diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/expression/graph_dataflow.py | 32 | ||||
| -rw-r--r-- | example/expression/solve_condition_stp.py | 8 | ||||
| -rw-r--r-- | example/ida/ctype_propagation.py | 8 | ||||
| -rw-r--r-- | example/ida/symbol_exec.py | 14 | ||||
| -rw-r--r-- | example/symbol_exec/single_instr.py | 15 |
5 files changed, 23 insertions, 54 deletions
diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 120cd73a..26fdd2ec 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -28,40 +28,19 @@ def get_node_name(label, i, n): return n_name -def get_modified_symbols(sb): - # Get modified IDS - ids = sb.symbols.symbols_id.keys() - ids.sort() - out = {} - regs_init = sb.ir_arch.arch.regs.regs_init - for i in ids: - if i in regs_init and \ - i in sb.symbols.symbols_id and \ - sb.symbols.symbols_id[i] == regs_init[i]: - continue - out[i] = sb.symbols.symbols_id[i] - - # Get mem IDS - mems = sb.symbols.symbols_mem.values() - for m, v in mems: - print m, v - out[m] = v - pprint([(str(x[0]), str(x[1])) for x in out.items()]) - return out - - def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): symbols_init = ir_arch.arch.regs.regs_init.copy() sb = SymbolicExecutionEngine(ir_arch, symbols_init) - sb.emulbloc(irblock) + sb.eval_updt_irblock(irblock) print '*' * 40 print irblock - out = get_modified_symbols(sb) + out = sb.modified(mems=False) current_nodes = {} # Gen mem arg to mem node links - for dst, src in out.items(): + for dst, src in out: + src = sb.eval_expr(dst) for n in [dst, src]: all_mems = set() @@ -82,7 +61,8 @@ def intra_block_flow_symb(ir_arch, flow_graph, irblock, in_nodes, out_nodes): flow_graph.add_uniq_edge(node_n_r, node_n_w) # Gen data flow links - for dst, src in out.items(): + for dst in out: + src = sb.eval_expr(dst) nodes_r = src.get_r(mem_read=False, cst_read=True) nodes_w = set([dst]) for n_r in nodes_r: diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 24d2dd50..44b73043 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -45,9 +45,9 @@ def emul_symb(ir_arch, mdis, states_todo, states_done): print 'Run block:' print irblock - addr = symbexec.emulbloc(irblock) + addr = symbexec.eval_updt_irblock(irblock) print 'Final state:' - symbexec.dump_id() + symbexec.dump(mems=False) assert addr is not None @@ -136,8 +136,8 @@ if __name__ == '__main__': line.offset, line.l = i, 1 ir_arch.add_block(b) irb = get_block(ir_arch, mdis, 0) - symbexec.emulbloc(irb) - symbexec.dump_mem() + symbexec.eval_updt_irblock(irb) + symbexec.dump(ids=False) # reset ir_arch blocks ir_arch.blocks = {} diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 54b23516..b2c7d5ab 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -106,7 +106,7 @@ class SymbExecCTypeFix(SymbExecCType): self.cst_propag_link = cst_propag_link - def emulbloc(self, irb, step=False): + def eval_updt_irblock(self, irb, step=False): """ Symbolic execution of the @irb on the current state @irb: irblock instance @@ -142,7 +142,7 @@ class SymbExecCTypeFix(SymbExecCType): offset2cmt.setdefault(instr.offset, set()).add( "\n%s: %s\n%s" % (expr, c_str, c_type)) - self.eval_ir(assignblk) + self.eval_updt_assignblk(assignblk) for offset, value in offset2cmt.iteritems(): idc.MakeComm(offset, '\n'.join(value)) print "%x\n" % offset, '\n'.join(value) @@ -260,7 +260,7 @@ def analyse_function(): continue symbexec_engine = TypePropagationEngine(ir_arch, types_mngr, state) - addr = symbexec_engine.emul_ir_block(lbl) + addr = symbexec_engine.run_block_at(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) ir_arch._graph = None @@ -273,7 +273,7 @@ def analyse_function(): if lbl not in ir_arch.blocks: continue symbexec_engine = CTypeEngineFixer(ir_arch, types_mngr, state, cst_propag_link) - addr = symbexec_engine.emul_ir_block(lbl) + addr = symbexec_engine.run_block_at(lbl) symbexec_engine.del_mem_above_stack(ir_arch.sp) diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index b65b97a1..f019f77d 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -133,19 +133,11 @@ def symbolic_exec(): print "Run symbolic execution..." sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) - sb.emul_ir_blocks(start) - + sb.run_at(start) modified = {} - for ident in sb.symbols.symbols_id: - if ident in sb.ir_arch.arch.regs.regs_init and \ - ident in sb.symbols.symbols_id and \ - sb.symbols.symbols_id[ident] == sb.ir_arch.arch.regs.regs_init[ident]: - continue - modified[ident] = sb.symbols.symbols_id[ident] - - for ident in sb.symbols.symbols_mem: - modified[sb.symbols.symbols_mem[ident][0]] = sb.symbols.symbols_mem[ident][1] + for dst, src in sb.modified(init_state=machine.mn.regs.regs_init): + modified[dst] = src view = symbolicexec_t() all_views.append(view) diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index d65702ba..e5637ad8 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -22,22 +22,19 @@ ira = machine.ira(mdis.symbol_pool) ira.add_block(asm_block) # Instanciate a Symbolic Execution engine with default value for registers -## EAX = EAX_init, ... -symbols_init = ira.arch.regs.regs_init -symb = SymbolicExecutionEngine(ira, symbols_init) +symb = SymbolicExecutionEngine(ira, {}) # Emulate one IR basic block ## Emulation of several basic blocks can be done through .emul_ir_blocks -cur_addr = symb.emul_ir_block(START_ADDR) +cur_addr = symb.run_at(START_ADDR) # Modified elements print 'Modified registers:' -symb.dump_id() +symb.dump(mems=False) print 'Modified memory (should be empty):' -symb.dump_mem() +symb.dump(ids=False) # Check final status eax, ebx = ira.arch.regs.EAX, ira.arch.regs.EBX -final_state = symb.as_assignblock() -assert final_state[eax] == symbols_init[ebx] -assert eax in final_state +assert symb.symbols[eax] == ebx +assert eax in symb.symbols |