diff options
Diffstat (limited to 'miasm2')
| -rw-r--r-- | miasm2/analysis/data_analysis.py | 30 | ||||
| -rw-r--r-- | miasm2/analysis/depgraph.py | 4 | ||||
| -rw-r--r-- | miasm2/ir/ir.py | 14 | ||||
| -rw-r--r-- | miasm2/ir/symbexec.py | 17 |
4 files changed, 25 insertions, 40 deletions
diff --git a/miasm2/analysis/data_analysis.py b/miasm2/analysis/data_analysis.py index 0782c12c..aa1c0d1a 100644 --- a/miasm2/analysis/data_analysis.py +++ b/miasm2/analysis/data_analysis.py @@ -58,36 +58,6 @@ def intra_block_flow_raw(ir_arch, flow_graph, irb, in_nodes, out_nodes): flow_graph.add_uniq_edge(node_n_r, node_n_w) -def intra_block_flow_symbexec(ir_arch, flow_graph, irb, in_nodes, out_nodes): - """ - Create data flow for an irbloc using symbolic execution - """ - current_nodes = {} - - symbols_init = dict(ir_arch.arch.regs.regs_init) - - sb = SymbolicExecutionEngine(ir_arch, dict(symbols_init)) - sb.emulbloc(irb) - - for n_w in sb.symbols: - v = sb.symbols[n_w] - if n_w in symbols_init and symbols_init[n_w] == v: - continue - read_values = v.get_r(cst_read=True) - node_n_w = get_node_name(irb.loc_key, len(irb), n_w) - - for n_r in read_values: - if n_r in current_nodes: - node_n_r = current_nodes[n_r] - else: - node_n_r = get_node_name(irb.loc_key, 0, n_r) - current_nodes[n_r] = node_n_r - in_nodes[n_r] = node_n_r - - out_nodes[n_w] = node_n_w - flow_graph.add_uniq_edge(node_n_r, node_n_w) - - def inter_block_flow_link(ir_arch, flow_graph, irb_in_nodes, irb_out_nodes, todo, link_exec_to_data): lbl, current_nodes, exec_nodes = todo current_nodes = dict(current_nodes) diff --git a/miasm2/analysis/depgraph.py b/miasm2/analysis/depgraph.py index f5a2b043..11476f79 100644 --- a/miasm2/analysis/depgraph.py +++ b/miasm2/analysis/depgraph.py @@ -281,7 +281,7 @@ class DependencyResult(DependencyState): variant. """ # Init - ctx_init = self._ira.arch.regs.regs_init + ctx_init = {} if ctx is not None: ctx_init.update(ctx) assignblks = [] @@ -352,7 +352,7 @@ class DependencyResultImplicit(DependencyResult): def emul(self, ctx=None, step=False): # Init - ctx_init = self._ira.arch.regs.regs_init + ctx_init = {} if ctx is not None: ctx_init.update(ctx) solver = z3.Solver() diff --git a/miasm2/ir/ir.py b/miasm2/ir/ir.py index 8ee35ed5..73c184dd 100644 --- a/miasm2/ir/ir.py +++ b/miasm2/ir/ir.py @@ -539,7 +539,19 @@ class IntermediateRepresentation(object): except (ValueError, TypeError): return None - return self.loc_db.get_or_create_offset_location(addr) + return self.loc_db.get_offset_location(addr) + + + def get_or_create_loc_key(self, addr): + """Transforms an ExprId/ExprInt/loc_key/int into a loc_key + If the offset @addr is not in the LocationDB, create it + @addr: an ExprId/ExprInt/loc_key/int""" + + loc_key = self.get_loc_key(addr) + if loc_key is not None: + return loc_key + + return self.loc_db.add_location(offset=int(addr)) def get_block(self, addr): """Returns the irbloc associated to an ExprId/ExprInt/loc_key/int diff --git a/miasm2/ir/symbexec.py b/miasm2/ir/symbexec.py index 288a46e4..d137e71f 100644 --- a/miasm2/ir/symbexec.py +++ b/miasm2/ir/symbexec.py @@ -17,14 +17,14 @@ log.setLevel(logging.INFO) def get_block(ir_arch, mdis, addr): """Get IRBlock at address @addr""" - lbl = ir_arch.get_loc_key(addr) - if not lbl in ir_arch.blocks: - offset = mdis.loc_db.get_location_offset(lbl) + loc_key = ir_arch.get_or_create_loc_key(addr) + if loc_key not in ir_arch.blocks: + offset = mdis.loc_db.get_location_offset(loc_key) block = mdis.dis_block(offset) ir_arch.add_block(block) - irblock = ir_arch.get_block(lbl) + irblock = ir_arch.get_block(loc_key) if irblock is None: - raise LookupError('No block found at that address: %s' % lbl) + raise LookupError('No block found at that address: %s' % ir_arch.loc_db.pretty_str(loc_key)) return irblock @@ -805,7 +805,7 @@ class SymbolicExecutionEngine(object): StateEngine = SymbolicState - def __init__(self, ir_arch, state, + def __init__(self, ir_arch, state=None, func_read=None, func_write=None, sb_expr_simp=expr_simp): @@ -821,6 +821,9 @@ class SymbolicExecutionEngine(object): ExprCompose: self.eval_exprcompose, } + if state is None: + state = {} + self.symbols = SymbolMngr(addrsize=ir_arch.addrsize, expr_simp=expr_simp) for dst, src in state.iteritems(): @@ -961,7 +964,7 @@ class SymbolicExecutionEngine(object): @mems: track mems only """ if init_state is None: - init_state = self.ir_arch.arch.regs.regs_init + init_state = {} if ids: for variable, value in self.symbols.symbols_id.iteritems(): if variable in init_state and init_state[variable] == value: |