本文整理汇总了Python中miasm2.analysis.machine.Machine.ir方法的典型用法代码示例。如果您正苦于以下问题:Python Machine.ir方法的具体用法?Python Machine.ir怎么用?Python Machine.ir使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类miasm2.analysis.machine.Machine
的用法示例。
在下文中一共展示了Machine.ir方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: ValueError
# 需要导入模块: from miasm2.analysis.machine import Machine [as 别名]
# 或者: from miasm2.analysis.machine.Machine import ir [as 别名]
raise ValueError("Unsupported destination")
if __name__ == '__main__':
translator_smt2 = Translator.to_language("smt2")
data = open(args[0]).read()
bs = bin_stream_str(data)
mdis = dis_engine(bs)
addr = int(options.address, 16)
symbols_init = dict(machine.mn.regs.regs_init)
ir_arch = machine.ir(mdis.symbol_pool)
symbexec = SymbolicExecutionEngine(ir_arch, symbols_init)
asmcfg, symbol_pool = parse_asm.parse_txt(machine.mn, 32, '''
init:
PUSH argv
PUSH argc
PUSH ret_addr
''',
symbol_pool=mdis.symbol_pool)
argc_lbl = symbol_pool.getby_name('argc')
argv_lbl = symbol_pool.getby_name('argv')
ret_addr_lbl = symbol_pool.getby_name('ret_addr')
示例2: ValueError
# 需要导入模块: from miasm2.analysis.machine import Machine [as 别名]
# 或者: from miasm2.analysis.machine.Machine import ir [as 别名]
else:
raise ValueError("Unsupported destination")
if __name__ == '__main__':
translator_smt2 = Translator.to_language("smt2")
data = open(args[0]).read()
bs = bin_stream_str(data)
mdis = dis_engine(bs)
addr = int(options.address, 16)
ir_arch = machine.ir(mdis.loc_db)
ircfg = ir_arch.new_ircfg()
symbexec = SymbolicExecutionEngine(ir_arch)
asmcfg, loc_db = parse_asm.parse_txt(machine.mn, 32, '''
init:
PUSH argv
PUSH argc
PUSH ret_addr
''',
loc_db=mdis.loc_db)
argc_lbl = loc_db.get_name_location('argc')
argv_lbl = loc_db.get_name_location('argv')
ret_addr_lbl = loc_db.get_name_location('ret_addr')
示例3: ExtractRef
# 需要导入模块: from miasm2.analysis.machine import Machine [as 别名]
# 或者: from miasm2.analysis.machine.Machine import ir [as 别名]
class ExtractRef(object):
'''
Class used to concolic run a snapshot and extract references to input
'''
def __init__(self, testcreator, replayed_snapshot):
'''
@testcreator: TestCreator instance with associated information
@replayed_snapshot: snapshot to be used
'''
self.isFuncFound = False
self.filename = testcreator.program
self.learned_addr = testcreator.address
self.snapshot = replayed_snapshot
self.replayexception = []
self.abicls = testcreator.abicls
self.machine = Machine(testcreator.machine)
self.ira = self.machine.ira()
self.ptr_size = self.ira.sizeof_pointer()/8
self.types = testcreator.types
self.prototype = testcreator.prototype
self.logger = testcreator.logger
def use_snapshot(self, jitter):
'''Initilize the VM with the snapshot informations'''
for reg, value in self.snapshot.input_reg.iteritems():
setattr(jitter.cpu, reg, value)
# Set values for input memory
for addr, mem in self.snapshot.in_memory.iteritems():
assert mem.access != 0
if not jitter.vm.is_mapped(addr, mem.size):
jitter.vm.add_memory_page(addr, mem.access, mem.data)
else:
if jitter.vm.get_mem_access(addr) & 0b11 == mem.access & 0b11:
jitter.vm.set_mem(addr, mem.data)
else:
# TODO memory page is already set but have not the
# same access right. However delete page does not
# exist
jitter.vm.set_mem(addr, mem.data)
def compare_snapshot(self, jitter):
'''Compare the expected result with the real one to determine if the function is recognize or not'''
func_found = True
for reg, value in self.snapshot.output_reg.iteritems():
if value != getattr(jitter.cpu, reg):
self.replayexception += ["output register %s wrong : %i expected, %i found" % (reg, value, getattr(jitter.cpu, reg))]
func_found = False
for addr, mem in self.snapshot.out_memory.iteritems():
self.logger.debug("Check @%s, %s bytes: %r", hex(addr), hex(mem.size), mem.data[:0x10])
if mem.data != jitter.vm.get_mem(addr, mem.size):
self.replayexception += ["output memory wrong at 0x%x: %s expected, %s found" % (addr + offset, repr(mem.data), repr(jitter.vm.get_mem(addr + offset, mem.size)))]
func_found = False
return func_found
def end_func(self, jitter):
if jitter.vm.is_mapped(getattr(jitter.cpu, self.ira.ret_reg.name), 1):
self.replayexception += ["return value might be a pointer"]
self.isFuncFound = self.compare_snapshot(jitter)
jitter.run = False
return False
def is_pointer(self, expr):
"""Return True if expr may be a pointer"""
target_types = expr_to_types(self.c_handler, expr)
return any(objc_is_dereferenceable(target_type)
for target_type in target_types)
def is_symbolic(self, expr):
return expr.is_mem() and not expr.arg.is_int()
def get_arg_n(self, arg_number):
"""Return the Expression corresponding to the argument number
@arg_number"""
# TODO use abicls
abi_order = ["RDI", "RSI", "RDX", "RCX", "R8", "R9"]
size = 64
sp = m2_expr.ExprId("RSP", 64)
if arg_number < len(abi_order):
return m2_expr.ExprId(abi_order[arg_number], size)
else:
destack = (arg_number - len(abi_order) + 1)
return m2_expr.ExprMem(sp + m2_expr.ExprInt(destack * size / 8,
size),
size)
def callback(self, jitter):
# Check previous state
# When it is possible, consider only elements modified in the last run
# -> speed up to avoid browsing the whole memory
to_consider = self.symb.modified_exprs
#.........这里部分代码省略.........