smallworld-re 1.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (166) hide show
  1. smallworld/__init__.py +35 -0
  2. smallworld/analyses/__init__.py +14 -0
  3. smallworld/analyses/analysis.py +88 -0
  4. smallworld/analyses/code_coverage.py +31 -0
  5. smallworld/analyses/colorizer.py +682 -0
  6. smallworld/analyses/colorizer_summary.py +100 -0
  7. smallworld/analyses/field_detection/__init__.py +14 -0
  8. smallworld/analyses/field_detection/field_analysis.py +536 -0
  9. smallworld/analyses/field_detection/guards.py +26 -0
  10. smallworld/analyses/field_detection/hints.py +133 -0
  11. smallworld/analyses/field_detection/malloc.py +211 -0
  12. smallworld/analyses/forced_exec/__init__.py +3 -0
  13. smallworld/analyses/forced_exec/forced_exec.py +87 -0
  14. smallworld/analyses/underlays/__init__.py +4 -0
  15. smallworld/analyses/underlays/basic.py +13 -0
  16. smallworld/analyses/underlays/underlay.py +31 -0
  17. smallworld/analyses/unstable/__init__.py +4 -0
  18. smallworld/analyses/unstable/angr/__init__.py +0 -0
  19. smallworld/analyses/unstable/angr/base.py +12 -0
  20. smallworld/analyses/unstable/angr/divergence.py +274 -0
  21. smallworld/analyses/unstable/angr/model.py +383 -0
  22. smallworld/analyses/unstable/angr/nwbt.py +63 -0
  23. smallworld/analyses/unstable/angr/typedefs.py +170 -0
  24. smallworld/analyses/unstable/angr/utils.py +25 -0
  25. smallworld/analyses/unstable/angr/visitor.py +315 -0
  26. smallworld/analyses/unstable/angr_nwbt.py +106 -0
  27. smallworld/analyses/unstable/code_coverage.py +54 -0
  28. smallworld/analyses/unstable/code_reachable.py +44 -0
  29. smallworld/analyses/unstable/control_flow_tracer.py +71 -0
  30. smallworld/analyses/unstable/pointer_finder.py +90 -0
  31. smallworld/arch/__init__.py +0 -0
  32. smallworld/arch/aarch64_arch.py +286 -0
  33. smallworld/arch/amd64_arch.py +86 -0
  34. smallworld/arch/i386_arch.py +44 -0
  35. smallworld/emulators/__init__.py +14 -0
  36. smallworld/emulators/angr/__init__.py +7 -0
  37. smallworld/emulators/angr/angr.py +1652 -0
  38. smallworld/emulators/angr/default.py +15 -0
  39. smallworld/emulators/angr/exceptions.py +7 -0
  40. smallworld/emulators/angr/exploration/__init__.py +9 -0
  41. smallworld/emulators/angr/exploration/bounds.py +27 -0
  42. smallworld/emulators/angr/exploration/default.py +17 -0
  43. smallworld/emulators/angr/exploration/terminate.py +22 -0
  44. smallworld/emulators/angr/factory.py +55 -0
  45. smallworld/emulators/angr/machdefs/__init__.py +35 -0
  46. smallworld/emulators/angr/machdefs/aarch64.py +292 -0
  47. smallworld/emulators/angr/machdefs/amd64.py +192 -0
  48. smallworld/emulators/angr/machdefs/arm.py +387 -0
  49. smallworld/emulators/angr/machdefs/i386.py +221 -0
  50. smallworld/emulators/angr/machdefs/machdef.py +138 -0
  51. smallworld/emulators/angr/machdefs/mips.py +184 -0
  52. smallworld/emulators/angr/machdefs/mips64.py +189 -0
  53. smallworld/emulators/angr/machdefs/ppc.py +101 -0
  54. smallworld/emulators/angr/machdefs/riscv.py +261 -0
  55. smallworld/emulators/angr/machdefs/xtensa.py +255 -0
  56. smallworld/emulators/angr/memory/__init__.py +7 -0
  57. smallworld/emulators/angr/memory/default.py +10 -0
  58. smallworld/emulators/angr/memory/fixups.py +43 -0
  59. smallworld/emulators/angr/memory/memtrack.py +105 -0
  60. smallworld/emulators/angr/scratch.py +43 -0
  61. smallworld/emulators/angr/simos.py +53 -0
  62. smallworld/emulators/angr/utils.py +70 -0
  63. smallworld/emulators/emulator.py +1013 -0
  64. smallworld/emulators/hookable.py +252 -0
  65. smallworld/emulators/panda/__init__.py +5 -0
  66. smallworld/emulators/panda/machdefs/__init__.py +28 -0
  67. smallworld/emulators/panda/machdefs/aarch64.py +93 -0
  68. smallworld/emulators/panda/machdefs/amd64.py +71 -0
  69. smallworld/emulators/panda/machdefs/arm.py +89 -0
  70. smallworld/emulators/panda/machdefs/i386.py +36 -0
  71. smallworld/emulators/panda/machdefs/machdef.py +86 -0
  72. smallworld/emulators/panda/machdefs/mips.py +94 -0
  73. smallworld/emulators/panda/machdefs/mips64.py +91 -0
  74. smallworld/emulators/panda/machdefs/ppc.py +79 -0
  75. smallworld/emulators/panda/panda.py +575 -0
  76. smallworld/emulators/unicorn/__init__.py +13 -0
  77. smallworld/emulators/unicorn/machdefs/__init__.py +28 -0
  78. smallworld/emulators/unicorn/machdefs/aarch64.py +310 -0
  79. smallworld/emulators/unicorn/machdefs/amd64.py +326 -0
  80. smallworld/emulators/unicorn/machdefs/arm.py +321 -0
  81. smallworld/emulators/unicorn/machdefs/i386.py +137 -0
  82. smallworld/emulators/unicorn/machdefs/machdef.py +117 -0
  83. smallworld/emulators/unicorn/machdefs/mips.py +202 -0
  84. smallworld/emulators/unicorn/unicorn.py +684 -0
  85. smallworld/exceptions/__init__.py +5 -0
  86. smallworld/exceptions/exceptions.py +85 -0
  87. smallworld/exceptions/unstable/__init__.py +1 -0
  88. smallworld/exceptions/unstable/exceptions.py +25 -0
  89. smallworld/extern/__init__.py +4 -0
  90. smallworld/extern/ctypes.py +94 -0
  91. smallworld/extern/unstable/__init__.py +1 -0
  92. smallworld/extern/unstable/ghidra.py +129 -0
  93. smallworld/helpers.py +107 -0
  94. smallworld/hinting/__init__.py +8 -0
  95. smallworld/hinting/hinting.py +214 -0
  96. smallworld/hinting/hints.py +427 -0
  97. smallworld/hinting/unstable/__init__.py +2 -0
  98. smallworld/hinting/utils.py +19 -0
  99. smallworld/instructions/__init__.py +18 -0
  100. smallworld/instructions/aarch64.py +20 -0
  101. smallworld/instructions/arm.py +18 -0
  102. smallworld/instructions/bsid.py +67 -0
  103. smallworld/instructions/instructions.py +258 -0
  104. smallworld/instructions/mips.py +21 -0
  105. smallworld/instructions/x86.py +100 -0
  106. smallworld/logging.py +90 -0
  107. smallworld/platforms.py +95 -0
  108. smallworld/py.typed +0 -0
  109. smallworld/state/__init__.py +6 -0
  110. smallworld/state/cpus/__init__.py +32 -0
  111. smallworld/state/cpus/aarch64.py +563 -0
  112. smallworld/state/cpus/amd64.py +676 -0
  113. smallworld/state/cpus/arm.py +630 -0
  114. smallworld/state/cpus/cpu.py +71 -0
  115. smallworld/state/cpus/i386.py +239 -0
  116. smallworld/state/cpus/mips.py +374 -0
  117. smallworld/state/cpus/mips64.py +372 -0
  118. smallworld/state/cpus/powerpc.py +229 -0
  119. smallworld/state/cpus/riscv.py +357 -0
  120. smallworld/state/cpus/xtensa.py +80 -0
  121. smallworld/state/memory/__init__.py +7 -0
  122. smallworld/state/memory/code.py +70 -0
  123. smallworld/state/memory/elf/__init__.py +3 -0
  124. smallworld/state/memory/elf/elf.py +564 -0
  125. smallworld/state/memory/elf/rela/__init__.py +32 -0
  126. smallworld/state/memory/elf/rela/aarch64.py +27 -0
  127. smallworld/state/memory/elf/rela/amd64.py +32 -0
  128. smallworld/state/memory/elf/rela/arm.py +51 -0
  129. smallworld/state/memory/elf/rela/i386.py +32 -0
  130. smallworld/state/memory/elf/rela/mips.py +45 -0
  131. smallworld/state/memory/elf/rela/ppc.py +45 -0
  132. smallworld/state/memory/elf/rela/rela.py +63 -0
  133. smallworld/state/memory/elf/rela/riscv64.py +27 -0
  134. smallworld/state/memory/elf/rela/xtensa.py +15 -0
  135. smallworld/state/memory/elf/structs.py +55 -0
  136. smallworld/state/memory/heap.py +85 -0
  137. smallworld/state/memory/memory.py +181 -0
  138. smallworld/state/memory/stack/__init__.py +31 -0
  139. smallworld/state/memory/stack/aarch64.py +22 -0
  140. smallworld/state/memory/stack/amd64.py +42 -0
  141. smallworld/state/memory/stack/arm.py +66 -0
  142. smallworld/state/memory/stack/i386.py +22 -0
  143. smallworld/state/memory/stack/mips.py +34 -0
  144. smallworld/state/memory/stack/mips64.py +34 -0
  145. smallworld/state/memory/stack/ppc.py +34 -0
  146. smallworld/state/memory/stack/riscv.py +22 -0
  147. smallworld/state/memory/stack/stack.py +127 -0
  148. smallworld/state/memory/stack/xtensa.py +34 -0
  149. smallworld/state/models/__init__.py +6 -0
  150. smallworld/state/models/mmio.py +186 -0
  151. smallworld/state/models/model.py +163 -0
  152. smallworld/state/models/posix.py +455 -0
  153. smallworld/state/models/x86/__init__.py +2 -0
  154. smallworld/state/models/x86/microsoftcdecl.py +35 -0
  155. smallworld/state/models/x86/systemv.py +240 -0
  156. smallworld/state/state.py +962 -0
  157. smallworld/state/unstable/__init__.py +0 -0
  158. smallworld/state/unstable/elf.py +393 -0
  159. smallworld/state/x86_registers.py +30 -0
  160. smallworld/utils.py +935 -0
  161. smallworld_re-1.0.0.dist-info/LICENSE.txt +21 -0
  162. smallworld_re-1.0.0.dist-info/METADATA +189 -0
  163. smallworld_re-1.0.0.dist-info/RECORD +166 -0
  164. smallworld_re-1.0.0.dist-info/WHEEL +5 -0
  165. smallworld_re-1.0.0.dist-info/entry_points.txt +2 -0
  166. smallworld_re-1.0.0.dist-info/top_level.txt +1 -0
smallworld/emulators/angr/scratch.py ADDED
@@ -0,0 +1,43 @@
1
+ import copy
2
+
3
+ import angr
4
+
5
+ from ...utils import RangeCollection
6
+
7
+
8
+ class ExpandedScratchPlugin(angr.state_plugins.SimStateScratch):
9
+ def __init__(self, scratch=None):
10
+ super().__init__(scratch=scratch)
11
+ self.exit_points = set()
12
+ self.bounds = RangeCollection()
13
+ self.memory_map = RangeCollection()
14
+ self.global_insn_bp = None
15
+ self.global_syscall_func = None
16
+ self.global_read_bp = None
17
+ self.global_write_bp = None
18
+ self.insn_bps = dict()
19
+ self.func_bps = dict()
20
+ self.syscall_funcs = dict()
21
+ self.mem_read_bps = dict()
22
+ self.mem_write_bps = dict()
23
+ self.extensions = dict()
24
+
25
+ if scratch is not None:
26
+ self.exit_points |= scratch.exit_points
27
+ self.bounds.update(scratch.bounds)
28
+ self.memory_map.update(scratch.memory_map)
29
+ self.global_insn_bp = scratch.global_insn_bp
30
+ self.global_syscall_func = scratch.global_syscall_func
31
+ self.global_read_bp = scratch.global_read_bp
32
+ self.global_write_bp = scratch.global_write_bp
33
+ self.insn_bps.update(scratch.insn_bps)
34
+ self.func_bps.update(scratch.func_bps)
35
+ self.syscall_funcs.update(scratch.syscall_funcs)
36
+ self.mem_read_bps.update(scratch.mem_read_bps)
37
+ self.mem_write_bps.update(scratch.mem_write_bps)
38
+ for name, ext in scratch.extensions.items():
39
+ self.extensions[name] = copy.deepcopy(ext)
40
+
41
+ @angr.SimStatePlugin.memo
42
+ def copy(self, memo):
43
+ return self.__class__(scratch=self)
smallworld/emulators/angr/simos.py ADDED
@@ -0,0 +1,53 @@
1
+ import angr
2
+
3
+
4
+ class SyscallHookProcedure(angr.SimProcedure):
5
+ def run(self):
6
+ # Get the syscall number
7
+ number = self.cc.syscall_num(self.state)
8
+
9
+ if number.symbolic:
10
+ raise NotImplementedError(f"Symbolic syscall number {number}")
11
+ number = number.concrete_value
12
+
13
+ # See if we have a global handler
14
+ global_func = self.state.scratch.global_syscall_func
15
+ if global_func is not None:
16
+ global_func(self.state, number)
17
+
18
+ # See if we have a local handler
19
+ if number in self.state.scratch.syscall_funcs:
20
+ local_func = self.state.scratch.syscall_funcs[number]
21
+ local_func(self.state)
22
+
23
+ # Force execution to resume at the syscall exit point.
24
+ self.jump(self.state._ip)
25
+
26
+
27
+ class HookableSimOS(angr.simos.simos.SimOS):
28
+ def syscall(self, state, allow_unsupported=True):
29
+ SYSCALL_CC = angr.calling_conventions.SYSCALL_CC
30
+ arch_name = state.arch.name
31
+ os_name = state.os_name
32
+ if arch_name in SYSCALL_CC:
33
+ if os_name in SYSCALL_CC[arch_name]:
34
+ cc = SYSCALL_CC[arch_name][os_name](state.arch)
35
+ else:
36
+ cc = SYSCALL_CC[arch_name]["default"](state.arch)
37
+ else:
38
+ cc = None
39
+
40
+ out = SyscallHookProcedure(
41
+ project=self.project,
42
+ cc=cc,
43
+ prototype=None,
44
+ returns=None,
45
+ is_syscall=True,
46
+ is_stub=False,
47
+ num_args=None,
48
+ display_name=None,
49
+ library_name=None,
50
+ is_function=None,
51
+ )
52
+ out.addr = state._ip
53
+ return out
smallworld/emulators/angr/utils.py ADDED
@@ -0,0 +1,70 @@
1
+ import logging
2
+
3
+ from ...exceptions import AnalysisError
4
+
5
+ log = logging.getLogger(__name__)
6
+
7
+
8
+ def reg_name_from_offset(arch, addr: int, size: int):
9
+ """Get a register name from its offset and size in the register file
10
+
11
+ This should be straightforward, and it is for standard architectures.
12
+
13
+ Architectures supported via pcode have a nasty quirk
14
+ where register down-casts happen before reading the register.
15
+ This means angr can't tell the difference between a real sub-register,
16
+ or a read from part of a larger register.
17
+ This has the effect of selecting incorrect sub-registers,
18
+ or hallucinating non-existent sub-registers.
19
+
20
+ This function does a bit of searching to try
21
+ and match the specified address/size to the closest register.
22
+
23
+ Arguments:
24
+ arch: angr architecture object
25
+ addr: address of register write
26
+ size: size of register write
27
+
28
+ Returns:
29
+ A string containing the register name
30
+
31
+ Raises:
32
+ AnalysisException: If no matching register is found
33
+
34
+ """
35
+ orig_size = size
36
+ done = False
37
+
38
+ if (addr, size) in arch.register_size_names:
39
+ # We have an exact match.
40
+ # Don't bother with other checks.
41
+ done = True
42
+ else:
43
+ # Check if we're accessing the tail of a larger register.
44
+ for r_addr, r_size in arch.register_size_names:
45
+ if addr == r_addr + r_size - size:
46
+ addr = r_addr
47
+ size = r_size
48
+ done = True
49
+ break
50
+
51
+ # Hypothesize we're accessing the head of a larger register
52
+ # TODO: This assumes power-of-two-sized registers
53
+ #
54
+ # I know this isn't accurate for some architectures.
55
+ # It also won't be accurate if the sleigh model
56
+ # includes non-power-of-two extractions.
57
+ #
58
+ # TODO: Do any architectures have registers larger than 512 bits?
59
+ # If they do, I'm very sorry.
60
+ while not done and size < 1024:
61
+ if (addr, size) in arch.register_size_names:
62
+ done = True
63
+ break
64
+
65
+ if not done:
66
+ size = size << 1
67
+
68
+ if not done:
69
+ raise AnalysisError(f"Unknown register for {arch.name}: ({addr}, {orig_size})")
70
+ return arch.register_size_names[(addr, size)]