本文整理汇总了Python中miasm2.expression.simplifications.expr_simp函数的典型用法代码示例。如果您正苦于以下问题:Python expr_simp函数的具体用法?Python expr_simp怎么用?Python expr_simp使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了expr_simp函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: inject_info
def inject_info(self, info):
new_symbols = symbols()
for expr, value in self.items():
expr = expr_simp(expr.replace_expr(info))
value = expr_simp(value.replace_expr(info))
new_symbols[expr] = value
return new_symbols示例2: codepath_walk
def codepath_walk(addr, symbols, conds, depth):
if depth >= cond_limit:
return None
for _ in range(uncond_limit):
sb = symbexec(ir, symbols)
pc = sb.emul_ir_blocs(ir, addr)
if is_goal(sb.symbols) == True:
return conds
if isinstance(pc, ExprCond):
cond_true = {pc.cond: ExprInt_from(pc.cond, 1)}
cond_false = {pc.cond: ExprInt_from(pc.cond, 0)}
addr_true = expr_simp(
sb.eval_expr(pc.replace_expr(cond_true), {}))
addr_false = expr_simp(
sb.eval_expr(pc.replace_expr(cond_false), {}))
conds_true = list(conds) + cond_true.items()
conds_false = list(conds) + cond_false.items()
rslt = codepath_walk(
addr_true, sb.symbols.copy(), conds_true, depth + 1)
if rslt != None:
return rslt
rslt = codepath_walk(
addr_false, sb.symbols.copy(), conds_false, depth + 1)
if rslt != None:
return rslt
break
else:
break
return None示例3: inject_info
def inject_info(self, info):
s = symbols()
for k, v in self.items():
k = expr_simp(k.replace_expr(info))
v = expr_simp(v.replace_expr(info))
s[k] = v
return s示例4: del_mem_above_stack
def del_mem_above_stack(self, sp):
sp_val = self.symbols[sp]
for mem_ad, (mem, _) in self.symbols.symbols_mem.items():
# print mem_ad, sp_val
diff = self.eval_expr(mem_ad - sp_val, {})
diff = expr_simp(diff)
if not isinstance(diff, ExprInt):
continue
m = expr_simp(diff.msb())
if m.arg == 1:
del(self.symbols[mem])示例5: check_expr_below_stack
def check_expr_below_stack(ir_arch_a, expr):
"""
Return False if expr pointer is below original stack pointer
@ir_arch_a: ira instance
@expr: Expression instance
"""
ptr = expr.ptr
diff = expr_simp(ptr - ir_arch_a.sp)
if not diff.is_int():
return True
if int(diff) == 0 or int(expr_simp(diff.msb())) == 0:
return False
return True示例6: retrieve_stack_accesses
def retrieve_stack_accesses(ir_arch_a, ssa):
"""
Walk the ssa graph and find stack based variables.
Return a dictionnary linking stack base address to its size/name
@ir_arch_a: ira instance
@ssa: SSADiGraph instance
"""
stack_vars = set()
for block in ssa.graph.blocks.itervalues():
for assignblk in block:
for dst, src in assignblk.iteritems():
stack_vars.update(get_stack_accesses(ir_arch_a, dst))
stack_vars.update(get_stack_accesses(ir_arch_a, src))
stack_vars = filter(lambda expr: check_expr_below_stack(ir_arch_a, expr), stack_vars)
base_to_var = {}
for var in stack_vars:
base_to_var.setdefault(var.ptr, set()).add(var)
base_to_interval = {}
for addr, vars in base_to_var.iteritems():
var_interval = interval()
for var in vars:
offset = expr_simp(addr - ir_arch_a.sp)
if not offset.is_int():
# skip non linear stack offset
continue
start = int(offset)
stop = int(expr_simp(offset + ExprInt(var.size / 8, offset.size)))
mem = interval([(start, stop-1)])
var_interval += mem
base_to_interval[addr] = var_interval
if not base_to_interval:
return {}
# Check if not intervals overlap
_, tmp = base_to_interval.popitem()
while base_to_interval:
addr, mem = base_to_interval.popitem()
assert (tmp & mem).empty
tmp += mem
base_to_info = {}
for addr, vars in base_to_var.iteritems():
name = "var_%d" % (len(base_to_info))
size = max([var.size for var in vars])
base_to_info[addr] = size, name
return base_to_info示例7: resolve_args_with_symbols
def resolve_args_with_symbols(self, symbols=None):
if symbols is None:
symbols = {}
args_out = []
for a in self.args:
e = a
# try to resolve symbols using symbols (0 for default value)
ids = m2_expr.get_expr_ids(e)
fixed_ids = {}
for x in ids:
if isinstance(x.name, asmbloc.asm_label):
name = x.name.name
# special symbol $
if name == "$":
fixed_ids[x] = self.get_asm_offset(x)
continue
if not name in symbols:
raise ValueError("unresolved symbol! %r" % x)
else:
name = x.name
if not name in symbols:
continue
if symbols[name].offset is None:
raise ValueError('The offset of label "%s" cannot be ' "determined" % name)
else:
size = x.size
if size is None:
default_size = self.get_symbol_size(x, symbols)
size = default_size
value = m2_expr.ExprInt(symbols[name].offset, size)
fixed_ids[x] = value
e = e.replace_expr(fixed_ids)
e = expr_simp(e)
args_out.append(e)
return args_out示例8: emul_symb
def emul_symb(ir_arch, ircfg, mdis, states_todo, states_done):
while states_todo:
addr, symbols, conds = states_todo.pop()
print '*' * 40, "addr", addr, '*' * 40
if (addr, symbols, conds) in states_done:
print 'Known state, skipping', addr
continue
states_done.add((addr, symbols, conds))
symbexec = SymbolicExecutionEngine(ir_arch)
symbexec.symbols = symbols.copy()
if ir_arch.pc in symbexec.symbols:
del symbexec.symbols[ir_arch.pc]
irblock = get_block(ir_arch, ircfg, mdis, addr)
print 'Run block:'
print irblock
addr = symbexec.eval_updt_irblock(irblock)
print 'Final state:'
symbexec.dump(mems=False)
assert addr is not None
if isinstance(addr, ExprCond):
# Create 2 states, each including complementary conditions
cond_group_a = {addr.cond: ExprInt(0, addr.cond.size)}
cond_group_b = {addr.cond: ExprInt(1, addr.cond.size)}
addr_a = expr_simp(symbexec.eval_expr(addr.replace_expr(cond_group_a), {}))
addr_b = expr_simp(symbexec.eval_expr(addr.replace_expr(cond_group_b), {}))
if not (addr_a.is_int() or addr_a.is_loc() and
addr_b.is_int() or addr_b.is_loc()):
print str(addr_a), str(addr_b)
raise ValueError("Unsupported condition")
if isinstance(addr_a, ExprInt):
addr_a = int(addr_a.arg)
if isinstance(addr_b, ExprInt):
addr_b = int(addr_b.arg)
states_todo.add((addr_a, symbexec.symbols.copy(), tuple(list(conds) + cond_group_a.items())))
states_todo.add((addr_b, symbexec.symbols.copy(), tuple(list(conds) + cond_group_b.items())))
elif addr == ret_addr:
print 'Return address reached'
continue
elif addr.is_int():
addr = int(addr.arg)
states_todo.add((addr, symbexec.symbols.copy(), tuple(conds)))
elif addr.is_loc():
states_todo.add((addr, symbexec.symbols.copy(), tuple(conds)))
else:
raise ValueError("Unsupported destination")示例9: is_stack_access
def is_stack_access(ir_arch_a, expr):
if not expr.is_mem():
return False
ptr = expr.ptr
diff = expr_simp(ptr - ir_arch_a.sp)
if not diff.is_int():
return False
return expr示例10: _follow_simp_expr
def _follow_simp_expr(exprs):
"""Simplify expression so avoid tracking useless elements,
as: XOR EAX, EAX
"""
follow = set()
for expr in exprs:
follow.add(expr_simp(expr))
return follow, set()示例11: fix_expr_val
def fix_expr_val(e, symbols):
def expr_calc(e):
if isinstance(e, m2_expr.ExprId):
s = symbols.s[e.name]
e = m2_expr.ExprInt_from(e, s.offset)
return e
e = e.visit(expr_calc)
e = expr_simp(e)
return e示例12: arm_guess_jump_table
def arm_guess_jump_table(
mnemo, attrib, pool_bin, cur_bloc, offsets_to_dis, symbol_pool):
ira = get_ira(mnemo, attrib)
jra = ExprId('jra')
jrb = ExprId('jrb')
sp = AsmSymbolPool()
ir_arch = ira(sp)
ir_arch.add_bloc(cur_bloc)
ir_blocks = ir_arch.blocks.values()
for irblock in ir_blocks:
# print 'X'*40
# print irblock
pc_val = None
# lr_val = None
for exprs in irblock.irs:
for e in exprs:
if e.dst == ir_arch.pc:
pc_val = e.src
# if e.dst == mnemo.regs.LR:
# lr_val = e.src
if pc_val is None:
continue
if not isinstance(pc_val, ExprMem):
continue
assert(pc_val.size == 32)
print pc_val
ad = pc_val.arg
ad = expr_simp(ad)
print ad
res = match_expr(ad, jra + jrb, set([jra, jrb]))
if res is False:
raise NotImplementedError('not fully functional')
print res
if not isinstance(res[jrb], ExprInt):
raise NotImplementedError('not fully functional')
base_ad = int(res[jrb])
print base_ad
addrs = set()
i = -1
max_table_entry = 10000
max_diff_addr = 0x100000 # heuristic
while i < max_table_entry:
i += 1
try:
ad = upck32(pool_bin.getbytes(base_ad + 4 * i, 4))
except:
break
if abs(ad - base_ad) > max_diff_addr:
break
addrs.add(ad)
print [hex(x) for x in addrs]示例13: fix_expr_val
def fix_expr_val(expr, symbols):
"""Resolve an expression @expr using @symbols"""
def expr_calc(e):
if isinstance(e, m2_expr.ExprId):
s = symbols._name2label[e.name]
e = m2_expr.ExprInt_from(e, s.offset)
return e
result = expr.visit(expr_calc)
result = expr_simp(result)
if not isinstance(result, m2_expr.ExprInt):
raise RuntimeError('Cannot resolve symbol %s' % expr)
return result示例14: field_addr
def field_addr(self, base, Clike, is_ptr=False):
key = (base, Clike, is_ptr)
ret = self.cache_field_addr.get(key, None)
if ret is None:
base_expr = self.trad(base)
if is_ptr:
access_expr = self.trad(Clike)
else:
access_expr = self.trad("&(%s)" % Clike)
offset = int(expr_simp(access_expr - base_expr))
ret = offset
self.cache_field_addr[key] = ret
return ret示例15: propag_expr_cst
def propag_expr_cst(self, expr):
"""Propagate constant expressions in @expr
@expr: Expression to update"""
elements = expr.get_r(mem_read=True)
to_propag = {}
for element in elements:
# Only ExprId can be safely propagated
if not element.is_id():
continue
value = self.eval_expr(element)
if self.is_expr_cst(self.ir_arch, value):
to_propag[element] = value
return expr_simp(expr.replace_expr(to_propag))