// Detect functions that are semantically similar by running multiple iterations of partition_functions(). void analyze() { RTS_Message *m = thread->tracing(TRACE_MISC); Functions functions = find_functions(m, thread->get_process()); PointerDetectors pointers = detect_pointers(m, thread, functions); PartitionForest partition; while (partition.nlevels()<MAX_ITERATIONS) { InputValues inputs = choose_inputs(3, 3); size_t level = partition.new_level(inputs); m->mesg("####################################################################################################"); m->mesg("%s: fuzz testing %zu function%s at level %zu", name, functions.size(), 1==functions.size()?"":"s", level); m->mesg("%s: using these input values:\n%s", name, inputs.toString().c_str()); if (0==level) { partition_functions(m, partition, functions, pointers, inputs, NULL); } else { const PartitionForest::Vertices &parent_vertices = partition.vertices_at_level(level-1); for (PartitionForest::Vertices::const_iterator pvi=parent_vertices.begin(); pvi!=parent_vertices.end(); ++pvi) { PartitionForest::Vertex *parent_vertex = *pvi; if (parent_vertex->functions.size()>MAX_SIMSET_SIZE) partition_functions(m, partition, parent_vertex->functions, pointers, inputs, parent_vertex); } } // If the new level doesn't contain any vertices then we must not have needed to repartition anything and we're all // done. if (partition.vertices_at_level(level).empty()) break; } m->mesg("=========================================================================================="); m->mesg("%s: The entire partition forest follows...", name); m->mesg("%s", StringUtility::prefixLines(partition.toString(), std::string(name)+": ").c_str()); m->mesg("=========================================================================================="); m->mesg("%s: Final function similarity sets are:", name); PartitionForest::Vertices leaves = partition.get_leaves(); size_t setno=0; for (PartitionForest::Vertices::iterator vi=leaves.begin(); vi!=leaves.end(); ++vi, ++setno) { PartitionForest::Vertex *leaf = *vi; const Functions &functions = leaf->get_functions(); m->mesg("%s: set #%zu at level %zu has %zu function%s:", name, setno, leaf->get_level(), functions.size(), 1==functions.size()?"":"s"); for (Functions::const_iterator fi=functions.begin(); fi!=functions.end(); ++fi) m->mesg("%s: 0x%08"PRIx64" <%s>", name, (*fi)->get_entry_va(), (*fi)->get_name().c_str()); } m->mesg("%s: dumping final similarity sets to clones.sql", name); partition.dump("clones.sql", "NO_USER", "NO_PASSWD"); }
pair<FunctionId,FunctionPtr> FunctionSet::getRandomFunction(int argumentsNumber) const { Functions argFunctions; Functions::const_iterator it = functions_.begin(); //Rewrite funciton with the same number of arguments as argumentsNumber for(auto it = functions_.begin(); it != functions_.end();) { if(it->second.first == argumentsNumber) argFunctions.insert(make_pair(it->first,it->second)); ++it; } if (argFunctions.size() < 1) { string exception = "Nie ma zadnej funkcji o takiej liczbie argumentow"; throw exception; } it = argFunctions.begin(); std::advance(it, rand() % argFunctions.size() ); return this->conversion(it); }