Miasm2: miasm2.analysis.data_analysis Namespace Reference

Classes
class	symb_exec_func

Functions
def	get_node_name

def	intra_bloc_flow_raw

def	intra_bloc_flow_symbexec

def	inter_bloc_flow_link

def	create_implicit_flow

def	inter_bloc_flow

Function Documentation

def miasm2.analysis.data_analysis.create_implicit_flow	(	ir_arch,
		flow_graph
	)

Definition at line 161 of file data_analysis.py.

 
 def create_implicit_flow(ir_arch, flow_graph):
 
     # first fix IN/OUT
     # If a son read a node which in not in OUT, add it
     todo = set(ir_arch.blocs.keys())
     while todo:
         lbl = todo.pop()
         irb = ir_arch.blocs[lbl]
         for lbl_son in ir_arch.g.successors(irb.label):
             if not lbl_son in ir_arch.blocs:
                 print "cannot find bloc!!", lbl
                 continue
             irb_son = ir_arch.blocs[lbl_son]
             for n_r in irb_son.in_nodes:
                 if n_r in irb.out_nodes:
                     continue
                 if not isinstance(n_r, ExprId):
                     continue
 
                 # print "###", n_r
                 # print "###", irb
                 # print "###", 'OUT', [str(x) for x in irb.out_nodes]
                 # print "###", irb_son
                 # print "###", 'IN', [str(x) for x in irb_son.in_nodes]
 
                 node_n_w = irb.label, len(irb.lines), n_r
                 irb.out_nodes[n_r] = node_n_w
                 if not n_r in irb.in_nodes:
                     irb.in_nodes[n_r] = irb.label, 0, n_r
                 node_n_r = irb.in_nodes[n_r]
                 # print "###", node_n_r
                 for lbl_p in ir_arch.g.predecessors(irb.label):
                     todo.add(lbl_p)
 
                 flow_graph.add_uniq_edge(node_n_r, node_n_w)
 

miasm2.analysis.data_analysis.create_implicit_flow

def create_implicit_flow

Definition: data_analysis.py:161

def miasm2.analysis.data_analysis.get_node_name	(	label,
		i,
		n
	)

Definition at line 6 of file data_analysis.py.

 
 def get_node_name(label, i, n):
     # n_name = "%s_%d_%s"%(label.name, i, n)
     n_name = (label, i, n)
     return n_name
 

miasm2.analysis.data_analysis.get_node_name

def get_node_name

Definition: data_analysis.py:6

Here is the caller graph for this function:

def miasm2.analysis.data_analysis.inter_bloc_flow	(	ir_arch,
		flow_graph,
		irb_0,
		link_exec_to_data = `True`
	)

Definition at line 198 of file data_analysis.py.

 
 def inter_bloc_flow(ir_arch, flow_graph, irb_0, link_exec_to_data=True):
 
     todo = set()
     done = set()
     todo.add((irb_0, (), ()))
 
     while todo:
         state = todo.pop()
         if state in done:
             continue
         done.add(state)
         out = inter_bloc_flow_link(ir_arch, flow_graph, state, link_exec_to_data)
         todo.update(out)
 

miasm2.analysis.data_analysis.inter_bloc_flow

def inter_bloc_flow

Definition: data_analysis.py:198

miasm2.analysis.data_analysis.inter_bloc_flow_link

def inter_bloc_flow_link

Definition: data_analysis.py:114

Here is the call graph for this function:

def miasm2.analysis.data_analysis.inter_bloc_flow_link	(	ir_arch,
		flow_graph,
		todo,
		link_exec_to_data
	)

Definition at line 114 of file data_analysis.py.

 
 def inter_bloc_flow_link(ir_arch, flow_graph, todo, link_exec_to_data):
     lbl, current_nodes, exec_nodes = todo
     # print 'TODO'
     # print lbl
     # print [(str(x[0]), str(x[1])) for x in current_nodes]
     current_nodes = dict(current_nodes)
 
     # link current nodes to bloc in_nodes
     if not lbl in ir_arch.blocs:
         print "cannot find bloc!!", lbl
         return set()
     irb = ir_arch.blocs[lbl]
     # pp(('IN', lbl, [(str(x[0]), str(x[1])) for x in current_nodes.items()]))
     to_del = set()
     for n_r, node_n_r in irb.in_nodes.items():
         if not n_r in current_nodes:
             continue
         # print 'add link', current_nodes[n_r], node_n_r
         flow_graph.add_uniq_edge(current_nodes[n_r], node_n_r)
         to_del.add(n_r)
 
     # if link exec to data, all nodes depends on exec nodes
     if link_exec_to_data:
         for n_x_r in exec_nodes:
             for n_r, node_n_r in irb.in_nodes.items():
                 if not n_x_r in current_nodes:
                     continue
                 if isinstance(n_r, ExprInt):
                     continue
                 flow_graph.add_uniq_edge(current_nodes[n_x_r], node_n_r)
 
     # update current nodes using bloc out_nodes
     for n_w, node_n_w in irb.out_nodes.items():
         current_nodes[n_w] = node_n_w
 
     # get nodes involved in exec flow
     x_nodes = tuple(sorted(list(irb.dst.get_r())))
 
     todo = set()
     for lbl_dst in ir_arch.g.successors(irb.label):
         todo.add((lbl_dst, tuple(current_nodes.items()), x_nodes))
 
     # pp(('OUT', lbl, [(str(x[0]), str(x[1])) for x in current_nodes.items()]))
 
     return todo
 

miasm2.analysis.data_analysis.inter_bloc_flow_link

def inter_bloc_flow_link

Definition: data_analysis.py:114

Here is the caller graph for this function:

def miasm2.analysis.data_analysis.intra_bloc_flow_raw	(	ir_arch,
		flow_graph,
		irb
	)

Create data flow for an irbloc using raw IR expressions

Definition at line 12 of file data_analysis.py.

 
 def intra_bloc_flow_raw(ir_arch, flow_graph, irb):
     """
     Create data flow for an irbloc using raw IR expressions
     """
     in_nodes = {}
     out_nodes = {}
     current_nodes = {}
     for i, exprs in enumerate(irb.irs):
         list_rw = get_list_rw(exprs)
         current_nodes.update(out_nodes)
 
         # gen mem arg to mem node links
         all_mems = set()
         for nodes_r, nodes_w in list_rw:
             for n in nodes_r.union(nodes_w):
                 all_mems.update(get_expr_mem(n))
             if not all_mems:
                 continue
 
             # print [str(x) for x in all_mems]
             for n in all_mems:
                 node_n_w = get_node_name(irb.label, i, n)
                 if not n in nodes_r:
                     continue
                 o_r = n.arg.get_r(mem_read=False, cst_read=True)
                 for n_r in o_r:
                     if n_r in current_nodes:
                         node_n_r = current_nodes[n_r]
                     else:
                         node_n_r = get_node_name(irb.label, i, n_r)
                         current_nodes[n_r] = node_n_r
                         in_nodes[n_r] = node_n_r
                     flow_graph.add_uniq_edge(node_n_r, node_n_w)
 
         # gen data flow links
         for nodes_r, nodes_w in list_rw:
             for n_r in nodes_r:
                 if n_r in current_nodes:
                     node_n_r = current_nodes[n_r]
                 else:
                     node_n_r = get_node_name(irb.label, i, n_r)
                     current_nodes[n_r] = node_n_r
                     in_nodes[n_r] = node_n_r
 
                 flow_graph.add_node(node_n_r)
                 for n_w in nodes_w:
                     node_n_w = get_node_name(irb.label, i + 1, n_w)
                     out_nodes[n_w] = node_n_w
                     # current_nodes[n_w] = node_n_w
 
                     flow_graph.add_node(node_n_w)
                     flow_graph.add_uniq_edge(node_n_r, node_n_w)
     irb.in_nodes = in_nodes
     irb.out_nodes = out_nodes
 

miasm2.analysis.data_analysis.get_node_name

def get_node_name

Definition: data_analysis.py:6

miasm2.expression.expression.get_expr_mem

def get_expr_mem

Definition: expression.py:1364

miasm2.expression.expression.get_list_rw

def get_list_rw

Definition: expression.py:1325

miasm2.analysis.data_analysis.intra_bloc_flow_raw

def intra_bloc_flow_raw

Definition: data_analysis.py:12

Here is the call graph for this function:

def miasm2.analysis.data_analysis.intra_bloc_flow_symbexec	(	ir_arch,
		flow_graph,
		irb
	)

Create data flow for an irbloc using symbolic execution

Definition at line 68 of file data_analysis.py.

 
 def intra_bloc_flow_symbexec(ir_arch, flow_graph, irb):
     """
     Create data flow for an irbloc using symbolic execution
     """
     in_nodes = {}
     out_nodes = {}
     current_nodes = {}
 
     symbols_init = {}
     for r in ir_arch.arch.regs.all_regs_ids:
         # symbols_init[r] = ir_arch.arch.regs.all_regs_ids_init[i]
         x = ExprId(r.name, r.size)
         x.is_term = True
         symbols_init[r] = x
 
     sb = symbexec(ir_arch, dict(symbols_init))
     sb.emulbloc(irb)
     # print "*"*40
     # print irb
     # print sb.dump_id()
     # print sb.dump_mem()
 
     for n_w in sb.symbols:
         # print n_w
         v = sb.symbols[n_w]
         if n_w in symbols_init and symbols_init[n_w] == v:
             continue
         read_values = v.get_r(cst_read=True)
         # print n_w, v, [str(x) for x in read_values]
         node_n_w = get_node_name(irb.label, len(irb.lines), n_w)
 
         for n_r in read_values:
             if n_r in current_nodes:
                 node_n_r = current_nodes[n_r]
             else:
                 node_n_r = get_node_name(irb.label, 0, n_r)
                 current_nodes[n_r] = node_n_r
                 in_nodes[n_r] = node_n_r
 
             out_nodes[n_w] = node_n_w
             flow_graph.add_uniq_edge(node_n_r, node_n_w)
 
     irb.in_nodes = in_nodes
     irb.out_nodes = out_nodes
 

miasm2.analysis.data_analysis.get_node_name

def get_node_name

Definition: data_analysis.py:6

miasm2.ir.symbexec.symbexec

Definition: symbexec.py:83

miasm2.analysis.data_analysis.intra_bloc_flow_symbexec

def intra_bloc_flow_symbexec

Definition: data_analysis.py:68

Here is the call graph for this function:

Classes

Functions

Function Documentation