Miasm2
 All Classes Namespaces Files Functions Variables Typedefs Properties Macros
Functions | Variables
miasm2.analysis.disasm_cb Namespace Reference

Functions

def get_ira
 
def arm_guess_subcall
 
def arm_guess_jump_table
 
def guess_multi_cb
 

Variables

list guess_funcs = []
 

Function Documentation

def miasm2.analysis.disasm_cb.arm_guess_jump_table (   mnemo,
  attrib,
  pool_bin,
  cur_bloc,
  offsets_to_dis,
  symbol_pool 
)

Definition at line 72 of file disasm_cb.py.

72 
73  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
74  ira = get_ira(mnemo, attrib)
75 
76  jra = ExprId('jra')
77  jrb = ExprId('jrb')
78 
79  sp = asm_symbol_pool()
80  ir_arch = ira(sp)
81  ir_arch.add_bloc(cur_bloc)
82 
83  ir_blocs = ir_arch.blocs.values()
84  for irb in ir_blocs:
85  # print 'X'*40
86  # print irb
87  pc_val = None
88  # lr_val = None
89  for exprs in irb.irs:
90  for e in exprs:
91  if e.dst == ir_arch.pc:
92  pc_val = e.src
93  # if e.dst == mnemo.regs.LR:
94  # lr_val = e.src
95  if pc_val is None:
96  continue
97  if not isinstance(pc_val, ExprMem):
98  continue
99  assert(pc_val.size == 32)
100  print pc_val
101  ad = pc_val.arg
102  ad = expr_simp(ad)
103  print ad
104  res = MatchExpr(ad, jra + jrb, set([jra, jrb]))
105  if res is False:
106  raise NotImplementedError('not fully functional')
107  print res
108  if not isinstance(res[jrb], ExprInt):
109  raise NotImplementedError('not fully functional')
110  base_ad = int(res[jrb].arg)
111  print base_ad
112  addrs = set()
113  i = -1
114  max_table_entry = 10000
115  max_diff_addr = 0x100000 # heuristic
116  while i < max_table_entry:
117  i += 1
118  try:
119  ad = upck32(pool_bin.getbytes(base_ad + 4 * i, 4))
120  except:
121  break
122  if abs(ad - base_ad) > max_diff_addr:
123  break
124  addrs.add(ad)
125  print [hex(x) for x in addrs]
126 
127  for ad in addrs:
128  offsets_to_dis.add(ad)
129  l = symbol_pool.getby_offset_create(ad)
130  c = asm_constraint_to(l)
131  cur_bloc.addto(c)
miasm2.core.utils.upck32
tuple upck32
Definition: utils.py:8
miasm2.analysis.disasm_cb.get_ira
def get_ira
Definition: disasm_cb.py:12

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

def miasm2.analysis.disasm_cb.arm_guess_subcall (   mnemo,
  attrib,
  pool_bin,
  cur_bloc,
  offsets_to_dis,
  symbol_pool 
)

Definition at line 26 of file disasm_cb.py.

26 
27  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
28  ira = get_ira(mnemo, attrib)
29 
30  sp = asm_symbol_pool()
31  ir_arch = ira(sp)
32  print '###'
33  print cur_bloc
34  ir_arch.add_bloc(cur_bloc)
35 
36  ir_blocs = ir_arch.blocs.values()
37  # flow_graph = DiGraph()
38  to_add = set()
39  for irb in ir_blocs:
40  # print 'X'*40
41  # print irb
42  pc_val = None
43  lr_val = None
44  for exprs in irb.irs:
45  for e in exprs:
46  if e.dst == ir_arch.pc:
47  pc_val = e.src
48  if e.dst == mnemo.regs.LR:
49  lr_val = e.src
50  if pc_val is None or lr_val is None:
51  continue
52  if not isinstance(lr_val, ExprInt):
53  continue
54 
55  l = cur_bloc.lines[-1]
56  if lr_val.arg != l.offset + l.l:
57  continue
58  # print 'IS CALL!'
59  l = symbol_pool.getby_offset_create(int(lr_val.arg))
60  c = asm_constraint_next(l)
61 
62  to_add.add(c)
63  offsets_to_dis.add(int(lr_val.arg))
64 
65  # if to_add:
66  # print 'R'*70
67  for c in to_add:
68  # print c
69  cur_bloc.addto(c)
70 
miasm2.analysis.disasm_cb.get_ira
def get_ira
Definition: disasm_cb.py:12

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

def miasm2.analysis.disasm_cb.get_ira (   mnemo,
  attrib 
)

Definition at line 12 of file disasm_cb.py.

12 
13 def get_ira(mnemo, attrib):
14  arch = mnemo.name, attrib
15  if arch == ("arm", "arm"):
16  from miasm2.arch.arm.ira import ir_a_arm_base as ira
17  elif arch == ("x86", 32):
18  from miasm2.arch.x86.ira import ir_a_x86_32 as ira
19  elif arch == ("x86", 64):
20  from miasm2.arch.x86.ira import ir_a_x86_64 as ira
21  else:
22  raise ValueError('unknown architecture: %s' % mnemo.name)
23  return ira
24 
miasm2.analysis.disasm_cb.get_ira
def get_ira
Definition: disasm_cb.py:12

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

def miasm2.analysis.disasm_cb.guess_multi_cb (   mnemo,
  attrib,
  pool_bin,
  cur_bloc,
  offsets_to_dis,
  symbol_pool 
)

Definition at line 136 of file disasm_cb.py.

136 
137  mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
138  for f in guess_funcs:
139  f(mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool)

Variable Documentation

list miasm2.analysis.disasm_cb.guess_funcs = []

Definition at line 132 of file disasm_cb.py.

Generated by   doxygen 1.8.8