_lang, target_expr in viewitems(target_exprs): + print("[+] Translate in %s:" % target_lang) + print(target_expr) + print() -print "[+] Eval in Python:" +print("[+] Eval in Python:") def memory(addr, size): ret = random.randint(0, (1 << size) - 1) - print "Memory access: @0x%x -> 0x%x" % (addr, ret) + print("Memory access: @0x%x -> 0x%x" % (addr, ret)) return ret for expr_id in expr.get_r(mem_read=True): if isinstance(expr_id, ExprId): value = random.randint(0, (1 << expr_id.size) - 1) - print "Declare var: %s = 0x%x" % (expr_id.name, value) + print("Declare var: %s = 0x%x" % (expr_id.name, value)) globals()[expr_id.name] = value -print "-> 0x%x" % eval(target_exprs["Python"]) +print("-> 0x%x" % eval(target_exprs["Python"])) -print "[+] Validate the Miasm syntax rebuilding" +print("[+] Validate the Miasm syntax rebuilding") exprRebuild = eval(target_exprs["Miasm"]) assert(expr == exprRebuild) diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index 34d0f94a..0c8bb3dd 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -1,3 +1,7 @@ +from __future__ import print_function + +from future.utils import viewitems + from miasm2.arch.x86.arch import mn_x86 from miasm2.expression.expression import get_rw from miasm2.arch.x86.ira import ir_a_x86_32 @@ -6,10 +10,10 @@ from miasm2.core.locationdb import LocationDB loc_db = LocationDB() -print """ +print(""" Simple expression manipulation demo. Get read/written registers for a given instruction -""" +""") arch = mn_x86 ir_arch = ir_a_x86_32(loc_db) @@ -18,14 +22,14 @@ instr = arch.fromstring('LODSB', loc_db, 32) instr.offset, instr.l = 0, 15 ir_arch.add_instr_to_ircfg(instr, ircfg) -print '*' * 80 -for lbl, irblock in ircfg.blocks.iteritems(): - print irblock +print('*' * 80) +for lbl, irblock in viewitems(ircfg.blocks): + print(irblock) for assignblk in irblock: rw = assignblk.get_rw() - for dst, reads in rw.iteritems(): - print 'read: ', [str(x) for x in reads] - print 'written:', dst - print + for dst, reads in viewitems(rw): + print('read: ', [str(x) for x in reads]) + print('written:', dst) + print() open('graph_instr.dot', 'w').write(ircfg.dot()) diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 92bcf249..55159598 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -1,5 +1,8 @@ +from __future__ import print_function from argparse import ArgumentParser +from future.utils import viewitems, viewvalues + from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine from miasm2.expression.expression import get_expr_mem @@ -17,10 +20,6 @@ parser.add_argument("-s", "--symb", help="Symbolic execution mode", args = parser.parse_args() -def node_x_2_id(n, x): - return hash(str(n) + str(x)) & 0xffffffffffffffff - - def get_node_name(label, i, n): n_name = (label, i, n) return n_name @@ -30,8 +29,8 @@ def intra_block_flow_symb(ir_arch, _, flow_graph, irblock, in_nodes, out_nodes): symbols_init = ir_arch.arch.regs.regs_init.copy() sb = SymbolicExecutionEngine(ir_arch, symbols_init) sb.eval_updt_irblock(irblock) - print '*' * 40 - print irblock + print('*' * 40) + print(irblock) out = sb.modified(mems=False) @@ -86,14 +85,14 @@ def node2str(node): def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): - for irblock in ircfg.blocks.values(): - print irblock + for irblock in viewvalues(ircfg.blocks): + print(irblock) dead_simp(ir_arch, ircfg) irblock_0 = None - for irblock in ircfg.blocks.values(): + for irblock in viewvalues(ircfg.blocks): loc_key = irblock.loc_key offset = ircfg.loc_db.get_location_offset(loc_key) if offset == ad: @@ -110,15 +109,15 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): irb_in_nodes[label] = {} irb_out_nodes[label] = {} - for label, irblock in ircfg.blocks.iteritems(): + for label, irblock in viewitems(ircfg.blocks): block_flow_cb(ir_arch, ircfg, flow_graph, irblock, irb_in_nodes[label], irb_out_nodes[label]) for label in ircfg.blocks: - print label - print 'IN', [str(x) for x in irb_in_nodes[label]] - print 'OUT', [str(x) for x in irb_out_nodes[label]] + print(label) + print('IN', [str(x) for x in irb_in_nodes[label]]) + print('OUT', [str(x) for x in irb_out_nodes[label]]) - print '*' * 20, 'interblock', '*' * 20 + print('*' * 20, 'interblock', '*' * 20) inter_block_flow(ir_arch, ircfg, flow_graph, irblock_0.loc_key, irb_in_nodes, irb_out_nodes) # from graph_qt import graph_qt @@ -128,22 +127,22 @@ def gen_block_data_flow_graph(ir_arch, ircfg, ad, block_flow_cb): ad = int(args.addr, 16) -print 'disasm...' -cont = Container.from_stream(open(args.filename)) +print('disasm...') +cont = Container.from_stream(open(args.filename, 'rb')) machine = Machine("x86_32") mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) mdis.follow_call = True asmcfg = mdis.dis_multiblock(ad) -print 'ok' +print('ok') -print 'generating dataflow graph for:' +print('generating dataflow graph for:') ir_arch_analysis = machine.ira(mdis.loc_db) ircfg = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) -for irblock in ircfg.blocks.values(): - print irblock +for irblock in viewvalues(ircfg.blocks): + print(irblock) if args.symb: @@ -153,11 +152,11 @@ else: gen_block_data_flow_graph(ir_arch_analysis, ircfg, ad, block_flow_cb) -print '*' * 40 -print """ +print('*' * 40) +print(""" View with: dotty dataflow.dot or Generate ps with pdf: dot -Tps dataflow_xx.dot -o graph.ps -""" +""") diff --git a/example/expression/simplification_add.py b/example/expression/simplification_add.py index 621d1139..6ac36a17 100644 --- a/example/expression/simplification_add.py +++ b/example/expression/simplification_add.py @@ -1,13 +1,14 @@ +from __future__ import print_function import miasm2.expression.expression as m2_expr from miasm2.expression.simplifications import expr_simp from pdb import pm -print """ +print(""" Expression simplification demo: Adding a simplification: a + a + a == a * 3 More detailed examples can be found in miasm2/expression/simplification*. -""" +""") # Define the simplification method ## @expr_simp is the current expression simplifier instance @@ -32,14 +33,14 @@ def simp_add_mul(expr_simp, expr): a = m2_expr.ExprId('a', 32) base_expr = a + a + a -print "Without adding the simplification:" -print "\t%s = %s" % (base_expr, expr_simp(base_expr)) +print("Without adding the simplification:") +print("\t%s = %s" % (base_expr, expr_simp(base_expr))) # Enable pass expr_simp.enable_passes({m2_expr.ExprOp: [simp_add_mul]}) -print "After adding the simplification:" -print "\t%s = %s" % (base_expr, expr_simp(base_expr)) +print("After adding the simplification:") +print("\t%s = %s" % (base_expr, expr_simp(base_expr))) # Automatic fail assert(expr_simp(base_expr) == m2_expr.ExprOp("*", a, diff --git a/example/expression/simplification_tools.py b/example/expression/simplification_tools.py index cb062fb3..a9bcc429 100644 --- a/example/expression/simplification_tools.py +++ b/example/expression/simplification_tools.py @@ -1,10 +1,11 @@ +from __future__ import print_function from miasm2.expression.expression import * from pdb import pm -print """ +print(""" Expression simplification demo. (and regression test) -""" +""") a = ExprId('a', 32) @@ -39,26 +40,26 @@ def replace_expr(e): return e -print x +print(x) y = x.visit(replace_expr) -print y -print x.copy() -print y.copy() -print y == y.copy() -print repr(y), repr(y.copy()) +print(y) +print(x.copy()) +print(y.copy()) +print(y == y.copy()) +print(repr(y), repr(y.copy())) z = ExprCompose(a[5:5 + 8], b[:16], x[:8]) -print z -print z.copy() -print z[:31].copy().visit(replace_expr) +print(z) +print(z.copy()) +print(z[:31].copy().visit(replace_expr)) -print 'replace' -print x.replace_expr({c + ExprInt(0x42, 32): d, - a + b: c, }) -print z.replace_expr({c + ExprInt(0x42, 32): d, - a + b: c, }) +print('replace') +print(x.replace_expr({c + ExprInt(0x42, 32): d, + a + b: c, })) +print(z.replace_expr({c + ExprInt(0x42, 32): d, + a + b: c, })) u = z.copy() -print u +print(u) diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index c79dd0b8..e0ab09da 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -1,8 +1,11 @@ +from __future__ import print_function import sys import subprocess from optparse import OptionParser from pdb import pm +from future.utils import viewitems + from miasm2.analysis.machine import Machine from miasm2.analysis.binary import Container from miasm2.expression.expression import ExprInt, ExprCond, ExprId, \ @@ -29,9 +32,9 @@ if not args: def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): while states_todo: addr, symbols, conds = states_todo.pop() - print '*' * 40, "addr", addr, '*' * 40 + print('*' * 40, "addr", addr, '*' * 40) if (addr, symbols, conds) in states_done: - print 'Known state, skipping', addr + print('Known state, skipping', addr) continue states_done.add((addr, symbols, conds)) symbexec = SymbolicExecutionEngine(ir_arch) @@ -40,10 +43,10 @@ def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): del symbexec.symbols[ir_arch.pc] irblock = get_block(ir_arch, ircfg, mdis, addr) - print 'Run block:' - print irblock + print('Run block:') + print(irblock) addr = symbexec.eval_updt_irblock(irblock) - print 'Final state:' + print('Final state:') symbexec.dump(mems=False) assert addr is not None @@ -55,16 +58,16 @@ def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): addr_b = expr_simp(symbexec.eval_expr(addr.replace_expr(cond_group_b), {})) if not (addr_a.is_int() or addr_a.is_loc() and addr_b.is_int() or addr_b.is_loc()): - print str(addr_a), str(addr_b) + print(str(addr_a), str(addr_b)) raise ValueError("Unsupported condition") if isinstance(addr_a, ExprInt): addr_a = int(addr_a.arg) if isinstance(addr_b, ExprInt): addr_b = int(addr_b.arg) - states_todo.add((addr_a, symbexec.symbols.copy(), tuple(list(conds) + cond_group_a.items()))) - states_todo.add((addr_b, symbexec.symbols.copy(), tuple(list(conds) + cond_group_b.items()))) + states_todo.add((addr_a, symbexec.symbols.copy(), tuple(list(conds) + list(viewitems(cond_group_a))))) + states_todo.add((addr_b, symbexec.symbols.copy(), tuple(list(conds) + list(viewitems(cond_group_b))))) elif addr == ret_addr: - print 'Return address reached' + print('Return address reached') continue elif addr.is_int(): addr = int(addr.arg) @@ -81,7 +84,7 @@ if __name__ == '__main__': addr = int(options.address, 16) - cont = Container.from_stream(open(args[0])) + cont = Container.from_stream(open(args[0], 'rb')) mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) ir_arch = machine.ir(mdis.loc_db) ircfg = ir_arch.new_ircfg() @@ -120,7 +123,7 @@ if __name__ == '__main__': for instr in block.lines: for i, arg in enumerate(instr.args): instr.args[i]= arg.replace_expr(fix_args) - print block + print(block) # add fake address and len to parsed instructions ir_arch.add_asmblock_to_ircfg(block, ircfg) @@ -139,12 +142,12 @@ if __name__ == '__main__': all_info = [] - print '*' * 40, 'conditions to match', '*' * 40 - for addr, symbols, conds in sorted(states_done): - print '*' * 40, addr, '*' * 40 + print('*' * 40, 'conditions to match', '*' * 40) + for addr, symbols, conds in sorted(states_done, key=str): + print('*' * 40, addr, '*' * 40) reqs = [] for k, v in conds: - print k, v + print(k, v) reqs.append((k, v)) all_info.append((addr, reqs)) @@ -179,14 +182,14 @@ if __name__ == '__main__': "-p", '--SMTLIB2', "out.dot"]) except OSError: - print "Cannot find stp binary!" + print("Cannot find stp binary!") break for c in cases.split('\n'): if c.startswith('ASSERT'): all_cases.add((addr, c)) - print '*' * 40, 'ALL COND', '*' * 40 + print('*' * 40, 'ALL COND', '*' * 40) all_cases = list(all_cases) all_cases.sort(key=lambda x: (x[0], x[1])) for addr, val in all_cases: - print 'Address:', addr, 'is reachable using argc', val + print('Address:', addr, 'is reachable using argc', val) diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 61bc747f..a043b9c9 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -1,7 +1,10 @@ +from __future__ import print_function import ida_kernwin import idc import ida_funcs +from future.utils import viewitems + from miasm2.core.bin_stream_ida import bin_stream_ida from miasm2.expression import expression as m2_expr from miasm2.expression.simplifications import expr_simp @@ -198,11 +201,12 @@ class SymbExecCTypeFix(SymbExecCType): for c_str, c_type in self.chandler.expr_to_c_and_types(expr, self.symbols): expr = self.cst_propag_link.get((irb.loc_key, index), {}).get(expr, expr) offset2cmt.setdefault(instr.offset, set()).add( - "\n%s: %s\n%s" % (expr, c_str, c_type)) + "\n%s: %s\n%s" % (expr, c_str, c_type) + ) self.eval_updt_assignblk(assignblk) - for offset, value in offset2cmt.iteritems(): + for offset, value in viewitems(offset2cmt): idc.MakeComm(offset, '\n'.join(value)) - print "%x\n" % offset, '\n'.join(value) + print("%x\n" % offset, '\n'.join(value)) return self.eval_expr(self.ir_arch.IRDst) @@ -222,11 +226,11 @@ def get_ira_call_fixer(ira): class iraCallStackFixer(ira): def call_effects(self, ad, instr): - print hex(instr.offset), instr + print(hex(instr.offset), instr) stk_before = idc.GetSpd(instr.offset) stk_after = idc.GetSpd(instr.offset + instr.l) stk_diff = stk_after - stk_before - print hex(stk_diff) + print(hex(stk_diff)) call_assignblk = AssignBlock( [ ExprAssign(self.ret_reg, ExprOp('call_func_ret', ad)), @@ -299,8 +303,8 @@ def analyse_function(): ) ctype = mychandler.types_mngr.types_ast.ast_parse_declaration(ast.ext[0]) objc = types_mngr.get_objc(ctype) - print '=' * 20 - print expr, objc + print('=' * 20) + print(expr, objc) infos_types[expr] = set([objc]) # Add fake head @@ -344,7 +348,7 @@ def analyse_function(): symbexec_engine.get_state() ) - for lbl, state in states.iteritems(): + for lbl, state in viewitems(states): if lbl not in ircfg.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index 2c79c05d..3de19cbc 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -1,11 +1,17 @@ +from __future__ import print_function +from builtins import map +from builtins import range import os import tempfile +from future.utils import viewitems, viewvalues + import idautils import idc import ida_funcs import ida_kernwin + from miasm2.core.bin_stream_ida import bin_stream_ida from miasm2.core.asmblock import * from miasm2.expression import expression as m2_expr @@ -23,12 +29,13 @@ class depGraphSettingsForm(ida_kernwin.Form): self.ira = ira self.ircfg = ircfg - self.stk_args = {'ARG%d' % i:i for i in xrange(10)} + self.stk_args = {'ARG%d' % i:i for i in range(10)} self.stk_unalias_force = False self.address = idc.ScreenEA() cur_block = None - for block in ircfg.getby_offset(self.address): + for loc_key in ircfg.getby_offset(self.address): + block = ircfg.get_block(loc_key) offset = self.ircfg.loc_db.get_location_offset(block.loc_key) if offset is not None: # Only one block non-generated @@ -41,11 +48,11 @@ class depGraphSettingsForm(ida_kernwin.Form): break assert line_nb is not None cur_loc_key = str(cur_block.loc_key) - loc_keys = sorted(map(str, ircfg.blocks.keys())) - regs = sorted(ira.arch.regs.all_regs_ids_byname.keys()) - regs += self.stk_args.keys() + loc_keys = sorted(map(str, ircfg.blocks)) + regs = sorted(ira.arch.regs.all_regs_ids_byname) + regs += list(self.stk_args) reg_default = regs[0] - for i in xrange(10): + for i in range(10): opnd = idc.GetOpnd(self.address, i).upper() if opnd in regs: reg_default = opnd @@ -121,7 +128,7 @@ Method to use: line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.GetSpd(line.offset), ir_arch.sp.size) - stk_off = m2_expr.ExprInt(self.ira.sp.size/8 * arg_num, ir_arch.sp.size) + stk_off = m2_expr.ExprInt(self.ira.sp.size // 8 * arg_num, ir_arch.sp.size) element = m2_expr.ExprMem(mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.ira.sp.size) element = expr_simp(element) # Force stack unaliasing @@ -162,33 +169,33 @@ def treat_element(): global graphs, comments, sol_nb, settings, addr, ir_arch, ircfg try: - graph = graphs.next() + graph = next(graphs) except StopIteration: comments = {} - print "Done: %d solutions" % (sol_nb) + print("Done: %d solutions" % (sol_nb)) return sol_nb += 1 - print "Get graph number %02d" % sol_nb + print("Get graph number %02d" % sol_nb) filename = os.path.join(tempfile.gettempdir(), "solution_0x%08x_%02d.dot" % (addr, sol_nb)) - print "Dump the graph to %s" % filename + print("Dump the graph to %s" % filename) open(filename, "w").write(graph.graph.dot()) for node in graph.relevant_nodes: try: offset = ircfg.blocks[node.loc_key][node.line_nb].instr.offset except IndexError: - print "Unable to highlight %s" % node + print("Unable to highlight %s" % node) continue comments[offset] = comments.get(offset, []) + [node.element] idc.SetColor(offset, idc.CIC_ITEM, settings.color) if graph.has_loop: - print 'Graph has dependency loop: symbolic execution is inexact' + print('Graph has dependency loop: symbolic execution is inexact') else: - print "Possible value: %s" % graph.emul(ir_arch).values()[0] + print("Possible value: %s" % next(iter(viewvalues(graph.emul(ir_arch))))) - for offset, elements in comments.iteritems(): + for offset, elements in viewitems(comments): idc.MakeComm(offset, ", ".join(map(str, elements))) def next_element(): @@ -228,7 +235,7 @@ def launch_depgraph(): loc_key, elements, line_nb = settings.loc_key, settings.elements, settings.line_nb # Simplify assignments - for irb in ircfg.blocks.values(): + for irb in list(viewvalues(ircfg.blocks)): irs = [] offset = ir_arch.loc_db.get_location_offset(irb.loc_key) fix_stack = offset is not None and settings.unalias_stack @@ -238,7 +245,7 @@ def launch_depgraph(): fix_dct = {ir_arch.sp: mn.regs.regs_init[ir_arch.sp] + stk_high} new_assignblk = {} - for dst, src in assignblk.iteritems(): + for dst, src in viewitems(assignblk): if fix_stack: src = src.replace_expr(fix_dct) if dst != ir_arch.sp: diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index 8026174d..de46c22d 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -1,11 +1,16 @@ +from __future__ import print_function import os import tempfile +from builtins import int as int_types + +from future.utils import viewitems, viewvalues import idaapi import ida_kernwin import idc import ida_funcs import idautils + from miasm2.core.asmblock import is_int from miasm2.core.bin_stream_ida import bin_stream_ida from miasm2.expression.simplifications import expr_simp @@ -89,9 +94,9 @@ def label_init(self, name="", offset=None): def label_str(self): - if isinstance(self.offset, (int, long)): + if isinstance(self.offset, int_types): return "%s:0x%x" % (self.name, self.offset) - return "%s:%s" % (self.name, str(self.offset)) + return "%s:%s" % (self.name, self.offset) def color_irblock(irblock, ir_arch): @@ -99,7 +104,7 @@ def color_irblock(irblock, ir_arch): lbl = idaapi.COLSTR("%s:" % ir_arch.loc_db.pretty_str(irblock.loc_key), idaapi.SCOLOR_INSN) out.append(lbl) for assignblk in irblock: - for dst, src in sorted(assignblk.iteritems()): + for dst, src in sorted(viewitems(assignblk)): dst_f = expr2colorstr(dst, loc_db=ir_arch.loc_db) src_f = expr2colorstr(src, loc_db=ir_arch.loc_db) line = idaapi.COLSTR("%s = %s" % (dst_f, src_f), idaapi.SCOLOR_INSN) @@ -120,11 +125,11 @@ class GraphMiasmIR(idaapi.GraphViewer): def OnRefresh(self): self.Clear() addr_id = {} - for irblock in self.ircfg.blocks.values(): + for irblock in viewvalues(self.ircfg.blocks): id_irblock = self.AddNode(color_irblock(irblock, self.ircfg)) addr_id[irblock] = id_irblock - for irblock in self.ircfg.blocks.values(): + for irblock in viewvalues(self.ircfg.blocks): if not irblock: continue all_dst = self.ircfg.dst_trackback(irblock) @@ -164,7 +169,7 @@ def is_addr_ro_variable(bs, addr, size): """ try: - _ = bs.getbytes(addr, size/8) + _ = bs.getbytes(addr, size // 8) except IOError: return False return True @@ -183,18 +188,18 @@ def build_graph(start_addr, type_graph, simplify=False, dontmodstack=True, loadi for assignblk in assignblks: dct = dict(assignblk) dct = { - dst:src for (dst, src) in dct.iteritems() if dst != self.sp + dst:src for (dst, src) in viewitems(dct) if dst != self.sp } out.append(AssignBlock(dct, assignblk.instr)) return out, extra if verbose: - print "Arch", dis_engine + print("Arch", dis_engine) fname = idc.GetInputFile() if verbose: - print fname + print(fname) bs = bin_stream_ida() mdis = dis_engine(bs) @@ -212,28 +217,28 @@ def build_graph(start_addr, type_graph, simplify=False, dontmodstack=True, loadi mdis.loc_db.add_location(name, addr) if verbose: - print "start disasm" + print("start disasm") if verbose: - print hex(start_addr) + print(hex(start_addr)) asmcfg = mdis.dis_multiblock(start_addr) entry_points = set([mdis.loc_db.get_offset_location(start_addr)]) if verbose: - print "generating graph" + print("generating graph") open('asm_flow.dot', 'w').write(asmcfg.dot()) - print "generating IR... %x" % start_addr + print("generating IR... %x" % start_addr) ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) if verbose: - print "IR ok... %x" % start_addr + print("IR ok... %x" % start_addr) - for irb in ircfg.blocks.itervalues(): + for irb in list(viewvalues(ircfg.blocks)): irs = [] for assignblk in irb: new_assignblk = { expr_simp(dst): expr_simp(src) - for dst, src in assignblk.iteritems() + for dst, src in viewitems(assignblk) } irs.append(AssignBlock(new_assignblk, instr=assignblk.instr)) ircfg.blocks[irb.loc_key] = IRBlock(irb.loc_key, irs) @@ -268,7 +273,7 @@ def build_graph(start_addr, type_graph, simplify=False, dontmodstack=True, loadi continue if reg in regs_todo: out[reg] = dst - return set(out.values()) + return set(viewvalues(out)) diff --git a/example/ida/rpyc_ida.py b/example/ida/rpyc_ida.py index 21faf43a..6c18fb7a 100644 --- a/example/ida/rpyc_ida.py +++ b/example/ida/rpyc_ida.py @@ -1,4 +1,5 @@ """rpyc IDA server""" +from __future__ import print_function from rpyc.utils.server import OneShotServer from rpyc.core import SlaveService @@ -11,7 +12,7 @@ def serve_threaded(hostname="localhost", port=4455): WARNING: IDA will be locked until the client script terminates. """ - print 'Running server' + print('Running server') server = OneShotServer(SlaveService, hostname=hostname, port=port, reuse_addr=True, ipv6=False, authenticator=None, diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index e004b1b6..aa1d57fe 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -1,7 +1,12 @@ +from __future__ import print_function import operator +from future.utils import viewitems + import idaapi import idc + + from miasm2.expression.expression_helper import Variables_Identifier from miasm2.expression.expression import ExprAssign @@ -49,10 +54,12 @@ class symbolicexec_t(idaapi.simplecustviewer_t): element = self.line2eq[linenum] expanded = Variables_Identifier(element[1], var_prefix="%s_v" % element[0]) - self.line2eq = self.line2eq[0:linenum] + \ - expanded.vars.items() + \ - [(element[0], expanded.equation)] + \ + self.line2eq = ( + self.line2eq[0:linenum] + + list(viewitems(expanded.vars)) + + [(element[0], expanded.equation)] + self.line2eq[linenum + 1:] + ) def print_lines(self): self.ClearLines() @@ -75,7 +82,7 @@ class symbolicexec_t(idaapi.simplecustviewer_t): self.machine = machine self.loc_db = loc_db - self.line2eq = sorted(equations.items(), key=operator.itemgetter(0)) + self.line2eq = sorted(viewitems(equations), key=operator.itemgetter(0)) self.lines_expanded = set() self.print_lines() @@ -144,7 +151,7 @@ def symbolic_exec(): ira = machine.ira(loc_db=mdis.loc_db) ircfg = ira.new_ircfg_from_asmcfg(asmcfg) - print "Run symbolic execution..." + print("Run symbolic execution...") sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) sb.run_at(ircfg, start) modified = {} @@ -192,7 +199,7 @@ if __name__ == '__main__': idaapi.CompileLine('static key_F3() { RunPythonStatement("symbolic_exec()"); }') idc.AddHotkey("F3", "key_F3") - print "=" * 50 - print """Available commands: + print("=" * 50) + print("""Available commands: symbolic_exec() - F3: Symbolic execution of current selection - """ + """) diff --git a/example/ida/utils.py b/example/ida/utils.py index a64973f1..b6d5dac4 100644 --- a/example/ida/utils.py +++ b/example/ida/utils.py @@ -1,3 +1,5 @@ +from __future__ import print_function +from builtins import map import idaapi from idc import * @@ -67,7 +69,7 @@ def guess_machine(addr=None): elif processor_name == "PPC": machine = Machine("ppc32b") else: - print repr(processor_name) + print(repr(processor_name)) raise NotImplementedError('not fully functional') return machine @@ -204,7 +206,7 @@ Python Expression dest_lang = self.languages[self.GetControlValue(self.cbLanguage)] try: text = Translator.to_language(dest_lang).from_expr(self.expr) - except Exception, error: + except Exception as error: self.ShowField(self.result, False) return -1 diff --git a/example/jitter/arm.py b/example/jitter/arm.py index e475abeb..86772874 100755 --- a/example/jitter/arm.py +++ b/example/jitter/arm.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function import logging from pdb import pm @@ -22,7 +23,7 @@ else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) # Run the code sb.run() diff --git a/example/jitter/arm_sc.py b/example/jitter/arm_sc.py index 7720ad68..b81d3784 100755 --- a/example/jitter/arm_sc.py +++ b/example/jitter/arm_sc.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from miasm2.core.utils import int_to_byte from miasm2.analysis.sandbox import Sandbox_Linux_armb_str from miasm2.analysis.sandbox import Sandbox_Linux_arml_str from elfesteem.strpatchwork import StrPatchwork @@ -35,8 +36,8 @@ stop = sb.jitter.cpu.R1 s = sb.jitter.vm.get_mem(start, stop-start) s = StrPatchwork(s) for i, c in enumerate(s): - s[i] = chr(ord(c)^0x11) -s = str(s) -assert(s == "test string\x00") + s[i] = int_to_byte(ord(c)^0x11) +s = bytes(s) +assert(s == b"test string\x00") diff --git a/example/jitter/example_types.py b/example/jitter/example_types.py index bcf9bf70..d0751bbd 100755 --- a/example/jitter/example_types.py +++ b/example/jitter/example_types.py @@ -4,7 +4,9 @@ For a more complete view of what is possible, tests/core/types.py covers most of the module possibilities, and the module doc gives useful information as well. """ +from __future__ import print_function +from miasm2.core.utils import iterbytes from miasm2.analysis.machine import Machine from miasm2.core.types import MemStruct, Self, Void, Str, Array, Ptr, \ Num, Array, set_allocator @@ -145,9 +147,9 @@ class DataStr(MemStruct): ] -print "This script demonstrates a LinkedList implementation using the types " -print "module in the first part, and how to play with some casts in the second." -print +print("This script demonstrates a LinkedList implementation using the types ") +print("module in the first part, and how to play with some casts in the second.") +print() # A random jitter # You can also use miasm2.jitter.VmMngr.Vm(), but it does not happen in real @@ -172,17 +174,17 @@ assert link.size == 3 # If you get it directly from the VM, it is updated as well raw_size = vm.get_mem(link.get_addr("size"), link.get_type() .get_field_type("size").size) -assert raw_size == '\x03\x00\x00\x00' +assert raw_size == b'\x03\x00\x00\x00' -print "The linked list just built:" -print repr(link), '\n' +print("The linked list just built:") +print(repr(link), '\n') -print "Its uninitialized data elements:" +print("Its uninitialized data elements:") for data in link: # __iter__ returns MemVoids here, just cast them to the real data type real_data = data.cast(DataArray) - print repr(real_data) -print + print(repr(real_data)) +print() # Now let's play with one data data = link.pop(DataArray) @@ -196,9 +198,9 @@ assert data.arrayptr.deref == data.array # Let's say that it is a DataStr: datastr = data.cast(DataStr) -print "First element casted to DataStr:" -print repr(datastr) -print +print("First element casted to DataStr:") +print(repr(datastr)) +print() # data and datastr really share the same memory: data.val1 = 0x34 @@ -212,29 +214,29 @@ memstr = datastr.data.deref # Note that memstr is Str("utf16") memstr.val = 'Miams' -print "Cast data.array to MemStr and set the string value:" -print repr(memstr) -print +print("Cast data.array to MemStr and set the string value:") +print(repr(memstr)) +print() # If you followed, memstr and data.array point to the same object, so: -raw_miams = '\x00'.join('Miams') + '\x00'*3 -raw_miams_array = [ord(c) for c in raw_miams] +raw_miams = 'Miams'.encode('utf-16le') + b'\x00'*2 +raw_miams_array = [ord(c) for c in iterbytes(raw_miams)] assert list(data.array)[:len(raw_miams_array)] == raw_miams_array assert data.array.cast(Str("utf16")) == memstr # Default is "ansi" assert data.array.cast(Str()) != memstr assert data.array.cast(Str("utf16")).val == memstr.val -print "See that the original array has been modified:" -print repr(data) -print +print("See that the original array has been modified:") +print(repr(data)) +print() # Some type manipulation examples, for example let's construct an argv for # a program: # Let's say that we have two arguments, +1 for the program name and +1 for the # final null ptr in argv, the array has 4 elements: argv_t = Array(Ptr("<I", Str()), 4) -print "3 arguments argv type:", argv_t +print("3 arguments argv type:", argv_t) # alloc argv somewhere argv = argv_t.lval(vm) @@ -249,10 +251,10 @@ argv[3].val = 0 # If you changed your mind on the second arg, you could do: argv[2].deref.val = "42" -print "An argv instance:", repr(argv) -print "argv values:", repr([val.deref.val for val in argv[:-1]]) -print +print("An argv instance:", repr(argv)) +print("argv values:", repr([val.deref.val for val in argv[:-1]])) +print() -print "See test/core/types.py and the miasm2.core.types module doc for " -print "more information." +print("See test/core/types.py and the miasm2.core.types module doc for ") +print("more information.") diff --git a/example/jitter/mips32.py b/example/jitter/mips32.py index 70181a2a..2eb06c87 100755 --- a/example/jitter/mips32.py +++ b/example/jitter/mips32.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function from argparse import ArgumentParser from miasm2.analysis import debugging from miasm2.jitter.csts import * @@ -44,12 +45,16 @@ def jit_mips32_binary(args): trace_new_blocks=args.log_newbloc ) - myjit.vm.add_memory_page(0, PAGE_READ | PAGE_WRITE, open(filepath).read()) + myjit.vm.add_memory_page( + 0, + PAGE_READ | PAGE_WRITE, + open(filepath, 'rb').read() + ) myjit.add_breakpoint(0x1337BEEF, code_sentinelle) # for stack - myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, "\x00"*0x1000) + myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, b"\x00"*0x1000) myjit.cpu.SP = 0xF800 diff --git a/example/jitter/msp430.py b/example/jitter/msp430.py index 36e45421..1ecb4cef 100755 --- a/example/jitter/msp430.py +++ b/example/jitter/msp430.py @@ -1,5 +1,6 @@ #! /usr/bin/env python2 #-*- coding:utf-8 -*- +from __future__ import print_function from argparse import ArgumentParser from miasm2.analysis import debugging from miasm2.jitter.csts import * @@ -39,12 +40,16 @@ def jit_msp430_binary(args): trace_new_blocks=args.log_newbloc ) - myjit.vm.add_memory_page(0, PAGE_READ | PAGE_WRITE, open(filepath, "rb").read()) + myjit.vm.add_memory_page( + 0, + PAGE_READ | PAGE_WRITE, + open(filepath, "rb").read() + ) myjit.add_breakpoint(0x1337, lambda _: exit(0)) # for stack - myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, "\x00"*0x1000) + myjit.vm.add_memory_page(0xF000, PAGE_READ | PAGE_WRITE, b"\x00"*0x1000) myjit.cpu.SP = 0xF800 diff --git a/example/jitter/run_with_linuxenv.py b/example/jitter/run_with_linuxenv.py index f4900a96..fda76f9a 100644 --- a/example/jitter/run_with_linuxenv.py +++ b/example/jitter/run_with_linuxenv.py @@ -24,8 +24,8 @@ if args.verbose: syscall.log.setLevel(logging.DEBUG) # Get corresponding interpreter and reloc address -cont_target_tmp = Container.from_stream(open(args.target)) -ld_path = str(cont_target_tmp.executable.getsectionbyname(".interp").content).strip("\x00") +cont_target_tmp = Container.from_stream(open(args.target, 'rb')) +ld_path = bytes(cont_target_tmp.executable.getsectionbyname(".interp").content).strip(b"\x00") if cont_target_tmp.executable.Ehdr.type in [elf_csts.ET_REL, elf_csts.ET_DYN]: elf_base_addr = 0x40000000 elif cont_target_tmp.executable.Ehdr.type == elf_csts.ET_EXEC: @@ -52,29 +52,38 @@ else: # Load the interpreter in memory, applying relocation linux_env = LinuxEnvironment() -linux_env.filesystem.passthrough.append(re.compile(args.passthrough)) +linux_env.filesystem.passthrough.append(re.compile(args.passthrough.encode())) ld_path = linux_env.filesystem.resolve_path(ld_path) -cont_ld = Container.from_stream(open(ld_path), - vm=jitter.vm, - addr=0x80000000, - apply_reloc=True) +cont_ld = Container.from_stream( + open(ld_path, "rb"), + vm=jitter.vm, + addr=0x80000000, + apply_reloc=True +) # Load the target ELF in memory, without applying reloc loc_db = cont_ld.loc_db -cont_target = Container.from_stream(open(args.target), vm=jitter.vm, - loc_db=loc_db, - addr=elf_base_addr, - apply_reloc=False) +cont_target = Container.from_stream( + open(args.target, "rb"), + vm=jitter.vm, + loc_db=loc_db, + addr=elf_base_addr, + apply_reloc=False +) # PHDR containing the PH header -elf_phdr_header = [ph32.ph for ph32 in cont_target.executable.ph - if ph32.ph.type == elf_csts.PT_PHDR][0] +elf_phdr_header = next( + ph32.ph for ph32 in cont_target.executable.ph + if ph32.ph.type == elf_csts.PT_PHDR +) # Prepare the desired environment -argv = [args.target] + args.extra_args +argv = [args.target.encode()] + [arg.encode() for arg in args.extra_args] if args.flags: argv += ["-%s" % args.flags] -envp = {"PATH": "/usr/local/bin", "USER": linux_env.user_name} -auxv = environment.AuxVec(elf_base_addr + elf_phdr_header.vaddr, - cont_target.entry_point, linux_env) +envp = {b"PATH": b"/usr/local/bin", b"USER": linux_env.user_name} +auxv = environment.AuxVec( + elf_base_addr + elf_phdr_header.vaddr, + cont_target.entry_point, linux_env +) prepare_loader(jitter, argv, envp, auxv, linux_env) syscall.enable_syscall_handling(jitter, linux_env, syscall_callbacks) diff --git a/example/jitter/sandbox_elf_ppc32.py b/example/jitter/sandbox_elf_ppc32.py index c5960e8e..04ecfd9e 100644 --- a/example/jitter/sandbox_elf_ppc32.py +++ b/example/jitter/sandbox_elf_ppc32.py @@ -5,12 +5,6 @@ from miasm2.jitter.csts import * from miasm2.jitter.jitload import log_func import logging - -# Python auto completion -filename = os.environ.get('PYTHONSTARTUP') -if filename and os.path.isfile(filename): - execfile(filename) - # Insert here user defined methods # Parse arguments diff --git a/example/jitter/trace.py b/example/jitter/trace.py index e1683450..9f025bfd 100644 --- a/example/jitter/trace.py +++ b/example/jitter/trace.py @@ -6,6 +6,8 @@ This example demonstrates two instrumentation possibility: Note: for better performance, one can also extend Codegen to produce instrumentation at the C / LLVM level """ +from __future__ import print_function + import os import time from pdb import pm @@ -26,11 +28,11 @@ class ESETrackMemory(EmulatedSymbExec): def mem_read(self, expr_mem): value = super(ESETrackMemory, self).mem_read(expr_mem) - print "Read %s: %s" % (expr_mem, value) + print("Read %s: %s" % (expr_mem, value)) return value def mem_write(self, dest, data): - print "Write %s: %s" % (dest, data) + print("Write %s: %s" % (dest, data)) return super(ESETrackMemory, self).mem_write(dest, data) # Parse arguments @@ -55,4 +57,4 @@ sb.run() stop_time = time.time() assert sb.jitter.run is False -print "Instr speed: %02.f / sec" % (instr_count / (stop_time - start_time)) +print("Instr speed: %02.f / sec" % (instr_count / (stop_time - start_time))) diff --git a/example/jitter/unpack_upx.py b/example/jitter/unpack_upx.py index 6bcef1ab..5d862dd1 100644 --- a/example/jitter/unpack_upx.py +++ b/example/jitter/unpack_upx.py @@ -1,3 +1,4 @@ +from __future__ import print_function import os import logging from pdb import pm @@ -12,12 +13,12 @@ def kernel32_GetProcAddress(jitter): # When the function is called, EBX is a pointer to the destination buffer dst_ad = jitter.cpu.EBX - logging.info('EBX ' + hex(dst_ad)) + logging.error('EBX ' + hex(dst_ad)) # Handle ordinal imports fname = (args.fname if args.fname < 0x10000 else jitter.get_str_ansi(args.fname)) - logging.info(fname) + logging.error(fname) # Get the generated address of the library, and store it in memory to # dst_ad @@ -38,6 +39,7 @@ parser.add_argument("--graph", action="store_true") options = parser.parse_args() options.load_hdr = True + sb = Sandbox_Win_x86_32(options.filename, options, globals(), parse_reloc=False) @@ -48,7 +50,7 @@ else: logging.basicConfig(level=logging.WARNING) if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) # Ensure there is one and only one leave (for OEP discovering) mdis = sb.machine.dis_engine(sb.jitter.bs) @@ -70,7 +72,7 @@ if options.graph is True: if options.verbose is True: - print sb.jitter.vm + print(sb.jitter.vm) def update_binary(jitter): @@ -114,4 +116,4 @@ sb.pe.NThdr.optentries[pe.DIRECTORY_ENTRY_DELAY_IMPORT].rva = 0 bname, fname = os.path.split(options.filename) fname = os.path.join(bname, fname.replace('.', '_')) -open(fname + '_unupx.bin', 'w').write(str(sb.pe)) +open(fname + '_unupx.bin', 'wb').write(bytes(sb.pe)) diff --git a/example/jitter/x86_32.py b/example/jitter/x86_32.py index 5272f732..2a73a2ad 100644 --- a/example/jitter/x86_32.py +++ b/example/jitter/x86_32.py @@ -20,7 +20,7 @@ def code_sentinelle(jitter): myjit = Machine("x86_32").jitter(args.jitter) myjit.init_stack() -data = open(args.filename).read() +data = open(args.filename, 'rb').read() run_addr = 0x40000000 myjit.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, data) diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index 260d62ab..c1dbd422 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -1,7 +1,11 @@ +from __future__ import print_function +from builtins import range from argparse import ArgumentParser from pdb import pm import json +from future.utils import viewitems + from miasm2.analysis.machine import Machine from miasm2.analysis.binary import Container from miasm2.analysis.depgraph import DependencyGraph @@ -54,7 +58,7 @@ init_ctx = {} if args.rename_args: if arch == "x86_32": # StdCall example - for i in xrange(4): + for i in range(4): e_mem = ExprMem(ExprId("ESP_init", 32) + ExprInt(4 * (i + 1), 32), 32) init_ctx[e_mem] = ExprId("arg%d" % i, 32) @@ -74,8 +78,9 @@ dg = DependencyGraph( # Build information target_addr = int(args.target_addr, 0) -current_block = list(ircfg.getby_offset(target_addr))[0] +current_loc_key = next(iter(ircfg.getby_offset(target_addr))) assignblk_index = 0 +current_block = ircfg.get_block(current_loc_key) for assignblk_index, assignblk in enumerate(current_block): if assignblk.instr.offset == target_addr: break @@ -88,14 +93,14 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i fdesc.write(sol.graph.dot()) results = sol.emul(ir_arch, ctx=init_ctx) - tokens = {str(k): str(v) for k, v in results.iteritems()} + tokens = {str(k): str(v) for k, v in viewitems(results)} if not args.json: - result = ", ".join("=".join(x) for x in tokens.iteritems()) - print "Solution %d: %s -> %s" % (sol_nb, + result = ", ".join("=".join(x) for x in viewitems(tokens)) + print("Solution %d: %s -> %s" % (sol_nb, result, - fname) + fname)) if sol.has_loop: - print '\tLoop involved' + print('\tLoop involved') if args.implicit: sat = sol.is_satisfiable @@ -109,10 +114,12 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i constraints[element] = result if args.json: tokens["satisfiability"] = sat - tokens["constraints"] = {str(k): str(v) - for k, v in constraints.iteritems()} + tokens["constraints"] = { + str(k): str(v) + for k, v in viewitems(constraints) + } else: - print "\tSatisfiability: %s %s" % (sat, constraints) + print("\tSatisfiability: %s %s" % (sat, constraints)) if args.json: tokens["has_loop"] = sol.has_loop @@ -120,4 +127,4 @@ for sol_nb, sol in enumerate(dg.get(current_block.loc_key, elements, assignblk_i if args.json: - print json.dumps(json_solutions) + print(json.dumps(json_solutions)) diff --git a/example/symbol_exec/dse_crackme.py b/example/symbol_exec/dse_crackme.py index 37700d75..33ec3b72 100644 --- a/example/symbol_exec/dse_crackme.py +++ b/example/symbol_exec/dse_crackme.py @@ -4,15 +4,19 @@ This example should run on the compiled ELF x86 64bits version of "dse_crackme.c" """ +from __future__ import print_function #### This part is only related to the run of the sample, without DSE #### +from builtins import range import os import subprocess import platform from collections import namedtuple from pdb import pm from tempfile import NamedTemporaryFile +from future.utils import viewitems +from miasm2.core.utils import int_to_byte from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE from miasm2.analysis.sandbox import Sandbox_Linux_x86_64 from miasm2.expression.expression import * @@ -81,8 +85,11 @@ FS_0_ADDR = 0x7ff70000 sb.jitter.cpu.FS = 0x4 sb.jitter.cpu.set_segm_base(sb.jitter.cpu.FS, FS_0_ADDR) sb.jitter.vm.add_memory_page( - FS_0_ADDR + 0x28, PAGE_READ, "\x42\x42\x42\x42\x42\x42\x42\x42", - "Stack canary FS[0x28]") + FS_0_ADDR + 0x28, + PAGE_READ, + b"\x42\x42\x42\x42\x42\x42\x42\x42", + "Stack canary FS[0x28]" +) # Prepare the execution sb.jitter.init_run(sb.entry_point) @@ -108,7 +115,7 @@ class SymbolicFile(object): def read(self, length): assert self.state == "OPEN" out = [] - for i in xrange(self.position, min(self.position + length, + for i in range(self.position, min(self.position + length, self.max_size)): if i not in self.gen_bytes: ret = ExprId("SF_%08x_%d" % (id(self), i), 8) @@ -220,7 +227,7 @@ def xxx_puts_symb(dse): raise FinishOn(string) -todo = set([""]) # Set of file content to test +todo = set([b""]) # Set of file content to test # Instantiate the DSE engine machine = Machine("x86_64") @@ -262,7 +269,7 @@ found = False while todo: # Prepare a solution to try, based on the clean state file_content = todo.pop() - print "CUR: %r" % file_content + print("CUR: %r" % file_content) open(TEMP_FILE.name, "wb").write(file_content) dse.restore_snapshot(snapshot, keep_known_solutions=True) FILE_to_info.clear() @@ -272,38 +279,38 @@ while todo: try: sb.run() except FinishOn as finish_info: - print finish_info.string - if finish_info.string == "OK": + print(finish_info.string) + if finish_info.string == b"OK": # Stop if the expected result is found found = True break finfo = FILE_to_info_symb[FILE_stream] - for sol_ident, model in dse.new_solutions.iteritems(): + for sol_ident, model in viewitems(dse.new_solutions): # Build the file corresponding to solution in 'model' - out = "" + out = [] fsize = max(model.eval(dse.z3_trans.from_expr(FILE_size)).as_long(), len(finfo.gen_bytes)) - for index in xrange(fsize): + for index in range(fsize): try: byteid = finfo.gen_bytes[index] - out += chr(model.eval(dse.z3_trans.from_expr(byteid)).as_long()) + out.append(int_to_byte(model.eval(dse.z3_trans.from_expr(byteid)).as_long())) except (KeyError, AttributeError) as _: # Default value if there is no constraint on current byte - out += "\x00" + out.append(b"\x00") - todo.add(out) + todo.add(b"".join(out)) # Assert that the result has been found assert found == True -print "FOUND !" +print("FOUND !") TEMP_FILE.close() # Replay for real if not is_win: - print "Trying to launch the binary without Miasm" + print("Trying to launch the binary without Miasm") crackme = subprocess.Popen([options.filename, TEMP_FILE.name], stdout=subprocess.PIPE, stderr=subprocess.PIPE) @@ -311,8 +318,8 @@ if not is_win: assert not stderr os.unlink(TEMP_FILE.name) stdout = stdout.strip() - print stdout - assert stdout == "OK" + print(stdout) + assert stdout == b"OK" else: os.unlink(TEMP_FILE.name) diff --git a/example/symbol_exec/dse_strategies.py b/example/symbol_exec/dse_strategies.py index b38c797a..8e479d61 100644 --- a/example/symbol_exec/dse_strategies.py +++ b/example/symbol_exec/dse_strategies.py @@ -17,8 +17,11 @@ Global overview: - Ask the DSE for new candidates, according to its strategy, ie. finding new block / branch / path """ +from __future__ import print_function from argparse import ArgumentParser +from future.utils import viewitems + from miasm2.analysis.machine import Machine from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE from miasm2.analysis.dse import DSEPathConstraint @@ -42,9 +45,13 @@ strategy = { run_addr = 0x40000 machine = Machine("x86_32") jitter = machine.jitter("python") -with open(args.filename) as fdesc: - jitter.vm.add_memory_page(run_addr, PAGE_READ | PAGE_WRITE, fdesc.read(), - "Binary") +with open(args.filename, "rb") as fdesc: + jitter.vm.add_memory_page( + run_addr, + PAGE_READ | PAGE_WRITE, + fdesc.read(), + "Binary" + ) # Expect a binary with one argument on the stack jitter.init_stack() @@ -94,7 +101,7 @@ while todo: continue done.add(arg_value) - print "Run with ARG = %s" % arg_value + print("Run with ARG = %s" % arg_value) # Restore state, while keeping already found solutions dse.restore_snapshot(snapshot, keep_known_solutions=True) @@ -113,17 +120,21 @@ while todo: # - last edge for branch coverage # - execution path for path coverage - for sol_ident, model in dse.new_solutions.iteritems(): - print "Found a solution to reach: %s" % str(sol_ident) + for sol_ident, model in viewitems(dse.new_solutions): + print("Found a solution to reach: %s" % str(sol_ident)) # Get the argument to use as a Miasm Expr sol_value = model.eval(dse.z3_trans.from_expr(arg)).as_long() sol_expr = ExprInt(sol_value, arg.size) # Display info and update storages - print "\tARG = %s" % sol_expr + print("\tARG = %s" % sol_expr) todo.add(sol_expr) reaches.add(sol_ident) -print "Found %d input, to reach %d element of coverage" % (len(done), - len(reaches)) +print( + "Found %d input, to reach %d element of coverage" % ( + len(done), + len(reaches) + ) +) diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index 3b27a814..bdc65360 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -1,3 +1,4 @@ +from __future__ import print_function # Minimalist Symbol Exec example from miasm2.analysis.binary import Container from miasm2.analysis.machine import Machine @@ -32,9 +33,9 @@ symb = SymbolicExecutionEngine(ira) cur_addr = symb.run_at(ircfg, START_ADDR) # Modified elements -print 'Modified registers:' +print('Modified registers:') symb.dump(mems=False) -print 'Modified memory (should be empty):' +print('Modified memory (should be empty):') symb.dump(ids=False) # Check final status |