smallworld-re 1.0.0__py3-none-any.whl

smallworld/state/memory/elf/rela/arm.py

@@ -0,0 +1,51 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+R_ARM_GLOB_DAT = 21  # Create GOT entry
+R_ARM_JUMP_SLOT = 22  # Create PLT entry
+R_ARM_RELATIVE = 23  # Adjust by program base
+R_ARM_NUM = 256  # This and higher aren't valid
+
+
+class ArmElfRelocator(ElfRelocator):
+    byteorder = platforms.Byteorder.LITTLE
+
+    def _compute_value(self, rela: ElfRela):
+        if (
+            rela.type == R_ARM_GLOB_DAT
+            or rela.type == R_ARM_JUMP_SLOT
+            or rela.type == R_ARM_RELATIVE
+        ):
+            # Different semantics, all behave the same
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(4, "little")
+        elif rela.type >= 0 and rela.type < R_ARM_NUM:
+            raise ConfigurationError(
+                "Valid, but unsupported relocation for {rela.symbol.name}: {rela.type}"
+            )
+        else:
+            raise ConfigurationError(
+                "Invalid relocation type for {rela.symbol.name}: {rela.type}"
+            )
+
+
+class Armv5TElfRelocator(ArmElfRelocator):
+    arch = platforms.Architecture.ARM_V5T
+
+
+class Armv6MElfRelocator(ArmElfRelocator):
+    arch = platforms.Architecture.ARM_V6M
+
+
+class Armv7MElfRelocator(ArmElfRelocator):
+    arch = platforms.Architecture.ARM_V7M
+
+
+class Armv7RElfRelocator(ArmElfRelocator):
+    arch = platforms.Architecture.ARM_V7R
+
+
+class Armv7AElfRelocator(ArmElfRelocator):
+    arch = platforms.Architecture.ARM_V7A

smallworld/state/memory/elf/rela/i386.py

@@ -0,0 +1,32 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+R_386_GLOB_DAT = 6  # Create GOT entry
+R_386_JUMP_SLOT = 7  # Create PLT entry
+R_386_RELATIVE = 8  # Adjust by program base
+R_386_NUM = 44  # This and higher aren't valid
+
+
+class I386ElfRelocator(ElfRelocator):
+    arch = platforms.Architecture.X86_32
+    byteorder = platforms.Byteorder.LITTLE
+
+    def _compute_value(self, rela: ElfRela):
+        if (
+            rela.type == R_386_GLOB_DAT
+            or rela.type == R_386_JUMP_SLOT
+            or rela.type == R_386_RELATIVE
+        ):
+            # Different semantics, all behave the same
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(4, "little")
+        elif rela.type >= 0 and rela.type < R_386_NUM:
+            raise ConfigurationError(
+                "Valid, but unsupported relocation for {rela.symbol.name}: {rela.type}"
+            )
+        else:
+            raise ConfigurationError(
+                "Invalid relocation type for {rela.symbol.name}: {rela.type}"
+            )

smallworld/state/memory/elf/rela/mips.py

@@ -0,0 +1,45 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+R_MIPS_32 = 2  # 32-bit direct
+R_MIPS_64 = 18  # 64-bit direct
+
+
+class MIPSElfRelocator(ElfRelocator):
+    arch = platforms.Architecture.MIPS32
+    byteorder = platforms.Byteorder.BIG
+
+    def _compute_value(self, rela: ElfRela):
+        # Because mypy doesn't believe I know what I'm doing...
+
+        if rela.type == R_MIPS_32:
+            # 32-bit direct
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(
+                4, "big" if self.byteorder == platforms.Byteorder.BIG else "little"
+            )
+        elif rela.type == R_MIPS_64:
+            # 64-bit direct
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(
+                8, "big" if self.byteorder == platforms.Byteorder.BIG else "little"
+            )
+        else:
+            raise ConfigurationError(
+                "Invalid relocation type for {rela.symbol.name}: {rela.type}"
+            )
+
+
+class MIPSELElfRelocator(MIPSElfRelocator):
+    byteorder = platforms.Byteorder.LITTLE
+
+
+class MIPS64ElfRelocator(MIPSElfRelocator):
+    arch = platforms.Architecture.MIPS64
+
+
+class MIPS64ELElfRelocator(MIPSElfRelocator):
+    arch = platforms.Architecture.MIPS64
+    byteorder = platforms.Byteorder.LITTLE

smallworld/state/memory/elf/rela/ppc.py

@@ -0,0 +1,45 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+R_PPC_GLOB_DAT = 20  # Create GOT entry
+R_PPC_JUMP_SLOT = 21  # Create PLT entry
+R_PPC_RELATIVE = 22  # Adjust by program base
+
+
+class PowerPCElfRelocator(ElfRelocator):
+    arch = platforms.Architecture.POWERPC32
+    byteorder = platforms.Byteorder.BIG
+    addrsz = 4
+
+    def _compute_value(self, rela: ElfRela):
+        if (
+            rela.type == R_PPC_GLOB_DAT
+            or rela.type == R_PPC_JUMP_SLOT
+            or rela.type == R_PPC_RELATIVE
+        ):
+            # Different semantics, all behave the same
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(self.addrsz, "big")
+        else:
+            raise ConfigurationError(
+                "Invalid relocation type for {rela.symbol.name}: {rela.type}"
+            )
+
+
+class PowerPC64ElfRelocator(PowerPCElfRelocator):
+    arch = platforms.Architecture.POWERPC64
+    addrsz = 8
+    # TODO: This is only the beginning
+    #
+    # The PowerPC64 JUMP_SLOT relocation is much more complicated,
+    # possibly the most complicated I've ever seen.
+    # It actually fills in three 64-bit values:
+    #
+    # 1. The actual function address
+    # 2. The TOC base address; serves a similar purpose to the Global Pointer in MIPS.
+    # 3. An "environment" pointer, not used by C.
+    #
+    # We're currently correctly filling in 1.
+    # Entry 2. is the address of the GOT section of the containing binary + 0x8000.

smallworld/state/memory/elf/rela/rela.py

@@ -0,0 +1,63 @@
+from __future__ import annotations
+
+import abc
+
+from ..... import platforms, utils
+from .....exceptions import ConfigurationError
+from .. import elf
+from ..structs import ElfRela
+
+
+class ElfRelocator:
+    """Platform-specific ELF relocator
+
+    Each platform defines its own set of relocation types,
+    defining how symbol values can update an image at link-time.
+
+
+    """
+
+    @property
+    @abc.abstractmethod
+    def arch(self) -> platforms.Architecture:
+        """The architecture ID"""
+        raise NotImplementedError("This is an abstract method")
+
+    @property
+    @abc.abstractmethod
+    def byteorder(self) -> platforms.Byteorder:
+        """The byte order"""
+        raise NotImplementedError("This is an abstract method.")
+
+    @abc.abstractmethod
+    def _compute_value(self, rela: ElfRela) -> bytes:
+        raise NotImplementedError("This is an abstract method.")
+
+    def relocate(self, elf: elf.ElfExecutable, rela: ElfRela) -> None:
+        val = self._compute_value(rela)
+        for off, seg in elf.items():
+            start = off + elf.address
+            stop = start + seg.get_size()
+
+            if rela.offset >= start and rela.offset < stop:
+                start = rela.offset - start
+                end = start + len(val)
+
+                contents = seg.get_content()
+                contents = contents[0:start] + val + contents[end:]
+                seg.set_content(contents)
+                return
+        raise ConfigurationError(
+            f"No segment in ELF loaded at {hex(elf.address)} covers address {hex(rela.offset)}"
+        )
+
+    @classmethod
+    def for_platform(cls, platform: platforms.Platform):
+        try:
+            return utils.find_subclass(
+                cls,
+                lambda x: x.arch == platform.architecture
+                and x.byteorder == platform.byteorder,
+            )
+        except:
+            raise ValueError(f"No relocator for {platform}")

smallworld/state/memory/elf/rela/riscv64.py

@@ -0,0 +1,27 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+R_RISCV_64 = 2  #
+R_RISCV_JUMP_SLOT = 5  # Create PLT entry
+R_RISCV_RELATIVE = 3  # Adjust by program base
+
+
+class RISCV64ElfRelocator(ElfRelocator):
+    arch = platforms.Architecture.RISCV64
+    byteorder = platforms.Byteorder.LITTLE
+
+    def _compute_value(self, rela: ElfRela):
+        if (
+            rela.type == R_RISCV_64
+            or rela.type == R_RISCV_JUMP_SLOT
+            or rela.type == R_RISCV_RELATIVE
+        ):
+            # Different semantics, all behave the same
+            val = rela.symbol.value + rela.symbol.baseaddr + rela.addend
+            return val.to_bytes(8, "little")
+        else:
+            raise ConfigurationError(
+                "Unknown relocation type for {rela.symbol.name}: {rela.type}"
+            )

smallworld/state/memory/elf/rela/xtensa.py

@@ -0,0 +1,15 @@
+from ..... import platforms
+from .....exceptions import ConfigurationError
+from ..structs import ElfRela
+from .rela import ElfRelocator
+
+
+class XtensaElfRelocator(ElfRelocator):
+    arch = platforms.Architecture.XTENSA
+    byteorder = platforms.Byteorder.LITTLE
+
+    def _compute_value(self, rela: ElfRela):
+        # Xtensa doesn't have a dynamic linker.
+        raise ConfigurationError(
+            "Unknown relocation type for {rela.symbol.name}: {rela.type}"
+        )

smallworld/state/memory/elf/structs.py

@@ -0,0 +1,55 @@
+import typing
+from dataclasses import dataclass, field
+
+
+@dataclass(frozen=False)
+class ElfSymbol:
+    """ELF symbol struct
+
+    Lief parses this data, but I can't keep the objects around.
+
+    This adds one field to the typical ELF symbol, baseaddr.
+    ELF symbol values are often relative,
+    but relative to what is an annoying question:
+
+    - In non-PIC binaries, the value is relative to zero.
+    - In linked PIC binaries, the value is relative to the load address
+    - In relocatables (.o and .ko), the value is relative to the section's address
+
+    I'll figure out the base address; to get the absolute address,
+    just add value to baseaddr.
+
+    This also adds a data structure helper field, relas,
+    so I can collect the relas linked to a symbol
+    without a separate dict.
+    """
+
+    name: str  # Symbol name
+    type: int  # Symbol type
+    bind: int  # Symbol binding
+    visibility: int  # Symbol visibility
+    shndx: int  # Symbol section index, or reserved flags
+    value: int  # Symbol value
+    size: int  # Symbol size
+    baseaddr: int  # Base address for relative symbol values
+    relas: typing.List["ElfRela"] = field(
+        default_factory=list
+    )  # List of associated relas
+
+
+@dataclass(frozen=False)
+class ElfRela:
+    """ELF relocation struct
+
+    Lief parses this data, but I can't keep the objects around.
+
+    NOTE: offset is the absolute address this rela is modifying.
+    Normally, it's optionally relative to the load address,
+    or to the linked section's address in a .o or .ko.
+    I don't want to deal with that.
+    """
+
+    offset: int  # Address of the relocation
+    type: int  # Relocation type; platform-dependent
+    symbol: ElfSymbol  # Relevant symbol in use
+    addend: int  # Extra argument to computation

smallworld/state/memory/heap.py

@@ -0,0 +1,85 @@
+import abc
+import typing
+
+from .. import state
+from . import memory
+
+
+class Heap(memory.Memory):
+    """A heap-like memory region, with convenient operations like allocate and free."""
+
+    @abc.abstractmethod
+    def allocate(self, value: state.Value) -> int:
+        """Allocate space for and write a value to the heap.
+
+        Arguments:
+            value: The value to go on the heap.
+        Returns:
+            The address at which the value was allocated.
+        """
+        pass
+
+    @abc.abstractmethod
+    def free(self, address: int) -> None:
+        """Free space on the heap for previously allocated data.
+
+        Arguements:
+            address: The start address of the previously allocated data.
+        """
+        pass
+
+    def allocate_integer(self, integer: int, size: int, label: str) -> int:
+        """Allocate space for and write an integer to the heap.
+
+        Arguments:
+            integer: The integer to go on the heap.
+            size: The number of bytes to allocate to the integer.
+            label: The label to give to the allocated region containing the integer.
+        Returns:
+            The address at which the integer was allocated.
+        """
+        value = state.IntegerValue(integer, size, label)
+        return self.allocate(value)
+
+    def allocate_bytes(
+        self, content: typing.Union[bytes, bytearray], label: str
+    ) -> int:
+        """Allocate space for and write bytes to the heap.
+
+        Arguments:
+            content: The bytes to go on the heap.
+            label: The label to give to the bytes on the heap.
+        Returns:
+            The address at which the integer was allocated.
+        """
+        value = state.BytesValue(content, label)
+        return self.allocate(value)
+
+    def allocate_ctype(self, content, label: str) -> int:
+        """Allocate space for and write structured bytes to the heap.
+
+        Arguements:
+            content: The ctypes-structured data to go on the heap.
+            label: The label to give to the data bytes on the heap.
+
+        Returns:
+            The address at which the structured data was allocated.
+        """
+        value = state.Value.from_ctypes(content, label)
+        return self.allocate(value)
+
+
+class BumpAllocator(Heap):
+    """A simple bump allocator heap."""
+
+    def allocate(self, value: state.Value) -> int:
+        self._is_safe(value)
+        offset = self.get_used()
+        self[offset] = value
+        return self.address + offset
+
+    def free(self, address: int) -> None:
+        raise NotImplementedError("freeing with a BumpAllocator is not yet implemented")
+
+
+__all__ = ["Heap", "BumpAllocator"]

smallworld/state/memory/memory.py

@@ -0,0 +1,181 @@
+import os
+import typing
+
+import claripy
+
+from ... import emulators, exceptions, platforms
+from .. import state
+
+
+class Memory(state.Stateful, dict):
+    """A memory region.
+
+    A memory maps integer offsets (implicitly from the base ``address``)
+    to ``Value`` objects.
+    """
+
+    def __init__(self, address: int, size: int, *args, **kwargs) -> None:
+        super().__init__(*args, **kwargs)
+
+        self.address: int = address
+        """The start address of this memory region."""
+
+        self.size: int = size
+        """The size address of this memory region."""
+
+    def to_bytes(self, byteorder: platforms.Byteorder) -> bytes:
+        """Convert this memory region into a byte string.
+
+        Missing/undefined space will be filled with zeros.
+
+        Arguments:
+            byteorder: Byteorder for conversion to raw bytes.
+
+        Returns:
+            Bytes for this object with the given byteorder.
+        """
+
+        result = b"\x00" * self.size
+        for offset, value in self.items():
+            # data = value.get_content()
+            result = (
+                result[:offset]
+                + value.to_bytes(byteorder=byteorder)
+                + result[offset + value.get_size() :]
+            )
+
+        return result
+
+    def get_capacity(self) -> int:
+        """Gets the total number of bytes this memory region can store.
+        Returns:
+                    The total number of bytes this memory region can store.
+        """
+        return self.size
+
+    def get_used(self) -> int:
+        """Gets the number of bytes written to this memory region.
+
+        Returns:
+            The number of bytes written to this memory region.
+        """
+        return sum([v.get_size() for v in self.values()])
+
+    def get_size(self) -> int:
+        raise NotImplementedError("You probably want get_capacity()")
+
+    def _is_safe(self, value: state.Value):
+        if (self.get_used() + value.get_size()) > self.get_capacity():
+            raise ValueError("Stack is full")
+
+    def _write_content(
+        self, emulator: emulators.Emulator, address: int, value: state.Value
+    ):
+        # Internal stub; makes it easy for Code to switch to write_code()
+        content = value.get_content()
+        if isinstance(content, claripy.ast.bv.BV):
+            try:
+                emulator.write_memory_content(address, content)
+                return
+            except exceptions.SymbolicValueError:
+                pass
+        emulator.write_memory_content(
+            address, value.to_bytes(emulator.platform.byteorder)
+        )
+
+    def apply(self, emulator: emulators.Emulator) -> None:
+        emulator.map_memory(self.address, self.get_capacity())
+        for offset, value in self.items():
+            if value.get_content() is not None:
+                self._write_content(emulator, self.address + offset, value)
+            if value.get_type() is not None:
+                emulator.write_memory_type(
+                    self.address + offset, value.get_size(), value.get_type()
+                )
+            if value.get_label() is not None:
+                emulator.write_memory_label(
+                    self.address + offset, value.get_size(), value.get_label()
+                )
+
+    def extract(self, emulator: emulators.Emulator) -> None:
+        value: state.Value
+        try:
+            bytes = emulator.read_memory(self.address, self.get_capacity())
+            value = state.BytesValue(bytes, f"Extracted memory from {self.address}")
+        except exceptions.SymbolicValueError:
+            expr = emulator.read_memory_symbolic(self.address, self.get_capacity())
+            value = state.SymbolicValue(
+                self.get_capacity(), expr, None, f"Extracted memory from {self.address}"
+            )
+        except Exception as e:
+            raise exceptions.EmulationError(
+                f"Failed reading {hex(self.address)}"
+            ) from e
+        self.clear()
+        self[0] = value
+
+    def __hash__(self):
+        return super(dict, self).__hash__()
+
+
+class RawMemory(Memory):
+    @classmethod
+    def from_bytes(cls, bytes: bytes, address: int):
+        """Load from a byte array.
+
+        Arguments:
+            bytes: The bytes of the memory.
+            address: The address where this memory should be loaded
+               into an emulator's memory.
+
+        Returns:
+            A RawMemory contstructed from the given bytes.
+        """
+
+        memory = cls(address=address, size=len(bytes))
+        memory[0] = state.BytesValue(bytes, None)
+
+        return memory
+
+    @classmethod
+    def from_file(
+        cls, file: typing.BinaryIO, address: int, label: typing.Optional[str] = None
+    ):
+        """Load from an open file-like object.
+
+        Arguments:
+            file: The open file-like object from which to load data.
+            address: The address where this memory should be loaded
+               into an emulator's memory.
+
+        Returns:
+            A RawMemory from the given file-like object.
+        """
+
+        data, size = file.read(), file.tell()
+
+        memory = cls(address=address, size=size)
+        memory[0] = state.BytesValue(data, label)
+
+        return memory
+
+    @classmethod
+    def from_filepath(cls, path: str, address: int):
+        """Load from a file.
+
+        Arguments:
+            path: The path to the file.
+            address: The address where this memory should be loaded
+               into an emulator's memory.
+
+        Returns:
+            A RawMemory parsed from the given file path.
+        """
+
+        path = os.path.abspath(os.path.expanduser(path))
+
+        with open(path, "rb") as f:
+            return cls.from_file(file=f, address=address)
+
+
+__all__ = ["Memory", "RawMemory"]

smallworld/state/memory/stack/__init__.py

@@ -0,0 +1,31 @@
+from .aarch64 import AArch64Stack
+from .amd64 import AMD64Stack
+from .arm import ARMv5tStack, ARMv6mStack, ARMv7aStack, ARMv7mStack, ARMv7rStack
+from .i386 import X86Stack
+from .mips import MIPSBEStack, MIPSELStack
+from .mips64 import MIPS64BEStack, MIPS64ELStack
+from .ppc import PowerPC32Stack, PowerPC64Stack
+from .riscv import RISCV64Stack
+from .stack import *  # noqa: F401, F403
+from .stack import __all__ as __stack__
+from .xtensa import XTensaBEStack, XTensaELStack
+
+__all__ = __stack__ + [
+    "AArch64Stack",
+    "AMD64Stack",
+    "ARMv5tStack",
+    "ARMv6mStack",
+    "ARMv7mStack",
+    "ARMv7rStack",
+    "ARMv7aStack",
+    "X86Stack",
+    "MIPSBEStack",
+    "MIPSELStack",
+    "MIPS64BEStack",
+    "MIPS64ELStack",
+    "PowerPC32Stack",
+    "PowerPC64Stack",
+    "RISCV64Stack",
+    "XTensaBEStack",
+    "XTensaELStack",
+]

smallworld/state/memory/stack/aarch64.py

@@ -0,0 +1,22 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class AArch64Stack(stack.DescendingStack):
+    """A stack for an ARM 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.AARCH64, platforms.Byteorder.LITTLE
+    )
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 16
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for AArch64")