From e6ec952904419c73531ab62443ade23985317daf Mon Sep 17 00:00:00 2001 From: Fabrice Desclaux Date: Mon, 7 Dec 2020 17:28:54 +0100 Subject: Rename ira => LifterModelCall --- example/disasm/dis_binary_ir.py | 4 ++-- example/disasm/dis_binary_ira.py | 4 ++-- example/disasm/full.py | 25 ++++++++++++------------- example/expression/access_c.py | 10 +++++----- example/expression/asm_to_ir.py | 2 +- example/expression/constant_propagation.py | 2 +- example/expression/export_llvm.py | 6 +++--- example/expression/get_read_write.py | 2 +- example/expression/graph_dataflow.py | 2 +- example/expression/solve_condition_stp.py | 26 +++++++++++++------------- example/ida/ctype_propagation.py | 12 ++++++------ example/ida/depgraph.py | 16 ++++++++-------- example/ida/graph_ir.py | 6 +++--- example/ida/symbol_exec.py | 6 +++--- example/symbol_exec/depgraph.py | 2 +- example/symbol_exec/dse_crackme.py | 22 +++++++++++----------- example/symbol_exec/single_instr.py | 10 +++++----- 17 files changed, 78 insertions(+), 79 deletions(-) (limited to 'example') diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py index 3facd74b..6ad69b05 100644 --- a/example/disasm/dis_binary_ir.py +++ b/example/disasm/dis_binary_ir.py @@ -25,8 +25,8 @@ asmcfg = mdis.dis_multiblock(addr) # End common section # ##################################### -# Get an IR converter -ir_arch = machine.ir(mdis.loc_db) +# Get a Lifter +ir_arch = machine.lifter(mdis.loc_db) # Get the IR of the asmcfg ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py index bfed3497..95b3a70b 100644 --- a/example/disasm/dis_binary_ira.py +++ b/example/disasm/dis_binary_ira.py @@ -29,7 +29,7 @@ asmcfg = mdis.dis_multiblock(addr) # Get an IRA converter # The sub call are modelised by default operators # call_func_ret and call_func_stack -ir_arch_analysis = machine.ira(mdis.loc_db) +ir_arch_analysis = machine.lifter_model_call(mdis.loc_db) # Get the IR of the asmcfg ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) @@ -39,4 +39,4 @@ for irblock in viewvalues(ircfg_analysis.blocks): print(irblock) # Output ir control flow graph in a dot file -open('bin_ira_cfg.dot', 'w').write(ircfg_analysis.dot()) +open('bin_lifter_model_call_cfg.dot', 'w').write(ircfg_analysis.dot()) diff --git a/example/disasm/full.py b/example/disasm/full.py index 47eca56d..3408e6d7 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -106,7 +106,6 @@ if not arch: # Instance the arch-dependent machine machine = Machine(arch) mn, dis_engine = machine.mn, machine.dis_engine -ira, ir = machine.ira, machine.ir log.info('ok') mdis = dis_engine(bs, loc_db=cont.loc_db) @@ -215,9 +214,9 @@ if args.propagexpr: args.gen_ir = True -class IRADelModCallStack(ira): +class LifterDelModCallStack(machine.lifter_model_call): def call_effects(self, addr, instr): - assignblks, extra = super(IRADelModCallStack, self).call_effects(addr, instr) + assignblks, extra = super(LifterDelModCallStack, self).call_effects(addr, instr) if not args.calldontmodstack: return assignblks, extra out = [] @@ -232,21 +231,21 @@ class IRADelModCallStack(ira): # Bonus, generate IR graph if args.gen_ir: - log.info("generating IR and IR analysis") + log.info("Lift and Lift with modeled calls") - ir_arch = ir(mdis.loc_db) - ir_arch_a = IRADelModCallStack(mdis.loc_db) + lifter = machine.lifter(mdis.loc_db) + lifter_model_call = LifterDelModCallStack(mdis.loc_db) - ircfg = ir_arch.new_ircfg() - ircfg_a = ir_arch.new_ircfg() + ircfg = lifter.new_ircfg() + ircfg_a = lifter.new_ircfg() head = list(entry_points)[0] for ad, asmcfg in viewitems(all_funcs_blocks): log.info("generating IR... %x" % ad) for block in asmcfg.blocks: - ir_arch.add_asmblock_to_ircfg(block, ircfg) - ir_arch_a.add_asmblock_to_ircfg(block, ircfg_a) + lifter.add_asmblock_to_ircfg(block, ircfg) + lifter_model_call.add_asmblock_to_ircfg(block, ircfg_a) log.info("Print blocks (without analyse)") for label, block in viewitems(ircfg.blocks): @@ -260,7 +259,7 @@ if args.gen_ir: if args.simplify > 0: log.info("Simplify...") - ircfg_simplifier = IRCFGSimplifierCommon(ir_arch_a) + ircfg_simplifier = IRCFGSimplifierCommon(lifter_model_call) ircfg_simplifier.simplify(ircfg_a, head) log.info("ok...") @@ -309,12 +308,12 @@ if args.propagexpr: ssa = self.do_simplify_loop(ssa, head) ircfg = self.ssa_to_unssa(ssa, head) - ircfg_simplifier = IRCFGSimplifierCommon(self.ir_arch) + ircfg_simplifier = IRCFGSimplifierCommon(self.lifter) ircfg_simplifier.deadremoval.add_expr_to_original_expr(ssa.ssa_variable_to_expr) ircfg_simplifier.simplify(ircfg, head) return ircfg head = list(entry_points)[0] - simplifier = CustomIRCFGSimplifierSSA(ir_arch_a) + simplifier = CustomIRCFGSimplifierSSA(lifter_model_call) ircfg = simplifier.simplify(ircfg_a, head) open('final.dot', 'w').write(ircfg.dot()) diff --git a/example/expression/access_c.py b/example/expression/access_c.py index 3cc8e6a2..fd50a917 100644 --- a/example/expression/access_c.py +++ b/example/expression/access_c.py @@ -95,10 +95,10 @@ class MyExprToAccessC(ExprToAccessC): reduction_rules = ExprToAccessC.reduction_rules + [reduce_compose] -def get_funcs_arg0(ctx, ira, ircfg, lbl_head): +def get_funcs_arg0(ctx, lifter_model_call, ircfg, lbl_head): """Compute DependencyGraph on the func @lbl_head""" g_dep = DependencyGraph(ircfg, follow_call=False) - element = ira.arch.regs.RSI + element = lifter_model_call.arch.regs.RSI for loc_key, index in find_call(ircfg): irb = ircfg.get_block(loc_key) @@ -106,7 +106,7 @@ def get_funcs_arg0(ctx, ira, ircfg, lbl_head): print('Analysing references from:', hex(instr.offset), instr) g_list = g_dep.get(irb.loc_key, set([element]), index, set([lbl_head])) for dep in g_list: - emul_result = dep.emul(ira, ctx) + emul_result = dep.emul(lifter_model_call, ctx) value = emul_result[element] yield value @@ -144,14 +144,14 @@ types_mngr = CTypesManagerNotPacked(types_ast, base_types) cont = Container.fallback_container(data, None, addr=0) machine = Machine("x86_64") -dis_engine, ira = machine.dis_engine, machine.ira +dis_engine, lifter_model_call = machine.dis_engine, machine.lifter_model_call mdis = dis_engine(cont.bin_stream, loc_db=loc_db) addr_head = 0 asmcfg = mdis.dis_multiblock(addr_head) lbl_head = loc_db.get_offset_location(addr_head) -ir_arch_a = ira(loc_db) +ir_arch_a = lifter_model_call(loc_db) ircfg = ir_arch_a.new_ircfg_from_asmcfg(asmcfg) open('graph_irflow.dot', 'w').write(ircfg.dot()) diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 8ecc4f24..32d4ae8b 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -7,7 +7,7 @@ from miasm.arch.x86.arch import mn_x86 from miasm.core import parse_asm from miasm.expression.expression import * from miasm.core import asmblock -from miasm.arch.x86.ira import ir_a_x86_32 +from miasm.arch.x86.lifter_model_call import ir_a_x86_32 from miasm.analysis.data_flow import DeadRemoval from miasm.core.locationdb import LocationDB diff --git a/example/expression/constant_propagation.py b/example/expression/constant_propagation.py index a5929eed..0ea8028c 100644 --- a/example/expression/constant_propagation.py +++ b/example/expression/constant_propagation.py @@ -30,7 +30,7 @@ machine = Machine("x86_32") loc_db = LocationDB() cont = Container.from_stream(open(args.filename, 'rb'), loc_db) mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) -ir_arch = machine.ira(mdis.loc_db) +ir_arch = machine.lifter_model_call(mdis.loc_db) addr = int(args.address, 0) deadrm = DeadRemoval(ir_arch) diff --git a/example/expression/export_llvm.py b/example/expression/export_llvm.py index a4c65787..74587ffd 100644 --- a/example/expression/export_llvm.py +++ b/example/expression/export_llvm.py @@ -17,16 +17,16 @@ loc_db = LocationDB() # This part focus on obtaining an IRCFG to transform # cont = Container.from_stream(open(args.target, 'rb'), loc_db) machine = Machine(args.architecture if args.architecture else cont.arch) -ir = machine.ir(loc_db) +lifter = machine.lifter(loc_db) dis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) asmcfg = dis.dis_multiblock(int(args.addr, 0)) -ircfg = ir.new_ircfg_from_asmcfg(asmcfg) +ircfg = lifter.new_ircfg_from_asmcfg(asmcfg) ircfg.simplify(expr_simp_high_to_explicit) ###################################################### # Instantiate a context and the function to fill context = LLVMContext_IRCompilation() -context.ir_arch = ir +context.lifter = lifter func = LLVMFunction_IRCompilation(context, name="test") func.ret_type = llvm_ir.VoidType() diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index cf333d0c..d6bb37c2 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -4,7 +4,7 @@ from future.utils import viewitems from miasm.arch.x86.arch import mn_x86 from miasm.expression.expression import get_rw -from miasm.arch.x86.ira import ir_a_x86_32 +from miasm.arch.x86.lifter_model_call import ir_a_x86_32 from miasm.core.locationdb import LocationDB loc_db = LocationDB() diff --git a/example/expression/graph_dataflow.py b/example/expression/graph_dataflow.py index 4b428df7..661d0037 100644 --- a/example/expression/graph_dataflow.py +++ b/example/expression/graph_dataflow.py @@ -139,7 +139,7 @@ print('ok') print('generating dataflow graph for:') -ir_arch_analysis = machine.ira(loc_db) +ir_arch_analysis = machine.lifter_model_call(loc_db) ircfg = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) deadrm = DeadRemoval(ir_arch_analysis) diff --git a/example/expression/solve_condition_stp.py b/example/expression/solve_condition_stp.py index 3743bfad..634e2337 100644 --- a/example/expression/solve_condition_stp.py +++ b/example/expression/solve_condition_stp.py @@ -30,7 +30,7 @@ if not args: sys.exit(0) -def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): +def emul_symb(lifter, ircfg, mdis, states_todo, states_done): while states_todo: addr, symbols, conds = states_todo.pop() print('*' * 40, "addr", addr, '*' * 40) @@ -38,11 +38,11 @@ def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done): print('Known state, skipping', addr) continue states_done.add((addr, symbols, conds)) - symbexec = SymbolicExecutionEngine(ir_arch) + symbexec = SymbolicExecutionEngine(lifter) symbexec.symbols = symbols.copy() - if ir_arch.pc in symbexec.symbols: - del symbexec.symbols[ir_arch.pc] - irblock = get_block(ir_arch, ircfg, mdis, addr) + if lifter.pc in symbexec.symbols: + del symbexec.symbols[lifter.pc] + irblock = get_block(lifter, ircfg, mdis, addr) print('Run block:') print(irblock) @@ -87,9 +87,9 @@ if __name__ == '__main__': cont = Container.from_stream(open(args[0], 'rb'), loc_db) mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db) - ir_arch = machine.ir(mdis.loc_db) - ircfg = ir_arch.new_ircfg() - symbexec = SymbolicExecutionEngine(ir_arch) + lifter = machine.lifter(mdis.loc_db) + ircfg = lifter.new_ircfg() + symbexec = SymbolicExecutionEngine(lifter) asmcfg = parse_asm.parse_txt( machine.mn, 32, ''' @@ -129,19 +129,19 @@ if __name__ == '__main__': print(block) # add fake address and len to parsed instructions - ir_arch.add_asmblock_to_ircfg(block, ircfg) + lifter.add_asmblock_to_ircfg(block, ircfg) irb = ircfg.blocks[init_lbl] symbexec.eval_updt_irblock(irb) symbexec.dump(ids=False) - # reset ir_arch blocks - ir_arch.blocks = {} + # reset lifter blocks + lifter.blocks = {} states_todo = set() states_done = set() states_todo.add((addr, symbexec.symbols, ())) # emul blocks, propagate states - emul_symb(ir_arch, ircfg, mdis, states_todo, states_done) + emul_symb(lifter, ircfg, mdis, states_todo, states_done) all_info = [] @@ -156,7 +156,7 @@ if __name__ == '__main__': all_cases = set() - symbexec = SymbolicExecutionEngine(ir_arch) + symbexec = SymbolicExecutionEngine(lifter) for addr, reqs_cond in all_info: out = ['(set-logic QF_ABV)', '(set-info :smt-lib-version 2.0)'] diff --git a/example/ida/ctype_propagation.py b/example/ida/ctype_propagation.py index 1f55a975..3de81d0d 100644 --- a/example/ida/ctype_propagation.py +++ b/example/ida/ctype_propagation.py @@ -222,9 +222,9 @@ class CTypeEngineFixer(SymbExecCTypeFix): cst_propag_link) -def get_ira_call_fixer(ira): +def get_lifter_model_call_call_fixer(lifter_model_call): - class iraCallStackFixer(ira): + class lifter_model_callCallStackFixer(lifter_model_call): def call_effects(self, ad, instr): print(hex(instr.offset), instr) @@ -241,7 +241,7 @@ def get_ira_call_fixer(ira): ) return [call_assignblk], [] - return iraCallStackFixer + return lifter_model_callCallStackFixer def analyse_function(): @@ -262,7 +262,7 @@ def analyse_function(): # Init machine = guess_machine(addr=addr) - mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira + mn, dis_engine, lifter_model_call = machine.mn, machine.dis_engine, machine.lifter_model_call bs = bin_stream_ida() loc_db = LocationDB() @@ -272,8 +272,8 @@ def analyse_function(): mdis.dont_dis = [end] - iraCallStackFixer = get_ira_call_fixer(ira) - ir_arch = iraCallStackFixer(loc_db) + lifter_model_callCallStackFixer = get_lifter_model_call_call_fixer(lifter_model_call) + ir_arch = lifter_model_callCallStackFixer(loc_db) asmcfg = mdis.dis_multiblock(addr) # Generate IR diff --git a/example/ida/depgraph.py b/example/ida/depgraph.py index e98d64c5..4a0fb1e9 100644 --- a/example/ida/depgraph.py +++ b/example/ida/depgraph.py @@ -26,9 +26,9 @@ from utils import guess_machine class depGraphSettingsForm(ida_kernwin.Form): - def __init__(self, ira, ircfg, mn): + def __init__(self, lifter_model_call, ircfg, mn): - self.ira = ira + self.lifter_model_call = lifter_model_call self.ircfg = ircfg self.mn = mn self.stk_args = {'ARG%d' % i:i for i in range(10)} @@ -51,7 +51,7 @@ class depGraphSettingsForm(ida_kernwin.Form): assert line_nb is not None cur_loc_key = str(cur_block.loc_key) loc_keys = sorted(map(str, ircfg.blocks)) - regs = sorted(ira.arch.regs.all_regs_ids_byname) + regs = sorted(lifter_model_call.arch.regs.all_regs_ids_byname) regs += list(self.stk_args) reg_default = regs[0] for i in range(10): @@ -130,13 +130,13 @@ Method to use: line = self.ircfg.blocks[self.loc_key][self.line_nb].instr arg_num = self.stk_args[value] stk_high = m2_expr.ExprInt(idc.get_spd(line.offset), ir_arch.sp.size) - stk_off = m2_expr.ExprInt(self.ira.sp.size // 8 * arg_num, ir_arch.sp.size) - element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.ira.sp.size) + stk_off = m2_expr.ExprInt(self.lifter_model_call.sp.size // 8 * arg_num, ir_arch.sp.size) + element = m2_expr.ExprMem(self.mn.regs.regs_init[ir_arch.sp] + stk_high + stk_off, self.lifter_model_call.sp.size) element = expr_simp(element) # Force stack unaliasing self.stk_unalias_force = True elif value: - element = self.ira.arch.regs.all_regs_ids_byname.get(value, None) + element = self.lifter_model_call.arch.regs.all_regs_ids_byname.get(value, None) else: raise ValueError("Unknown element '%s'!" % value) @@ -214,13 +214,13 @@ def launch_depgraph(): # Init machine = guess_machine(addr=func.start_ea) - mn, dis_engine, ira = machine.mn, machine.dis_engine, machine.ira + mn, dis_engine, lifter_model_call = machine.mn, machine.dis_engine, machine.lifter_model_call bs = bin_stream_ida() loc_db = LocationDB() mdis = dis_engine(bs, loc_db=loc_db, dont_dis_nulstart_bloc=True) - ir_arch = ira(loc_db) + ir_arch = lifter_model_call(loc_db) # Populate symbols with ida names for ad, name in idautils.Names(): diff --git a/example/ida/graph_ir.py b/example/ida/graph_ir.py index d10e1ebd..c827bbe2 100644 --- a/example/ida/graph_ir.py +++ b/example/ida/graph_ir.py @@ -180,9 +180,9 @@ def is_addr_ro_variable(bs, addr, size): def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dontmodstack=False, loadint=False, verbose=False): machine = guess_machine(addr=start_addr) - dis_engine, ira = machine.dis_engine, machine.ira + dis_engine, lifter_model_call = machine.dis_engine, machine.lifter_model_call - class IRADelModCallStack(ira): + class IRADelModCallStack(lifter_model_call): def call_effects(self, addr, instr): assignblks, extra = super(IRADelModCallStack, self).call_effects(addr, instr) if use_ida_stack: @@ -281,7 +281,7 @@ def build_graph(start_addr, type_graph, simplify=False, use_ida_stack=True, dont return - class IRAOutRegs(ira): + class IRAOutRegs(lifter_model_call): def get_out_regs(self, block): regs_todo = super(IRAOutRegs, self).get_out_regs(block) out = {} diff --git a/example/ida/symbol_exec.py b/example/ida/symbol_exec.py index b51ef9ee..ef5db082 100644 --- a/example/ida/symbol_exec.py +++ b/example/ida/symbol_exec.py @@ -150,11 +150,11 @@ def symbolic_exec(): mdis.dont_dis = [end] asmcfg = mdis.dis_multiblock(start) - ira = machine.ira(loc_db=loc_db) - ircfg = ira.new_ircfg_from_asmcfg(asmcfg) + lifter_model_call = machine.lifter_model_call(loc_db=loc_db) + ircfg = lifter_model_call.new_ircfg_from_asmcfg(asmcfg) print("Run symbolic execution...") - sb = SymbolicExecutionEngine(ira, machine.mn.regs.regs_init) + sb = SymbolicExecutionEngine(lifter_model_call, machine.mn.regs.regs_init) sb.run_at(ircfg, start) modified = {} diff --git a/example/symbol_exec/depgraph.py b/example/symbol_exec/depgraph.py index 8285452e..62190e6b 100644 --- a/example/symbol_exec/depgraph.py +++ b/example/symbol_exec/depgraph.py @@ -52,7 +52,7 @@ for element in args.element: raise ValueError("Unknown element '%s'" % element) mdis = machine.dis_engine(cont.bin_stream, dont_dis_nulstart_bloc=True, loc_db=loc_db) -ir_arch = machine.ira(loc_db) +ir_arch = machine.lifter_model_call(loc_db) # Common argument forms init_ctx = {} diff --git a/example/symbol_exec/dse_crackme.py b/example/symbol_exec/dse_crackme.py index e014ada2..cdaf5a1a 100644 --- a/example/symbol_exec/dse_crackme.py +++ b/example/symbol_exec/dse_crackme.py @@ -137,7 +137,7 @@ FILE_stream = ExprId("FILE_0", 64) FILE_size = ExprId("FILE_0_size", 64) def xxx_fopen_symb(dse): - regs = dse.ir_arch.arch.regs + regs = dse.lifter.arch.regs fname_addr = dse.eval_expr(regs.RDI) mode = dse.eval_expr(regs.RSI) assert fname_addr.is_int() @@ -151,13 +151,13 @@ def xxx_fopen_symb(dse): dse.update_state({ regs.RSP: dse.eval_expr(regs.RSP + ExprInt(8, regs.RSP.size)), - dse.ir_arch.IRDst: ret_addr, + dse.lifter.IRDst: ret_addr, regs.RIP: ret_addr, regs.RAX: ret_value, }) def xxx_fread_symb(dse): - regs = dse.ir_arch.arch.regs + regs = dse.lifter.arch.regs ptr = dse.eval_expr(regs.RDI) size = dse.eval_expr(regs.RSI) nmemb = dse.eval_expr(regs.RDX) @@ -179,21 +179,21 @@ def xxx_fread_symb(dse): update.update({ regs.RSP: dse.symb.eval_expr(regs.RSP + ExprInt(8, regs.RSP.size)), - dse.ir_arch.IRDst: ret_addr, + dse.lifter.IRDst: ret_addr, regs.RIP: ret_addr, regs.RAX: ret_value, }) dse.update_state(update) def xxx_fclose_symb(dse): - regs = dse.ir_arch.arch.regs + regs = dse.lifter.arch.regs stream = dse.eval_expr(regs.RDI) FILE_to_info_symb[stream].close() ret_addr = ExprInt(dse.jitter.get_stack_arg(0), regs.RIP.size) dse.update_state({ regs.RSP: dse.symb.eval_expr(regs.RSP + ExprInt(8, regs.RSP.size)), - dse.ir_arch.IRDst: ret_addr, + dse.lifter.IRDst: ret_addr, regs.RIP: ret_addr, regs.RAX: ExprInt(0, regs.RAX.size), }) @@ -203,7 +203,7 @@ def xxx_fclose_symb(dse): def xxx___libc_start_main_symb(dse): # ['RDI', 'RSI', 'RDX', 'RCX', 'R8', 'R9'] # main, argc, argv, ... - regs = dse.ir_arch.arch.regs + regs = dse.lifter.arch.regs top_stack = dse.eval_expr(regs.RSP) main_addr = dse.eval_expr(regs.RDI) argc = dse.eval_expr(regs.RSI) @@ -214,8 +214,8 @@ def xxx___libc_start_main_symb(dse): ExprMem(top_stack, 64): hlt_addr, regs.RDI: argc, regs.RSI: argv, - dse.ir_arch.IRDst: main_addr, - dse.ir_arch.pc: main_addr, + dse.lifter.IRDst: main_addr, + dse.lifter.pc: main_addr, }) # Stop the execution on puts and get back the corresponding string @@ -248,9 +248,9 @@ dse.attach(sb.jitter) # Update the jitter state: df is read, but never set # Approaches: specific or generic # - Specific: -# df_value = ExprInt(sb.jitter.cpu.df, dse.ir_arch.arch.regs.df.size) +# df_value = ExprInt(sb.jitter.cpu.df, dse.lifter.arch.regs.df.size) # dse.update_state({ -# dse.ir_arch.arch.regs.df: df_value +# dse.lifter.arch.regs.df: df_value # }) # - Generic: dse.update_state_from_concrete() diff --git a/example/symbol_exec/single_instr.py b/example/symbol_exec/single_instr.py index 789252df..0aabbf8b 100644 --- a/example/symbol_exec/single_instr.py +++ b/example/symbol_exec/single_instr.py @@ -21,12 +21,12 @@ mdis.lines_wd = 1 asm_block = mdis.dis_block(START_ADDR) # Translate ASM -> IR -ira = machine.ira(mdis.loc_db) -ircfg = ira.new_ircfg() -ira.add_asmblock_to_ircfg(asm_block, ircfg) +lifter_model_call = machine.lifter_model_call(mdis.loc_db) +ircfg = lifter_model_call.new_ircfg() +lifter_model_call.add_asmblock_to_ircfg(asm_block, ircfg) # Instantiate a Symbolic Execution engine with default value for registers -symb = SymbolicExecutionEngine(ira) +symb = SymbolicExecutionEngine(lifter_model_call) # Emulate one IR basic block ## Emulation of several basic blocks can be done through .emul_ir_blocks @@ -39,6 +39,6 @@ print('Modified memory (should be empty):') symb.dump(ids=False) # Check final status -eax, ebx = ira.arch.regs.EAX, ira.arch.regs.EBX +eax, ebx = lifter_model_call.arch.regs.EAX, lifter_model_call.arch.regs.EBX assert symb.symbols[eax] == ebx assert eax in symb.symbols -- cgit 1.4.1 From 91b16391658eadd16e88c6bc20c06184e5353734 Mon Sep 17 00:00:00 2001 From: Fabrice Desclaux Date: Mon, 7 Dec 2020 17:57:21 +0100 Subject: Change example names --- example/disasm/dis_binary_ir.py | 39 -------------------------- example/disasm/dis_binary_ira.py | 42 ---------------------------- example/disasm/dis_binary_lift.py | 39 ++++++++++++++++++++++++++ example/disasm/dis_binary_lift_model_call.py | 42 ++++++++++++++++++++++++++++ test/test_all.py | 4 +-- 5 files changed, 83 insertions(+), 83 deletions(-) delete mode 100644 example/disasm/dis_binary_ir.py delete mode 100644 example/disasm/dis_binary_ira.py create mode 100644 example/disasm/dis_binary_lift.py create mode 100644 example/disasm/dis_binary_lift_model_call.py (limited to 'example') diff --git a/example/disasm/dis_binary_ir.py b/example/disasm/dis_binary_ir.py deleted file mode 100644 index 6ad69b05..00000000 --- a/example/disasm/dis_binary_ir.py +++ /dev/null @@ -1,39 +0,0 @@ -from __future__ import print_function -import sys -from future.utils import viewvalues -from miasm.analysis.binary import Container -from miasm.analysis.machine import Machine -from miasm.core.locationdb import LocationDB - -##################################### -# Common section from dis_binary.py # -##################################### - -fdesc = open(sys.argv[1], 'rb') -loc_db = LocationDB() - -cont = Container.from_stream(fdesc, loc_db) - -machine = Machine(cont.arch) - -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) - -addr = cont.entry_point -asmcfg = mdis.dis_multiblock(addr) - -##################################### -# End common section # -##################################### - -# Get a Lifter -ir_arch = machine.lifter(mdis.loc_db) - -# Get the IR of the asmcfg -ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) - -# Display each IR basic blocks -for irblock in viewvalues(ircfg.blocks): - print(irblock) - -# Output ir control flow graph in a dot file -open('bin_ir_cfg.dot', 'w').write(ircfg.dot()) diff --git a/example/disasm/dis_binary_ira.py b/example/disasm/dis_binary_ira.py deleted file mode 100644 index 95b3a70b..00000000 --- a/example/disasm/dis_binary_ira.py +++ /dev/null @@ -1,42 +0,0 @@ -from __future__ import print_function -import sys - -from future.utils import viewvalues -from miasm.analysis.binary import Container -from miasm.analysis.machine import Machine -from miasm.core.locationdb import LocationDB - -##################################### -# Common section from dis_binary.py # -##################################### - -fdesc = open(sys.argv[1], 'rb') -loc_db = LocationDB() - -cont = Container.from_stream(fdesc, loc_db) - -machine = Machine(cont.arch) - -mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) - -addr = cont.entry_point -asmcfg = mdis.dis_multiblock(addr) - -##################################### -# End common section # -##################################### - -# Get an IRA converter -# The sub call are modelised by default operators -# call_func_ret and call_func_stack -ir_arch_analysis = machine.lifter_model_call(mdis.loc_db) - -# Get the IR of the asmcfg -ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) - -# Display each IR basic blocks -for irblock in viewvalues(ircfg_analysis.blocks): - print(irblock) - -# Output ir control flow graph in a dot file -open('bin_lifter_model_call_cfg.dot', 'w').write(ircfg_analysis.dot()) diff --git a/example/disasm/dis_binary_lift.py b/example/disasm/dis_binary_lift.py new file mode 100644 index 00000000..6ad69b05 --- /dev/null +++ b/example/disasm/dis_binary_lift.py @@ -0,0 +1,39 @@ +from __future__ import print_function +import sys +from future.utils import viewvalues +from miasm.analysis.binary import Container +from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB + +##################################### +# Common section from dis_binary.py # +##################################### + +fdesc = open(sys.argv[1], 'rb') +loc_db = LocationDB() + +cont = Container.from_stream(fdesc, loc_db) + +machine = Machine(cont.arch) + +mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) + +addr = cont.entry_point +asmcfg = mdis.dis_multiblock(addr) + +##################################### +# End common section # +##################################### + +# Get a Lifter +ir_arch = machine.lifter(mdis.loc_db) + +# Get the IR of the asmcfg +ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) + +# Display each IR basic blocks +for irblock in viewvalues(ircfg.blocks): + print(irblock) + +# Output ir control flow graph in a dot file +open('bin_ir_cfg.dot', 'w').write(ircfg.dot()) diff --git a/example/disasm/dis_binary_lift_model_call.py b/example/disasm/dis_binary_lift_model_call.py new file mode 100644 index 00000000..95b3a70b --- /dev/null +++ b/example/disasm/dis_binary_lift_model_call.py @@ -0,0 +1,42 @@ +from __future__ import print_function +import sys + +from future.utils import viewvalues +from miasm.analysis.binary import Container +from miasm.analysis.machine import Machine +from miasm.core.locationdb import LocationDB + +##################################### +# Common section from dis_binary.py # +##################################### + +fdesc = open(sys.argv[1], 'rb') +loc_db = LocationDB() + +cont = Container.from_stream(fdesc, loc_db) + +machine = Machine(cont.arch) + +mdis = machine.dis_engine(cont.bin_stream, loc_db=cont.loc_db) + +addr = cont.entry_point +asmcfg = mdis.dis_multiblock(addr) + +##################################### +# End common section # +##################################### + +# Get an IRA converter +# The sub call are modelised by default operators +# call_func_ret and call_func_stack +ir_arch_analysis = machine.lifter_model_call(mdis.loc_db) + +# Get the IR of the asmcfg +ircfg_analysis = ir_arch_analysis.new_ircfg_from_asmcfg(asmcfg) + +# Display each IR basic blocks +for irblock in viewvalues(ircfg_analysis.blocks): + print(irblock) + +# Output ir control flow graph in a dot file +open('bin_lifter_model_call_cfg.dot', 'w').write(ircfg_analysis.dot()) diff --git a/test/test_all.py b/test/test_all.py index a8e55b2f..f0ac755e 100755 --- a/test/test_all.py +++ b/test/test_all.py @@ -600,9 +600,9 @@ for script, prods, depends in [ (["dis_x86_string.py"], ["str_cfg.dot"], []), (["dis_binary.py", Example.get_sample("test_x86_32_dis.bin"), ], ["bin_cfg.dot"], [test_x86_32_dis]), - (["dis_binary_ir.py", Example.get_sample("test_x86_32_dis.bin"), + (["dis_binary_lift.py", Example.get_sample("test_x86_32_dis.bin"), ], ["bin_ir_cfg.dot"], [test_x86_32_dis]), - (["dis_binary_lifter_model_call.py", Example.get_sample("test_x86_32_dis.bin"), + (["dis_binary_lift_model_call.py", Example.get_sample("test_x86_32_dis.bin"), ], ["bin_lifter_model_call_cfg.dot"], [test_x86_32_dis]), (["full.py", Example.get_sample("box_upx.exe")], ["graph_execflow.dot", "lines.dot"], []), -- cgit 1.4.1 From 52f22525a577028b0716957bf506e69858472831 Mon Sep 17 00:00:00 2001 From: Fabrice Desclaux Date: Mon, 7 Dec 2020 18:01:44 +0100 Subject: Rename LifterModelCallX86 --- doc/ir/lift.ipynb | 6 +++--- example/expression/asm_to_ir.py | 4 ++-- example/expression/get_read_write.py | 4 ++-- miasm/analysis/disasm_cb.py | 4 ++-- miasm/analysis/machine.py | 12 ++++++------ miasm/arch/x86/lifter_model_call.py | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) (limited to 'example') diff --git a/doc/ir/lift.ipynb b/doc/ir/lift.ipynb index 08d4dde6..933ed3b4 100644 --- a/doc/ir/lift.ipynb +++ b/doc/ir/lift.ipynb @@ -33,7 +33,7 @@ "from miasm.analysis.machine import Machine\n", "from miasm.arch.x86.arch import mn_x86\n", "from miasm.core import parse_asm, asmblock\n", - "from miasm.arch.x86.ira import ir_a_x86_32\n", + "from miasm.arch.x86.ira import LifterModelCall_x86_32\n", "from miasm.core.locationdb import LocationDB\n", "from miasm.loader.strpatchwork import StrPatchwork\n", "from miasm.analysis.binary import Container\n", @@ -87,7 +87,7 @@ " machine = Machine(\"x86_32\")\n", " # Get a lifter\n", " if ira and ira_custom is None:\n", - " ir_arch = ir_a_x86_32(asmcfg.loc_db)\n", + " ir_arch = LifterModelCall_x86_32(asmcfg.loc_db)\n", " elif ira_custom is not None:\n", " ir_arch = ira_custom(asmcfg.loc_db)\n", " else:\n", @@ -1802,7 +1802,7 @@ ], "source": [ "# Construct a custom ira lifter\n", - "class IRAFixCallStack(ir_a_x86_32):\n", + "class IRAFixCallStack(LifterModelCall_x86_32):\n", " def call_effects(self, addr, instr):\n", " if addr.is_loc():\n", " if self.loc_db.get_location_offset(addr.loc_key) == 0x11223344:\n", diff --git a/example/expression/asm_to_ir.py b/example/expression/asm_to_ir.py index 32d4ae8b..9be7d1b3 100644 --- a/example/expression/asm_to_ir.py +++ b/example/expression/asm_to_ir.py @@ -7,7 +7,7 @@ from miasm.arch.x86.arch import mn_x86 from miasm.core import parse_asm from miasm.expression.expression import * from miasm.core import asmblock -from miasm.arch.x86.lifter_model_call import ir_a_x86_32 +from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_32 from miasm.analysis.data_flow import DeadRemoval from miasm.core.locationdb import LocationDB @@ -43,7 +43,7 @@ print(loc_db) patches = asmblock.asm_resolve_final(mn_x86, asmcfg) # Translate to IR -ir_arch = ir_a_x86_32(loc_db) +ir_arch = LifterModelCall_x86_32(loc_db) ircfg = ir_arch.new_ircfg_from_asmcfg(asmcfg) deadrm = DeadRemoval(ir_arch) diff --git a/example/expression/get_read_write.py b/example/expression/get_read_write.py index d6bb37c2..752c4272 100644 --- a/example/expression/get_read_write.py +++ b/example/expression/get_read_write.py @@ -4,7 +4,7 @@ from future.utils import viewitems from miasm.arch.x86.arch import mn_x86 from miasm.expression.expression import get_rw -from miasm.arch.x86.lifter_model_call import ir_a_x86_32 +from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_32 from miasm.core.locationdb import LocationDB loc_db = LocationDB() @@ -16,7 +16,7 @@ Get read/written registers for a given instruction """) arch = mn_x86 -ir_arch = ir_a_x86_32(loc_db) +ir_arch = LifterModelCall_x86_32(loc_db) ircfg = ir_arch.new_ircfg() instr = arch.fromstring('LODSB', loc_db, 32) instr.offset, instr.l = 0, 15 diff --git a/miasm/analysis/disasm_cb.py b/miasm/analysis/disasm_cb.py index 76fa738b..f9274072 100644 --- a/miasm/analysis/disasm_cb.py +++ b/miasm/analysis/disasm_cb.py @@ -16,9 +16,9 @@ def get_lifter_model_call(arch, attrib): if arch == ("arm", "arm"): from miasm.arch.arm.lifter_model_call import ir_a_arm_base as lifter_model_call elif arch == ("x86", 32): - from miasm.arch.x86.lifter_model_call import ir_a_x86_32 as lifter_model_call + from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_32 as lifter_model_call elif arch == ("x86", 64): - from miasm.arch.x86.lifter_model_call import ir_a_x86_64 as lifter_model_call + from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_64 as lifter_model_call else: raise ValueError('unknown architecture: %s' % arch.name) return lifter_model_call diff --git a/miasm/analysis/machine.py b/miasm/analysis/machine.py index 5038d63b..6591ff54 100644 --- a/miasm/analysis/machine.py +++ b/miasm/analysis/machine.py @@ -102,8 +102,8 @@ class Machine(object): except ImportError: pass mn = arch.mn_x86 - from miasm.arch.x86.lifter_model_call import ir_a_x86_16 as lifter_model_call - from miasm.arch.x86.sem import Lifter_X86_16 as ir + from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_16 as lifter_model_call + from miasm.arch.x86.sem import Lifter_X86_16 as lifter elif machine_name == "x86_32": from miasm.arch.x86.disasm import dis_x86_32 as dis_engine from miasm.arch.x86 import arch @@ -113,8 +113,8 @@ class Machine(object): except ImportError: pass mn = arch.mn_x86 - from miasm.arch.x86.lifter_model_call import ir_a_x86_32 as lifter_model_call - from miasm.arch.x86.sem import Lifter_X86_32 as ir + from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_32 as lifter_model_call + from miasm.arch.x86.sem import Lifter_X86_32 as lifter try: from miasm.analysis.gdbserver import GdbServer_x86_32 as gdbserver except ImportError: @@ -128,8 +128,8 @@ class Machine(object): except ImportError: pass mn = arch.mn_x86 - from miasm.arch.x86.lifter_model_call import ir_a_x86_64 as lifter_model_call - from miasm.arch.x86.sem import Lifter_X86_64 as ir + from miasm.arch.x86.lifter_model_call import LifterModelCall_x86_64 as lifter_model_call + from miasm.arch.x86.sem import Lifter_X86_64 as lifter elif machine_name == "msp430": from miasm.arch.msp430.disasm import dis_msp430 as dis_engine from miasm.arch.msp430 import arch diff --git a/miasm/arch/x86/lifter_model_call.py b/miasm/arch/x86/lifter_model_call.py index ebcc9e2f..e75f8c69 100644 --- a/miasm/arch/x86/lifter_model_call.py +++ b/miasm/arch/x86/lifter_model_call.py @@ -6,7 +6,7 @@ from miasm.ir.analysis import LifterModelCall from miasm.arch.x86.sem import Lifter_X86_16, Lifter_X86_32, Lifter_X86_64 -class ir_a_x86_16(Lifter_X86_16, LifterModelCall): +class LifterModelCall_x86_16(Lifter_X86_16, LifterModelCall): def __init__(self, loc_db): Lifter_X86_16.__init__(self, loc_db) @@ -15,7 +15,7 @@ class ir_a_x86_16(Lifter_X86_16, LifterModelCall): def get_out_regs(self, _): return set([self.ret_reg, self.sp]) -class ir_a_x86_32(Lifter_X86_32, ir_a_x86_16): +class LifterModelCall_x86_32(Lifter_X86_32, LifterModelCall_x86_16): def __init__(self, loc_db): Lifter_X86_32.__init__(self, loc_db) @@ -37,7 +37,7 @@ class ir_a_x86_32(Lifter_X86_32, ir_a_x86_16): return 32 -class ir_a_x86_64(Lifter_X86_64, ir_a_x86_16): +class LifterModelCall_x86_64(Lifter_X86_64, LifterModelCall_x86_16): def __init__(self, loc_db): Lifter_X86_64.__init__(self, loc_db) -- cgit 1.4.1