smallworld-re 1.0.2__py3-none-any.whl → 2.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- smallworld/analyses/__init__.py +8 -0
- smallworld/analyses/analysis.py +8 -67
- smallworld/analyses/code_coverage.py +1 -2
- smallworld/analyses/colorizer.py +301 -534
- smallworld/analyses/colorizer_def_use.py +217 -0
- smallworld/analyses/colorizer_summary.py +173 -83
- smallworld/analyses/field_detection/field_analysis.py +7 -8
- smallworld/analyses/field_detection/hints.py +1 -1
- smallworld/analyses/field_detection/malloc.py +2 -2
- smallworld/analyses/trace_execution.py +160 -0
- smallworld/analyses/trace_execution_types.py +42 -0
- smallworld/analyses/unstable/angr/divergence.py +1 -2
- smallworld/analyses/unstable/angr/model.py +5 -6
- smallworld/analyses/unstable/angr_nwbt.py +3 -4
- smallworld/analyses/unstable/code_coverage.py +2 -3
- smallworld/analyses/unstable/code_reachable.py +2 -3
- smallworld/analyses/unstable/control_flow_tracer.py +2 -3
- smallworld/analyses/unstable/pointer_finder.py +2 -3
- smallworld/analyses/unstable/utils/tui.py +71 -0
- smallworld/emulators/__init__.py +3 -1
- smallworld/emulators/angr/angr.py +30 -9
- smallworld/emulators/angr/machdefs/__init__.py +2 -0
- smallworld/emulators/angr/machdefs/aarch64.py +1 -1
- smallworld/emulators/angr/machdefs/amd64.py +0 -4
- smallworld/emulators/angr/machdefs/arm.py +0 -2
- smallworld/emulators/angr/machdefs/i386.py +0 -2
- smallworld/emulators/angr/machdefs/loongarch.py +340 -0
- smallworld/emulators/angr/machdefs/machdef.py +1 -8
- smallworld/emulators/angr/machdefs/mips.py +0 -2
- smallworld/emulators/angr/machdefs/mips64.py +0 -2
- smallworld/emulators/angr/machdefs/ppc.py +1 -2
- smallworld/emulators/angr/machdefs/riscv.py +8 -10
- smallworld/emulators/angr/machdefs/xtensa.py +7 -4
- smallworld/emulators/emulator.py +22 -0
- smallworld/emulators/ghidra/__init__.py +37 -0
- smallworld/emulators/ghidra/ghidra.py +513 -0
- smallworld/emulators/ghidra/machdefs/__init__.py +31 -0
- smallworld/emulators/ghidra/machdefs/aarch64.py +289 -0
- smallworld/emulators/ghidra/machdefs/amd64.py +185 -0
- smallworld/emulators/ghidra/machdefs/arm.py +370 -0
- smallworld/emulators/ghidra/machdefs/i386.py +109 -0
- smallworld/emulators/ghidra/machdefs/loongarch.py +162 -0
- smallworld/emulators/ghidra/machdefs/machdef.py +81 -0
- smallworld/emulators/ghidra/machdefs/mips.py +163 -0
- smallworld/emulators/ghidra/machdefs/mips64.py +186 -0
- smallworld/emulators/ghidra/machdefs/ppc.py +98 -0
- smallworld/emulators/ghidra/machdefs/riscv.py +208 -0
- smallworld/emulators/ghidra/machdefs/xtensa.py +21 -0
- smallworld/emulators/ghidra/typing.py +28 -0
- smallworld/emulators/hookable.py +18 -4
- smallworld/emulators/panda/machdefs/__init__.py +2 -2
- smallworld/emulators/panda/machdefs/aarch64.py +186 -11
- smallworld/emulators/panda/machdefs/amd64.py +103 -11
- smallworld/emulators/panda/machdefs/arm.py +216 -20
- smallworld/emulators/panda/machdefs/i386.py +30 -7
- smallworld/emulators/panda/machdefs/machdef.py +9 -16
- smallworld/emulators/panda/machdefs/mips.py +49 -5
- smallworld/emulators/panda/machdefs/mips64.py +57 -5
- smallworld/emulators/panda/machdefs/ppc.py +38 -13
- smallworld/emulators/panda/panda.py +146 -44
- smallworld/emulators/unicorn/__init__.py +2 -0
- smallworld/emulators/unicorn/machdefs/aarch64.py +253 -264
- smallworld/emulators/unicorn/machdefs/amd64.py +254 -259
- smallworld/emulators/unicorn/machdefs/arm.py +200 -212
- smallworld/emulators/unicorn/machdefs/i386.py +84 -90
- smallworld/emulators/unicorn/machdefs/machdef.py +2 -23
- smallworld/emulators/unicorn/machdefs/mips.py +127 -135
- smallworld/emulators/unicorn/unicorn.py +52 -13
- smallworld/helpers.py +4 -19
- smallworld/hinting/hinting.py +22 -192
- smallworld/hinting/hints.py +50 -18
- smallworld/instructions/bsid.py +8 -8
- smallworld/logging.py +4 -2
- smallworld/platforms/__init__.py +12 -0
- smallworld/platforms/defs/__init__.py +36 -0
- smallworld/platforms/defs/aarch64.py +450 -0
- smallworld/platforms/defs/amd64.py +463 -0
- smallworld/platforms/defs/arm.py +519 -0
- smallworld/platforms/defs/i386.py +258 -0
- smallworld/platforms/defs/loongarch.py +270 -0
- smallworld/platforms/defs/mips.py +321 -0
- smallworld/platforms/defs/mips64.py +313 -0
- smallworld/platforms/defs/platformdef.py +97 -0
- smallworld/platforms/defs/powerpc.py +259 -0
- smallworld/platforms/defs/riscv.py +257 -0
- smallworld/platforms/defs/xtensa.py +96 -0
- smallworld/{platforms.py → platforms/platforms.py} +3 -0
- smallworld/state/cpus/__init__.py +2 -0
- smallworld/state/cpus/aarch64.py +0 -9
- smallworld/state/cpus/amd64.py +6 -28
- smallworld/state/cpus/arm.py +0 -11
- smallworld/state/cpus/cpu.py +0 -11
- smallworld/state/cpus/i386.py +0 -7
- smallworld/state/cpus/loongarch.py +299 -0
- smallworld/state/cpus/mips.py +4 -47
- smallworld/state/cpus/mips64.py +18 -58
- smallworld/state/cpus/powerpc.py +2 -9
- smallworld/state/cpus/riscv.py +1 -11
- smallworld/state/cpus/xtensa.py +0 -5
- smallworld/state/memory/code.py +44 -2
- smallworld/state/memory/elf/__init__.py +5 -1
- smallworld/state/memory/elf/coredump/__init__.py +3 -0
- smallworld/state/memory/elf/coredump/coredump.py +46 -0
- smallworld/state/memory/elf/coredump/prstatus/__init__.py +27 -0
- smallworld/state/memory/elf/coredump/prstatus/aarch64.py +46 -0
- smallworld/state/memory/elf/coredump/prstatus/amd64.py +40 -0
- smallworld/state/memory/elf/coredump/prstatus/arm.py +53 -0
- smallworld/state/memory/elf/coredump/prstatus/i386.py +30 -0
- smallworld/state/memory/elf/coredump/prstatus/mips.py +55 -0
- smallworld/state/memory/elf/coredump/prstatus/mips64.py +57 -0
- smallworld/state/memory/elf/coredump/prstatus/ppc.py +82 -0
- smallworld/state/memory/elf/coredump/prstatus/prstatus.py +129 -0
- smallworld/state/memory/elf/elf.py +225 -61
- smallworld/state/memory/elf/register_state.py +36 -0
- smallworld/state/memory/elf/rela/__init__.py +2 -0
- smallworld/state/memory/elf/rela/aarch64.py +3 -1
- smallworld/state/memory/elf/rela/amd64.py +4 -2
- smallworld/state/memory/elf/rela/arm.py +4 -2
- smallworld/state/memory/elf/rela/i386.py +4 -2
- smallworld/state/memory/elf/rela/loongarch.py +32 -0
- smallworld/state/memory/elf/rela/mips.py +39 -18
- smallworld/state/memory/elf/rela/ppc.py +31 -14
- smallworld/state/memory/elf/structs.py +3 -0
- smallworld/state/memory/heap.py +2 -2
- smallworld/state/memory/memory.py +18 -0
- smallworld/state/memory/pe/__init__.py +3 -0
- smallworld/state/memory/pe/pe.py +361 -0
- smallworld/state/memory/pe/structs.py +60 -0
- smallworld/state/memory/stack/__init__.py +2 -0
- smallworld/state/memory/stack/loongarch.py +26 -0
- smallworld/state/models/__init__.py +29 -2
- smallworld/state/models/aarch64/__init__.py +1 -0
- smallworld/state/models/aarch64/systemv/__init__.py +6 -0
- smallworld/state/models/aarch64/systemv/c99/__init__.py +12 -0
- smallworld/state/models/aarch64/systemv/c99/signal.py +16 -0
- smallworld/state/models/aarch64/systemv/c99/stdio.py +265 -0
- smallworld/state/models/aarch64/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/aarch64/systemv/c99/string.py +139 -0
- smallworld/state/models/aarch64/systemv/c99/time.py +61 -0
- smallworld/state/models/aarch64/systemv/posix/__init__.py +6 -0
- smallworld/state/models/aarch64/systemv/posix/libgen.py +16 -0
- smallworld/state/models/aarch64/systemv/posix/signal.py +157 -0
- smallworld/state/models/aarch64/systemv/systemv.py +80 -0
- smallworld/state/models/amd64/__init__.py +1 -0
- smallworld/state/models/amd64/systemv/__init__.py +6 -0
- smallworld/state/models/amd64/systemv/c99/__init__.py +12 -0
- smallworld/state/models/amd64/systemv/c99/signal.py +16 -0
- smallworld/state/models/amd64/systemv/c99/stdio.py +265 -0
- smallworld/state/models/amd64/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/amd64/systemv/c99/string.py +139 -0
- smallworld/state/models/amd64/systemv/c99/time.py +61 -0
- smallworld/state/models/amd64/systemv/posix/__init__.py +6 -0
- smallworld/state/models/amd64/systemv/posix/libgen.py +16 -0
- smallworld/state/models/amd64/systemv/posix/signal.py +157 -0
- smallworld/state/models/amd64/systemv/systemv.py +78 -0
- smallworld/state/models/armel/__init__.py +1 -0
- smallworld/state/models/armel/systemv/__init__.py +6 -0
- smallworld/state/models/armel/systemv/c99/__init__.py +12 -0
- smallworld/state/models/armel/systemv/c99/signal.py +16 -0
- smallworld/state/models/armel/systemv/c99/stdio.py +265 -0
- smallworld/state/models/armel/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/armel/systemv/c99/string.py +139 -0
- smallworld/state/models/armel/systemv/c99/time.py +61 -0
- smallworld/state/models/armel/systemv/posix/__init__.py +6 -0
- smallworld/state/models/armel/systemv/posix/libgen.py +16 -0
- smallworld/state/models/armel/systemv/posix/signal.py +157 -0
- smallworld/state/models/armel/systemv/systemv.py +82 -0
- smallworld/state/models/armhf/__init__.py +1 -0
- smallworld/state/models/armhf/systemv/__init__.py +6 -0
- smallworld/state/models/armhf/systemv/c99/__init__.py +12 -0
- smallworld/state/models/armhf/systemv/c99/signal.py +16 -0
- smallworld/state/models/armhf/systemv/c99/stdio.py +265 -0
- smallworld/state/models/armhf/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/armhf/systemv/c99/string.py +139 -0
- smallworld/state/models/armhf/systemv/c99/time.py +61 -0
- smallworld/state/models/armhf/systemv/posix/__init__.py +6 -0
- smallworld/state/models/armhf/systemv/posix/libgen.py +16 -0
- smallworld/state/models/armhf/systemv/posix/signal.py +157 -0
- smallworld/state/models/armhf/systemv/systemv.py +77 -0
- smallworld/state/models/c99/__init__.py +12 -0
- smallworld/state/models/c99/fmt_print.py +915 -0
- smallworld/state/models/c99/fmt_scan.py +864 -0
- smallworld/state/models/c99/math.py +362 -0
- smallworld/state/models/c99/signal.py +71 -0
- smallworld/state/models/c99/stdio.py +1305 -0
- smallworld/state/models/c99/stdlib.py +595 -0
- smallworld/state/models/c99/string.py +674 -0
- smallworld/state/models/c99/time.py +340 -0
- smallworld/state/models/c99/utils.py +89 -0
- smallworld/state/models/cstd.py +759 -0
- smallworld/state/models/errno.py +581 -0
- smallworld/state/models/filedesc.py +515 -0
- smallworld/state/models/i386/__init__.py +1 -0
- smallworld/state/models/i386/systemv/__init__.py +6 -0
- smallworld/state/models/i386/systemv/c99/__init__.py +12 -0
- smallworld/state/models/i386/systemv/c99/signal.py +16 -0
- smallworld/state/models/i386/systemv/c99/stdio.py +265 -0
- smallworld/state/models/i386/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/i386/systemv/c99/string.py +139 -0
- smallworld/state/models/i386/systemv/c99/time.py +61 -0
- smallworld/state/models/i386/systemv/posix/__init__.py +6 -0
- smallworld/state/models/i386/systemv/posix/libgen.py +16 -0
- smallworld/state/models/i386/systemv/posix/signal.py +157 -0
- smallworld/state/models/i386/systemv/systemv.py +71 -0
- smallworld/state/models/loongarch64/__init__.py +1 -0
- smallworld/state/models/loongarch64/systemv/__init__.py +6 -0
- smallworld/state/models/loongarch64/systemv/c99/__init__.py +12 -0
- smallworld/state/models/loongarch64/systemv/c99/signal.py +16 -0
- smallworld/state/models/loongarch64/systemv/c99/stdio.py +265 -0
- smallworld/state/models/loongarch64/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/loongarch64/systemv/c99/string.py +139 -0
- smallworld/state/models/loongarch64/systemv/c99/time.py +61 -0
- smallworld/state/models/loongarch64/systemv/posix/__init__.py +6 -0
- smallworld/state/models/loongarch64/systemv/posix/libgen.py +16 -0
- smallworld/state/models/loongarch64/systemv/posix/signal.py +157 -0
- smallworld/state/models/loongarch64/systemv/systemv.py +83 -0
- smallworld/state/models/mips/__init__.py +1 -0
- smallworld/state/models/mips/systemv/__init__.py +6 -0
- smallworld/state/models/mips/systemv/c99/__init__.py +12 -0
- smallworld/state/models/mips/systemv/c99/signal.py +16 -0
- smallworld/state/models/mips/systemv/c99/stdio.py +265 -0
- smallworld/state/models/mips/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/mips/systemv/c99/string.py +139 -0
- smallworld/state/models/mips/systemv/c99/time.py +61 -0
- smallworld/state/models/mips/systemv/posix/__init__.py +6 -0
- smallworld/state/models/mips/systemv/posix/libgen.py +16 -0
- smallworld/state/models/mips/systemv/posix/signal.py +157 -0
- smallworld/state/models/mips/systemv/systemv.py +78 -0
- smallworld/state/models/mips64/__init__.py +1 -0
- smallworld/state/models/mips64/systemv/__init__.py +6 -0
- smallworld/state/models/mips64/systemv/c99/__init__.py +12 -0
- smallworld/state/models/mips64/systemv/c99/signal.py +16 -0
- smallworld/state/models/mips64/systemv/c99/stdio.py +265 -0
- smallworld/state/models/mips64/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/mips64/systemv/c99/string.py +139 -0
- smallworld/state/models/mips64/systemv/c99/time.py +61 -0
- smallworld/state/models/mips64/systemv/posix/__init__.py +6 -0
- smallworld/state/models/mips64/systemv/posix/libgen.py +16 -0
- smallworld/state/models/mips64/systemv/posix/signal.py +157 -0
- smallworld/state/models/mips64/systemv/systemv.py +98 -0
- smallworld/state/models/mips64el/__init__.py +1 -0
- smallworld/state/models/mips64el/systemv/__init__.py +6 -0
- smallworld/state/models/mips64el/systemv/c99/__init__.py +12 -0
- smallworld/state/models/mips64el/systemv/c99/signal.py +16 -0
- smallworld/state/models/mips64el/systemv/c99/stdio.py +265 -0
- smallworld/state/models/mips64el/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/mips64el/systemv/c99/string.py +139 -0
- smallworld/state/models/mips64el/systemv/c99/time.py +61 -0
- smallworld/state/models/mips64el/systemv/posix/__init__.py +6 -0
- smallworld/state/models/mips64el/systemv/posix/libgen.py +16 -0
- smallworld/state/models/mips64el/systemv/posix/signal.py +157 -0
- smallworld/state/models/mips64el/systemv/systemv.py +96 -0
- smallworld/state/models/mipsel/__init__.py +1 -0
- smallworld/state/models/mipsel/systemv/__init__.py +6 -0
- smallworld/state/models/mipsel/systemv/c99/__init__.py +12 -0
- smallworld/state/models/mipsel/systemv/c99/signal.py +16 -0
- smallworld/state/models/mipsel/systemv/c99/stdio.py +265 -0
- smallworld/state/models/mipsel/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/mipsel/systemv/c99/string.py +139 -0
- smallworld/state/models/mipsel/systemv/c99/time.py +61 -0
- smallworld/state/models/mipsel/systemv/posix/__init__.py +6 -0
- smallworld/state/models/mipsel/systemv/posix/libgen.py +16 -0
- smallworld/state/models/mipsel/systemv/posix/signal.py +157 -0
- smallworld/state/models/mipsel/systemv/systemv.py +78 -0
- smallworld/state/models/model.py +27 -2
- smallworld/state/models/posix/__init__.py +6 -0
- smallworld/state/models/posix/libgen.py +123 -0
- smallworld/state/models/posix/signal.py +690 -0
- smallworld/state/models/powerpc/__init__.py +1 -0
- smallworld/state/models/powerpc/systemv/__init__.py +6 -0
- smallworld/state/models/powerpc/systemv/c99/__init__.py +12 -0
- smallworld/state/models/powerpc/systemv/c99/signal.py +16 -0
- smallworld/state/models/powerpc/systemv/c99/stdio.py +265 -0
- smallworld/state/models/powerpc/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/powerpc/systemv/c99/string.py +139 -0
- smallworld/state/models/powerpc/systemv/c99/time.py +61 -0
- smallworld/state/models/powerpc/systemv/posix/__init__.py +6 -0
- smallworld/state/models/powerpc/systemv/posix/libgen.py +16 -0
- smallworld/state/models/powerpc/systemv/posix/signal.py +157 -0
- smallworld/state/models/powerpc/systemv/systemv.py +93 -0
- smallworld/state/models/riscv64/__init__.py +1 -0
- smallworld/state/models/riscv64/systemv/__init__.py +6 -0
- smallworld/state/models/riscv64/systemv/c99/__init__.py +12 -0
- smallworld/state/models/riscv64/systemv/c99/signal.py +16 -0
- smallworld/state/models/riscv64/systemv/c99/stdio.py +265 -0
- smallworld/state/models/riscv64/systemv/c99/stdlib.py +169 -0
- smallworld/state/models/riscv64/systemv/c99/string.py +139 -0
- smallworld/state/models/riscv64/systemv/c99/time.py +61 -0
- smallworld/state/models/riscv64/systemv/posix/__init__.py +6 -0
- smallworld/state/models/riscv64/systemv/posix/libgen.py +16 -0
- smallworld/state/models/riscv64/systemv/posix/signal.py +157 -0
- smallworld/state/models/riscv64/systemv/systemv.py +85 -0
- smallworld/state/state.py +65 -24
- smallworld/state/unstable/elf.py +16 -31
- smallworld/utils.py +6 -1
- {smallworld_re-1.0.2.dist-info → smallworld_re-2.0.0.dist-info}/METADATA +76 -43
- smallworld_re-2.0.0.dist-info/RECORD +374 -0
- {smallworld_re-1.0.2.dist-info → smallworld_re-2.0.0.dist-info}/WHEEL +1 -1
- smallworld/state/models/x86/__init__.py +0 -2
- smallworld/state/models/x86/microsoftcdecl.py +0 -35
- smallworld/state/models/x86/systemv.py +0 -240
- smallworld_re-1.0.2.dist-info/RECORD +0 -166
- /smallworld/state/models/{posix.py → _posix.py} +0 -0
- {smallworld_re-1.0.2.dist-info → smallworld_re-2.0.0.dist-info}/entry_points.txt +0 -0
- {smallworld_re-1.0.2.dist-info → smallworld_re-2.0.0.dist-info/licenses}/LICENSE.txt +0 -0
- {smallworld_re-1.0.2.dist-info → smallworld_re-2.0.0.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
import copy
|
|
2
|
+
import hashlib
|
|
3
|
+
import logging
|
|
4
|
+
import typing
|
|
5
|
+
from enum import Enum
|
|
6
|
+
|
|
7
|
+
import capstone
|
|
8
|
+
|
|
9
|
+
import smallworld
|
|
10
|
+
from smallworld.analyses.trace_execution_types import CmpInfo, TraceElement, TraceRes
|
|
11
|
+
from smallworld.instructions import RegisterOperand
|
|
12
|
+
|
|
13
|
+
from .. import platforms
|
|
14
|
+
from ..hinting.hints import TraceExecutionHint
|
|
15
|
+
from . import analysis
|
|
16
|
+
|
|
17
|
+
logger = logging.getLogger(__name__)
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
class TraceExecutionCBPoint(Enum):
|
|
21
|
+
BEFORE_INSTRUCTION = 1
|
|
22
|
+
AFTER_INSTRUCTION = 2
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
def get_cmp_info(
|
|
26
|
+
platform: smallworld.platforms.Platform,
|
|
27
|
+
emulator: smallworld.emulators.Emulator,
|
|
28
|
+
cs_insn: capstone.CsInsn,
|
|
29
|
+
) -> typing.Tuple[typing.List[CmpInfo], typing.List[int]]:
|
|
30
|
+
pdefs = platforms.defs.PlatformDef.for_platform(platform)
|
|
31
|
+
if cs_insn.mnemonic in pdefs.compare_mnemonics:
|
|
32
|
+
# it's a compare -- return list of "reads'
|
|
33
|
+
sw_insn = smallworld.instructions.Instruction.from_capstone(cs_insn)
|
|
34
|
+
cmp_info = []
|
|
35
|
+
for op in cs_insn.operands:
|
|
36
|
+
if op.type == capstone.CS_OP_MEM and (op.access & capstone.CS_AC_READ):
|
|
37
|
+
cmp_info.append(sw_insn._memory_reference_operand(op))
|
|
38
|
+
if op.type == capstone.CS_OP_REG and (op.access & capstone.CS_AC_READ):
|
|
39
|
+
cmp_info.append(RegisterOperand(cs_insn.reg_name(op.value.reg)))
|
|
40
|
+
if op.type == capstone.CS_OP_IMM:
|
|
41
|
+
cmp_info.append(op.value.imm)
|
|
42
|
+
immediates = []
|
|
43
|
+
for op in cs_insn.operands:
|
|
44
|
+
if op.type == capstone.x86.X86_OP_IMM:
|
|
45
|
+
immediates.append(op.value.imm)
|
|
46
|
+
return (cmp_info, immediates)
|
|
47
|
+
return ([], [])
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
class TraceExecution(analysis.Analysis):
|
|
51
|
+
name = "trace_execution"
|
|
52
|
+
description = "perform one concrete execution given a machine state, collecting trace, coverage, and errors"
|
|
53
|
+
version = "0.0.1"
|
|
54
|
+
|
|
55
|
+
def __init__(
|
|
56
|
+
self,
|
|
57
|
+
*args,
|
|
58
|
+
num_insns: int,
|
|
59
|
+
seed: int = 1234567,
|
|
60
|
+
**kwargs,
|
|
61
|
+
):
|
|
62
|
+
super().__init__(*args, **kwargs)
|
|
63
|
+
self.num_insns = num_insns
|
|
64
|
+
self.seed = seed
|
|
65
|
+
self.before_instruction_cbs: typing.List[typing.Any] = []
|
|
66
|
+
self.after_instruction_cbs: typing.List[typing.Any] = []
|
|
67
|
+
|
|
68
|
+
def register_emu_summary(self):
|
|
69
|
+
pdefs = platforms.defs.PlatformDef.for_platform(self.platform)
|
|
70
|
+
m = hashlib.md5()
|
|
71
|
+
for reg in pdefs.general_purpose_registers:
|
|
72
|
+
vs = (str(self.emulator.read_register(reg))).encode("utf-8")
|
|
73
|
+
m.update(vs)
|
|
74
|
+
return m.hexdigest()
|
|
75
|
+
|
|
76
|
+
def register_cb(self, cb_point, cb_function):
|
|
77
|
+
assert isinstance(cb_point, TraceExecutionCBPoint)
|
|
78
|
+
if cb_point == TraceExecutionCBPoint.BEFORE_INSTRUCTION:
|
|
79
|
+
self.before_instruction_cbs.append(cb_function)
|
|
80
|
+
if cb_point == TraceExecutionCBPoint.AFTER_INSTRUCTION:
|
|
81
|
+
self.after_instruction_cbs.append(cb_function)
|
|
82
|
+
|
|
83
|
+
def run(self, machine: smallworld.state.Machine) -> None:
|
|
84
|
+
self.machine = copy.deepcopy(machine)
|
|
85
|
+
self.platform = machine.get_platform()
|
|
86
|
+
self.emulator = smallworld.emulators.unicorn.UnicornEmulator(self.platform)
|
|
87
|
+
self.machine.apply(self.emulator)
|
|
88
|
+
|
|
89
|
+
logger.debug(f"starting regs in emu {self.register_emu_summary()}")
|
|
90
|
+
|
|
91
|
+
def get_insn(pc):
|
|
92
|
+
code = self.emulator.read_memory(pc, 15)
|
|
93
|
+
if code is None:
|
|
94
|
+
raise smallworld.exceptions.AnalysisRunError(
|
|
95
|
+
"Unable to read next instruction out of emulator memory"
|
|
96
|
+
)
|
|
97
|
+
(cs_insns, disas) = self.emulator._disassemble(code, pc, 1)
|
|
98
|
+
return cs_insns[0]
|
|
99
|
+
|
|
100
|
+
the_exc = None
|
|
101
|
+
emu_result = TraceRes.ER_NONE
|
|
102
|
+
|
|
103
|
+
pdefs = platforms.defs.PlatformDef.for_platform(self.platform)
|
|
104
|
+
|
|
105
|
+
i = 0
|
|
106
|
+
trace = []
|
|
107
|
+
while True:
|
|
108
|
+
pc = self.emulator.read_register("pc")
|
|
109
|
+
cs_insn = get_insn(pc)
|
|
110
|
+
(cmp_info, imm_info) = get_cmp_info(self.platform, self.emulator, cs_insn)
|
|
111
|
+
branch_info = cs_insn.mnemonic in pdefs.conditional_branch_mnemonics
|
|
112
|
+
te = TraceElement(
|
|
113
|
+
pc, i, cs_insn.mnemonic, cs_insn.op_str, cmp_info, branch_info, imm_info
|
|
114
|
+
)
|
|
115
|
+
trace.append(te)
|
|
116
|
+
# run any callbacks
|
|
117
|
+
for before_cb in self.before_instruction_cbs:
|
|
118
|
+
before_cb(self.emulator, pc, te)
|
|
119
|
+
try:
|
|
120
|
+
i += 1
|
|
121
|
+
self.emulator.step()
|
|
122
|
+
except smallworld.exceptions.EmulationBounds:
|
|
123
|
+
# this one really isnt an error of any kind; we
|
|
124
|
+
# encountered code we were not supposed to execute
|
|
125
|
+
emu_result = TraceRes.ER_BOUNDS
|
|
126
|
+
break
|
|
127
|
+
except Exception as e:
|
|
128
|
+
# grab the exception and save it for hinting
|
|
129
|
+
emu_result = TraceRes.ER_FAIL
|
|
130
|
+
the_exc = e
|
|
131
|
+
break
|
|
132
|
+
# run any after callbacks
|
|
133
|
+
for after_cb in self.after_instruction_cbs:
|
|
134
|
+
after_cb(self.emulator, pc, te)
|
|
135
|
+
if i == self.num_insns:
|
|
136
|
+
emu_result = TraceRes.ER_MAX_INSNS
|
|
137
|
+
break
|
|
138
|
+
|
|
139
|
+
m = hashlib.md5()
|
|
140
|
+
for te in trace:
|
|
141
|
+
logger.debug(te)
|
|
142
|
+
m.update((str(te.pc).encode("utf-8")))
|
|
143
|
+
|
|
144
|
+
logger.info(
|
|
145
|
+
f"captured trace of {i} instructions, res={emu_result} trace_digest={m.hexdigest()}"
|
|
146
|
+
)
|
|
147
|
+
|
|
148
|
+
assert emu_result is not None
|
|
149
|
+
|
|
150
|
+
hint = TraceExecutionHint(
|
|
151
|
+
message="A single execution trace",
|
|
152
|
+
trace=trace,
|
|
153
|
+
trace_digest=m.hexdigest(),
|
|
154
|
+
seed=self.seed,
|
|
155
|
+
emu_result=emu_result,
|
|
156
|
+
exception=the_exc,
|
|
157
|
+
exception_class=str(type(the_exc)),
|
|
158
|
+
)
|
|
159
|
+
|
|
160
|
+
self.hinter.send(hint)
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import json
|
|
2
|
+
import typing
|
|
3
|
+
from dataclasses import dataclass
|
|
4
|
+
from enum import Enum
|
|
5
|
+
|
|
6
|
+
from smallworld.instructions import Operand
|
|
7
|
+
|
|
8
|
+
CmpInfo = typing.Tuple[str, Operand, int]
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
class TraceRes(Enum):
|
|
12
|
+
ER_NONE = 0
|
|
13
|
+
ER_BOUNDS = 1
|
|
14
|
+
ER_MAX_INSNS = 2
|
|
15
|
+
ER_FAIL = 3
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
# one element in a trace
|
|
19
|
+
@dataclass
|
|
20
|
+
class TraceElement:
|
|
21
|
+
pc: int
|
|
22
|
+
ic: int # instruction count
|
|
23
|
+
mnemonic: str
|
|
24
|
+
op_str: str
|
|
25
|
+
cmp: typing.List[CmpInfo]
|
|
26
|
+
branch: bool
|
|
27
|
+
immediates: typing.List[int]
|
|
28
|
+
|
|
29
|
+
def __str__(self):
|
|
30
|
+
return f"{self.ic} 0x{self.pc:x} [{self.mnemonic} {self.op_str}] {self.cmp} {self.branch} {self.immediates}"
|
|
31
|
+
|
|
32
|
+
# NOTE this is just used for logging. Can't un-jsonify
|
|
33
|
+
def to_json(self):
|
|
34
|
+
d = {
|
|
35
|
+
"instruction_count": self.ic,
|
|
36
|
+
"pc": self.pc,
|
|
37
|
+
"instr": f"{self.mnemonic} {self.op_str}",
|
|
38
|
+
"cmp": str(self.cmp),
|
|
39
|
+
"branch": self.branch,
|
|
40
|
+
"immediates": self.immediates,
|
|
41
|
+
}
|
|
42
|
+
return json.dumps(d)
|
|
@@ -11,7 +11,6 @@ from .utils import print_state
|
|
|
11
11
|
from .visitor import ConditionalVisitor
|
|
12
12
|
|
|
13
13
|
log = logging.getLogger(__name__)
|
|
14
|
-
hinter = hinting.get_hinter(__name__)
|
|
15
14
|
|
|
16
15
|
|
|
17
16
|
class DivergentAddressSignal(AnalysisSignal):
|
|
@@ -144,7 +143,7 @@ class DivergenceMemoryMixin(BaseMemoryMixin):
|
|
|
144
143
|
address=str(addr),
|
|
145
144
|
options=[(str(k), str(v)) for (k, v) in guards.items()],
|
|
146
145
|
)
|
|
147
|
-
hinter.info(hint)
|
|
146
|
+
self.hinter.info(hint)
|
|
148
147
|
options = {
|
|
149
148
|
"fork": self.divergence_fork,
|
|
150
149
|
"choose": self.divergence_choose,
|
|
@@ -12,7 +12,6 @@ from .base import BaseMemoryMixin
|
|
|
12
12
|
from .visitor import EvalVisitor
|
|
13
13
|
|
|
14
14
|
log = logging.getLogger(__name__)
|
|
15
|
-
hinter = hinting.get_hinter(__name__)
|
|
16
15
|
visitor = EvalVisitor()
|
|
17
16
|
|
|
18
17
|
|
|
@@ -158,7 +157,7 @@ class ModelMemoryMixin(BaseMemoryMixin):
|
|
|
158
157
|
instruction=self.state._ip.concrete_value,
|
|
159
158
|
value=str(res),
|
|
160
159
|
)
|
|
161
|
-
hinter.
|
|
160
|
+
self.hinter.send(hint)
|
|
162
161
|
else:
|
|
163
162
|
res = self._handle_untyped_register(reg_name, res)
|
|
164
163
|
hint = hinting.UntypedUnderSpecifiedRegisterHint(
|
|
@@ -167,7 +166,7 @@ class ModelMemoryMixin(BaseMemoryMixin):
|
|
|
167
166
|
instruction=self.state._ip.concrete_value,
|
|
168
167
|
value=str(res),
|
|
169
168
|
)
|
|
170
|
-
hinter.
|
|
169
|
+
self.hinter.send(hint)
|
|
171
170
|
if isinstance(res, int):
|
|
172
171
|
res = self.state.solver.BVV(res, size * 8)
|
|
173
172
|
else:
|
|
@@ -182,7 +181,7 @@ class ModelMemoryMixin(BaseMemoryMixin):
|
|
|
182
181
|
instruction=self.state._ip.concrete_value,
|
|
183
182
|
value=str(res),
|
|
184
183
|
)
|
|
185
|
-
hinter.
|
|
184
|
+
self.hinter.send(hint)
|
|
186
185
|
else:
|
|
187
186
|
hint = hinting.UntypedUnderSpecifiedMemoryHint(
|
|
188
187
|
message="Memory has no type or value",
|
|
@@ -191,7 +190,7 @@ class ModelMemoryMixin(BaseMemoryMixin):
|
|
|
191
190
|
instruction=self.state._ip.concrete_value,
|
|
192
191
|
value=str(res),
|
|
193
192
|
)
|
|
194
|
-
hinter.
|
|
193
|
+
self.hinter.send(hint)
|
|
195
194
|
self._handle_untyped_address(addr, res)
|
|
196
195
|
|
|
197
196
|
return res
|
|
@@ -255,7 +254,7 @@ class ModelMemoryMixin(BaseMemoryMixin):
|
|
|
255
254
|
instruction=self.state._ip.concrete_value,
|
|
256
255
|
value=str(value),
|
|
257
256
|
)
|
|
258
|
-
hinter.
|
|
257
|
+
self.hinter.send(hint)
|
|
259
258
|
environ.set_symbol(v.args[0], value)
|
|
260
259
|
if isinstance(value, int):
|
|
261
260
|
pretty_value = hex(value)
|
|
@@ -6,7 +6,6 @@ from .angr.nwbt import configure_nwbt_plugins, configure_nwbt_strategy
|
|
|
6
6
|
from .angr.utils import print_state
|
|
7
7
|
|
|
8
8
|
log = logging.getLogger(__name__)
|
|
9
|
-
hinter = hinting.get_hinter(__name__)
|
|
10
9
|
|
|
11
10
|
|
|
12
11
|
class AngrNWBTAnalysis(analysis.Analysis):
|
|
@@ -71,21 +70,21 @@ class AngrNWBTAnalysis(analysis.Analysis):
|
|
|
71
70
|
registers=st.registers.create_hint(),
|
|
72
71
|
memory=st.memory.create_hint(),
|
|
73
72
|
)
|
|
74
|
-
hinter.
|
|
73
|
+
self.hinter.send(hint)
|
|
75
74
|
for st in emu.mgr.deadended:
|
|
76
75
|
hint = hinting.OutputHint(
|
|
77
76
|
message="State exited due to breakpoint",
|
|
78
77
|
registers=st.registers.create_hint(),
|
|
79
78
|
memory=st.memory.create_hint(),
|
|
80
79
|
)
|
|
81
|
-
hinter.
|
|
80
|
+
self.hinter.send(hint)
|
|
82
81
|
for st in emu.mgr.unsat:
|
|
83
82
|
hint = hinting.OutputHint(
|
|
84
83
|
message="State cannot continue; constraints unsat",
|
|
85
84
|
registers=st.registers.create_hint(),
|
|
86
85
|
memory=st.memory.create_hint(),
|
|
87
86
|
)
|
|
88
|
-
hinter.
|
|
87
|
+
self.hinter.send(hint)
|
|
89
88
|
for err in emu.mgr.errored:
|
|
90
89
|
print_state(log.info, err.state, "error")
|
|
91
90
|
log.error(
|
|
@@ -6,7 +6,6 @@ from ... import emulators, exceptions, hinting, state
|
|
|
6
6
|
from .. import analysis
|
|
7
7
|
|
|
8
8
|
logger = logging.getLogger(__name__)
|
|
9
|
-
hinter = hinting.get_hinter(__name__)
|
|
10
9
|
|
|
11
10
|
|
|
12
11
|
class CodeCoverage(analysis.Analysis):
|
|
@@ -48,7 +47,7 @@ class CodeCoverage(analysis.Analysis):
|
|
|
48
47
|
instruction_num=i,
|
|
49
48
|
exception=str(e),
|
|
50
49
|
)
|
|
51
|
-
hinter.
|
|
50
|
+
self.hinter.send(exhint)
|
|
52
51
|
break
|
|
53
52
|
hint = hinting.CoverageHint(message="Coverage for execution", coverage=coverage)
|
|
54
|
-
hinter.
|
|
53
|
+
self.hinter.send(hint)
|
|
@@ -5,13 +5,12 @@ from ... import emulators, exceptions, hinting, state
|
|
|
5
5
|
from .. import analysis
|
|
6
6
|
|
|
7
7
|
logger = logging.getLogger(__name__)
|
|
8
|
-
hinter = hinting.get_hinter(__name__)
|
|
9
8
|
|
|
10
9
|
|
|
11
10
|
class CodeReachable(analysis.Analysis):
|
|
12
11
|
"""A simple analysis that logs what code is reachable by symbolic execution."""
|
|
13
12
|
|
|
14
|
-
def __init__(self, max_steps=500, **kwargs):
|
|
13
|
+
def __init__(self, *args, max_steps=500, **kwargs):
|
|
15
14
|
self.steps_left = max_steps
|
|
16
15
|
super().__init__(**kwargs)
|
|
17
16
|
|
|
@@ -35,7 +34,7 @@ class CodeReachable(analysis.Analysis):
|
|
|
35
34
|
message=f"Address {hex(pc)} is reachable via symbolic execution",
|
|
36
35
|
address=pc,
|
|
37
36
|
)
|
|
38
|
-
hinter.
|
|
37
|
+
self.hinter.send(hint)
|
|
39
38
|
if self.steps_left is not None:
|
|
40
39
|
self.steps_left -= 1
|
|
41
40
|
except exceptions.EmulationStop:
|
|
@@ -5,7 +5,6 @@ from ... import emulators, exceptions, hinting, instructions, state
|
|
|
5
5
|
from .. import analysis
|
|
6
6
|
|
|
7
7
|
logger = logging.getLogger(__name__)
|
|
8
|
-
hinter = hinting.get_hinter(__name__)
|
|
9
8
|
|
|
10
9
|
|
|
11
10
|
class ControlFlowTracer(analysis.Analysis):
|
|
@@ -41,7 +40,7 @@ class ControlFlowTracer(analysis.Analysis):
|
|
|
41
40
|
),
|
|
42
41
|
to_instruction=instructions.Instruction.from_capstone(instruction),
|
|
43
42
|
)
|
|
44
|
-
hinter.
|
|
43
|
+
self.hinter.send(hint)
|
|
45
44
|
from_instruction = None
|
|
46
45
|
if self.is_cfi(instruction):
|
|
47
46
|
from_instruction = instruction
|
|
@@ -56,7 +55,7 @@ class ControlFlowTracer(analysis.Analysis):
|
|
|
56
55
|
instruction_num=i,
|
|
57
56
|
exception=str(e),
|
|
58
57
|
)
|
|
59
|
-
hinter.
|
|
58
|
+
self.hinter.send(exhint)
|
|
60
59
|
break
|
|
61
60
|
|
|
62
61
|
def is_cfi(self, instruction):
|
|
@@ -7,7 +7,6 @@ from ... import emulators, exceptions, hinting, instructions, state
|
|
|
7
7
|
from .. import analysis
|
|
8
8
|
|
|
9
9
|
logger = logging.getLogger(__name__)
|
|
10
|
-
hinter = hinting.get_hinter(__name__)
|
|
11
10
|
|
|
12
11
|
|
|
13
12
|
class PointerFinder(analysis.Analysis):
|
|
@@ -41,7 +40,7 @@ class PointerFinder(analysis.Analysis):
|
|
|
41
40
|
|
|
42
41
|
assert p, "we can't find the pointer"
|
|
43
42
|
hint = hinting.PointerHint(message="Pointer Found", instruction=i, pointer=r)
|
|
44
|
-
hinter.
|
|
43
|
+
self.hinter.send(hint)
|
|
45
44
|
|
|
46
45
|
def run(self, state: state.Machine) -> None:
|
|
47
46
|
machine = copy.deepcopy(state)
|
|
@@ -86,5 +85,5 @@ class PointerFinder(analysis.Analysis):
|
|
|
86
85
|
instruction_num=i,
|
|
87
86
|
exception=str(e),
|
|
88
87
|
)
|
|
89
|
-
hinter.
|
|
88
|
+
self.hinter.send(exhint)
|
|
90
89
|
break
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import logging
|
|
2
|
+
|
|
3
|
+
log = logging.getLogger(__name__)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
class TUIContinueException(Exception):
|
|
7
|
+
"""Exception for signaling that a TUI handler shouldn't exit the loop."""
|
|
8
|
+
|
|
9
|
+
pass
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class SimpleTUI:
|
|
13
|
+
def __init__(self, help_banner="Available commands:"):
|
|
14
|
+
self._cases = dict()
|
|
15
|
+
self._shorts = dict()
|
|
16
|
+
self._hints = dict()
|
|
17
|
+
self._help_banner = help_banner
|
|
18
|
+
self.add_case("help", self.print_help, hint="Print this message")
|
|
19
|
+
|
|
20
|
+
def add_case(self, name, handler, hint=None):
|
|
21
|
+
name = name.lower()
|
|
22
|
+
short = name[0]
|
|
23
|
+
if short in self._shorts:
|
|
24
|
+
raise ValueError(
|
|
25
|
+
"Colliding short name {short}: already bound for {self._shorts[short]}"
|
|
26
|
+
)
|
|
27
|
+
if name in self._cases:
|
|
28
|
+
raise ValueError("Case {name} already registered")
|
|
29
|
+
self._cases[name] = handler
|
|
30
|
+
self._shorts[short] = name
|
|
31
|
+
self._hints[name] = hint
|
|
32
|
+
|
|
33
|
+
def print_help(self, **kwargs):
|
|
34
|
+
log.warn(self._help_banner)
|
|
35
|
+
for name in self._cases:
|
|
36
|
+
log.warn(
|
|
37
|
+
f'- {name} | {name[0]}:\t\t\t{self._hints[name] if self._hints[name] is not None else ""}'
|
|
38
|
+
)
|
|
39
|
+
raise TUIContinueException()
|
|
40
|
+
|
|
41
|
+
def handle(self, _default, _disabled, **kwargs):
|
|
42
|
+
prompt = " | ".join(
|
|
43
|
+
map(
|
|
44
|
+
lambda x: x.upper() if x == _default else x,
|
|
45
|
+
filter(lambda x: x not in _disabled, self._cases.keys()),
|
|
46
|
+
)
|
|
47
|
+
)
|
|
48
|
+
prompt = f"( {prompt} ) > "
|
|
49
|
+
while True:
|
|
50
|
+
opt = input(prompt).lower()
|
|
51
|
+
if opt == "":
|
|
52
|
+
if _default is None:
|
|
53
|
+
log.error("No default case available")
|
|
54
|
+
continue
|
|
55
|
+
opt = _default
|
|
56
|
+
|
|
57
|
+
if opt in self._shorts:
|
|
58
|
+
opt = self._shorts[opt]
|
|
59
|
+
|
|
60
|
+
if opt in _disabled:
|
|
61
|
+
log.error("Option {opt} not available")
|
|
62
|
+
continue
|
|
63
|
+
|
|
64
|
+
if opt not in self._cases:
|
|
65
|
+
log.error("Unknown option {opt}")
|
|
66
|
+
continue
|
|
67
|
+
|
|
68
|
+
try:
|
|
69
|
+
return self._cases[opt](**kwargs)
|
|
70
|
+
except TUIContinueException:
|
|
71
|
+
continue
|
smallworld/emulators/__init__.py
CHANGED
|
@@ -2,6 +2,8 @@ from .angr import * # noqa: F401, F403
|
|
|
2
2
|
from .angr import __all__ as __angr__
|
|
3
3
|
from .emulator import * # noqa: F401, F403
|
|
4
4
|
from .emulator import __all__ as __emulator__
|
|
5
|
+
from .ghidra import * # noqa: F401, F403
|
|
6
|
+
from .ghidra import __all__ as __pcode__
|
|
5
7
|
from .unicorn import * # noqa: F401, F403
|
|
6
8
|
from .unicorn import __all__ as __unicorn__
|
|
7
9
|
|
|
@@ -11,4 +13,4 @@ try:
|
|
|
11
13
|
except ImportError:
|
|
12
14
|
__panda__ = []
|
|
13
15
|
|
|
14
|
-
__all__ = __emulator__ + __unicorn__ + __angr__ + __panda__
|
|
16
|
+
__all__ = __emulator__ + __unicorn__ + __angr__ + __panda__ + __pcode__
|
|
@@ -74,6 +74,12 @@ class AngrEmulator(
|
|
|
74
74
|
# Plugin preset; tells us which plugin preset to use.
|
|
75
75
|
self._plugin_preset = "default"
|
|
76
76
|
|
|
77
|
+
# The platform definition;
|
|
78
|
+
# Holds global info about the platform
|
|
79
|
+
self.platdef: platforms.PlatformDef = platforms.PlatformDef.for_platform(
|
|
80
|
+
platform
|
|
81
|
+
)
|
|
82
|
+
|
|
77
83
|
# The machine definition;
|
|
78
84
|
# helps translate between angr and smallworld
|
|
79
85
|
self.machdef: AngrMachineDef = AngrMachineDef.for_platform(platform)
|
|
@@ -301,7 +307,7 @@ class AngrEmulator(
|
|
|
301
307
|
)
|
|
302
308
|
|
|
303
309
|
if name == "pc":
|
|
304
|
-
name = self.
|
|
310
|
+
name = self.platdef.pc_register
|
|
305
311
|
|
|
306
312
|
(off, size) = self.machdef.angr_reg(name)
|
|
307
313
|
return self.state.registers.load(off, size)
|
|
@@ -328,7 +334,7 @@ class AngrEmulator(
|
|
|
328
334
|
)
|
|
329
335
|
|
|
330
336
|
if name == "pc":
|
|
331
|
-
name = self.
|
|
337
|
+
name = self.platdef.pc_register
|
|
332
338
|
|
|
333
339
|
try:
|
|
334
340
|
# This considers all BVSs to be labeled values;
|
|
@@ -357,7 +363,7 @@ class AngrEmulator(
|
|
|
357
363
|
) -> None:
|
|
358
364
|
if not self._initialized and content is not None:
|
|
359
365
|
if name == "pc":
|
|
360
|
-
name = self.
|
|
366
|
+
name = self.platdef.pc_register
|
|
361
367
|
# Test that the angr register exists
|
|
362
368
|
_, _ = self.machdef.angr_reg(name)
|
|
363
369
|
self._register_contents[name] = content
|
|
@@ -371,7 +377,7 @@ class AngrEmulator(
|
|
|
371
377
|
# write_register_label().
|
|
372
378
|
|
|
373
379
|
if name == "pc":
|
|
374
|
-
name = self.
|
|
380
|
+
name = self.platdef.pc_register
|
|
375
381
|
(off, size) = self.machdef.angr_reg(name)
|
|
376
382
|
|
|
377
383
|
if content is None:
|
|
@@ -404,7 +410,7 @@ class AngrEmulator(
|
|
|
404
410
|
return
|
|
405
411
|
elif not self._initialized:
|
|
406
412
|
if name == "pc":
|
|
407
|
-
name = self.
|
|
413
|
+
name = self.platdef.pc_register
|
|
408
414
|
# Test that the angr register exists
|
|
409
415
|
_, _ = self.machdef.angr_reg(name)
|
|
410
416
|
self._register_labels[name] = label
|
|
@@ -414,7 +420,7 @@ class AngrEmulator(
|
|
|
414
420
|
)
|
|
415
421
|
else:
|
|
416
422
|
if name == "pc":
|
|
417
|
-
name = self.
|
|
423
|
+
name = self.platdef.pc_register
|
|
418
424
|
(off, size) = self.machdef.angr_reg(name)
|
|
419
425
|
|
|
420
426
|
# This will bind whatever value is currently in the register
|
|
@@ -840,7 +846,14 @@ class AngrEmulator(
|
|
|
840
846
|
return False
|
|
841
847
|
read_end = read_start + read_size
|
|
842
848
|
|
|
843
|
-
|
|
849
|
+
rng = range(start, end)
|
|
850
|
+
access_rng = range(read_start, read_end)
|
|
851
|
+
return (
|
|
852
|
+
read_start in rng
|
|
853
|
+
or read_end - 1 in rng
|
|
854
|
+
or start in access_rng
|
|
855
|
+
or end - 1 in access_rng
|
|
856
|
+
)
|
|
844
857
|
|
|
845
858
|
def read_callback(state):
|
|
846
859
|
# The breakpoint action.
|
|
@@ -961,7 +974,7 @@ class AngrEmulator(
|
|
|
961
974
|
|
|
962
975
|
res = function(ConcreteAngrEmulator(state, self), addr, size, expr)
|
|
963
976
|
|
|
964
|
-
if self.platform.byteorder == platforms.
|
|
977
|
+
if self.platform.byteorder == platforms.Byteorder.LITTLE:
|
|
965
978
|
# fix byte order if needed.
|
|
966
979
|
# i don't know _why_ this is needed,
|
|
967
980
|
# but encoding the result as little-endian on a little-endian
|
|
@@ -1085,7 +1098,14 @@ class AngrEmulator(
|
|
|
1085
1098
|
state.inspect.mem_write_length = write_size
|
|
1086
1099
|
write_end = write_start + write_size
|
|
1087
1100
|
|
|
1088
|
-
|
|
1101
|
+
rng = range(start, end)
|
|
1102
|
+
access_rng = range(write_start, write_end)
|
|
1103
|
+
return (
|
|
1104
|
+
write_start in rng
|
|
1105
|
+
or write_end - 1 in rng
|
|
1106
|
+
or start in access_rng
|
|
1107
|
+
or end - 1 in access_rng
|
|
1108
|
+
)
|
|
1089
1109
|
|
|
1090
1110
|
def write_callback(state):
|
|
1091
1111
|
addr = state.inspect.mem_write_address
|
|
@@ -1625,6 +1645,7 @@ class ConcreteAngrEmulator(AngrEmulator):
|
|
|
1625
1645
|
self.platform: platforms.Platform = parent.platform
|
|
1626
1646
|
self.proj: angr.Project = parent.proj
|
|
1627
1647
|
self.state: angr.SimState = state
|
|
1648
|
+
self.platdef: platforms.PlatformDef = parent.platdef
|
|
1628
1649
|
self.machdef: AngrMachineDef = parent.machdef
|
|
1629
1650
|
self.pagesize: int = parent.PAGE_SIZE
|
|
1630
1651
|
|
|
@@ -7,6 +7,7 @@ from .arm import (
|
|
|
7
7
|
ARMv7MMachineDef,
|
|
8
8
|
)
|
|
9
9
|
from .i386 import i386MachineDef
|
|
10
|
+
from .loongarch import LoongArch64MachineDef
|
|
10
11
|
from .machdef import AngrMachineDef
|
|
11
12
|
from .mips import MIPSBEMachineDef, MIPSELMachineDef
|
|
12
13
|
from .mips64 import MIPS64BEMachineDef, MIPS64ELMachineDef
|
|
@@ -23,6 +24,7 @@ __all__ = [
|
|
|
23
24
|
"ARMv6MThumbMachineDef",
|
|
24
25
|
"ARMv7MMachineDef",
|
|
25
26
|
"i386MachineDef",
|
|
27
|
+
"LoongArch64MachineDef",
|
|
26
28
|
"MIPSBEMachineDef",
|
|
27
29
|
"MIPSELMachineDef",
|
|
28
30
|
"MIPS64BEMachineDef",
|
|
@@ -9,7 +9,6 @@ class AArch64MachineDef(AngrMachineDef):
|
|
|
9
9
|
byteorder = Byteorder.LITTLE
|
|
10
10
|
|
|
11
11
|
angr_arch = archinfo.arch_aarch64.ArchAArch64()
|
|
12
|
-
pc_reg = "pc"
|
|
13
12
|
|
|
14
13
|
_registers = {
|
|
15
14
|
# *** General Purpose Registers ***
|
|
@@ -77,6 +76,7 @@ class AArch64MachineDef(AngrMachineDef):
|
|
|
77
76
|
"w30": "w30",
|
|
78
77
|
"pc": "pc",
|
|
79
78
|
"sp": "sp",
|
|
79
|
+
"wsp": "wsp",
|
|
80
80
|
"fp": "fp",
|
|
81
81
|
"lr": "lr",
|
|
82
82
|
"xzr": "xzr",
|
|
@@ -12,8 +12,6 @@ class AMD64MachineDef(AngrMachineDef):
|
|
|
12
12
|
|
|
13
13
|
angr_arch = archinfo.arch_amd64.ArchAMD64()
|
|
14
14
|
|
|
15
|
-
pc_reg = "rip"
|
|
16
|
-
|
|
17
15
|
_registers = {
|
|
18
16
|
# *** General Purpose Registers ***
|
|
19
17
|
"rax": "rax",
|
|
@@ -187,6 +185,4 @@ class AMD64MachineDef(AngrMachineDef):
|
|
|
187
185
|
"xmm14": "xmm14",
|
|
188
186
|
"ymm15": "ymm15",
|
|
189
187
|
"xmm15": "xmm15",
|
|
190
|
-
"ymm16": "ymm16",
|
|
191
|
-
"xmm16": "xmm16",
|
|
192
188
|
}
|