Miasm2
 All Classes Namespaces Files Functions Variables Typedefs Properties Macros
disasm_cb.py
Go to the documentation of this file.
1 #!/usr/bin/env python
2 #-*- coding:utf-8 -*-
3 
4 from miasm2.expression.expression import ExprInt, ExprId, ExprMem, MatchExpr
5 from miasm2.expression.simplifications import expr_simp
7  import asm_symbol_pool, asm_constraint_next, asm_constraint_to
8 from miasm2.core.utils import upck32
9 # from miasm2.core.graph import DiGraph
10 
11 
12 def get_ira(mnemo, attrib):
13  arch = mnemo.name, attrib
14  if arch == ("arm", "arm"):
15  from miasm2.arch.arm.ira import ir_a_arm_base as ira
16  elif arch == ("x86", 32):
17  from miasm2.arch.x86.ira import ir_a_x86_32 as ira
18  elif arch == ("x86", 64):
19  from miasm2.arch.x86.ira import ir_a_x86_64 as ira
20  else:
21  raise ValueError('unknown architecture: %s' % mnemo.name)
22  return ira
23 
24 
26  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
27  ira = get_ira(mnemo, attrib)
28 
29  sp = asm_symbol_pool()
30  ir_arch = ira(sp)
31  print '###'
32  print cur_bloc
33  ir_arch.add_bloc(cur_bloc)
34 
35  ir_blocs = ir_arch.blocs.values()
36  # flow_graph = DiGraph()
37  to_add = set()
38  for irb in ir_blocs:
39  # print 'X'*40
40  # print irb
41  pc_val = None
42  lr_val = None
43  for exprs in irb.irs:
44  for e in exprs:
45  if e.dst == ir_arch.pc:
46  pc_val = e.src
47  if e.dst == mnemo.regs.LR:
48  lr_val = e.src
49  if pc_val is None or lr_val is None:
50  continue
51  if not isinstance(lr_val, ExprInt):
52  continue
53 
54  l = cur_bloc.lines[-1]
55  if lr_val.arg != l.offset + l.l:
56  continue
57  # print 'IS CALL!'
58  l = symbol_pool.getby_offset_create(int(lr_val.arg))
59  c = asm_constraint_next(l)
60 
61  to_add.add(c)
62  offsets_to_dis.add(int(lr_val.arg))
63 
64  # if to_add:
65  # print 'R'*70
66  for c in to_add:
67  # print c
68  cur_bloc.addto(c)
69 
70 
72  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
73  ira = get_ira(mnemo, attrib)
74 
75  jra = ExprId('jra')
76  jrb = ExprId('jrb')
77 
78  sp = asm_symbol_pool()
79  ir_arch = ira(sp)
80  ir_arch.add_bloc(cur_bloc)
81 
82  ir_blocs = ir_arch.blocs.values()
83  for irb in ir_blocs:
84  # print 'X'*40
85  # print irb
86  pc_val = None
87  # lr_val = None
88  for exprs in irb.irs:
89  for e in exprs:
90  if e.dst == ir_arch.pc:
91  pc_val = e.src
92  # if e.dst == mnemo.regs.LR:
93  # lr_val = e.src
94  if pc_val is None:
95  continue
96  if not isinstance(pc_val, ExprMem):
97  continue
98  assert(pc_val.size == 32)
99  print pc_val
100  ad = pc_val.arg
101  ad = expr_simp(ad)
102  print ad
103  res = MatchExpr(ad, jra + jrb, set([jra, jrb]))
104  if res is False:
105  raise NotImplementedError('not fully functional')
106  print res
107  if not isinstance(res[jrb], ExprInt):
108  raise NotImplementedError('not fully functional')
109  base_ad = int(res[jrb].arg)
110  print base_ad
111  addrs = set()
112  i = -1
113  max_table_entry = 10000
114  max_diff_addr = 0x100000 # heuristic
115  while i < max_table_entry:
116  i += 1
117  try:
118  ad = upck32(pool_bin.getbytes(base_ad + 4 * i, 4))
119  except:
120  break
121  if abs(ad - base_ad) > max_diff_addr:
122  break
123  addrs.add(ad)
124  print [hex(x) for x in addrs]
125 
126  for ad in addrs:
127  offsets_to_dis.add(ad)
128  l = symbol_pool.getby_offset_create(ad)
129  c = asm_constraint_to(l)
130  cur_bloc.addto(c)
131 
132 guess_funcs = []
133 
134 
135 def guess_multi_cb(
136  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
137  for f in guess_funcs:
138  f(mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool)
tuple upck32
Definition: utils.py:8