Exemple #1
0
bool IA_IAPI::isFrameSetupInsn(Instruction::Ptr i) const
{
    if(i->getOperation().getID() == e_mov)
    {
        if(i->readsMemory() || i->writesMemory())
        {
            parsing_printf("%s[%d]: discarding insn %s as stack frame preamble, not a reg-reg move\n",
                           FILE__, __LINE__, i->format().c_str());
            //return false;
        }
        if(i->isRead(stackPtr[_isrc->getArch()]) &&
           i->isWritten(framePtr[_isrc->getArch()]))
        {
            if((unsigned) i->getOperand(0).getValue()->size() == _isrc->getAddressWidth())
            {
                return true;
            }
            else
            {
                parsing_printf("%s[%d]: discarding insn %s as stack frame preamble, size mismatch for %d-byte addr width\n",
                               FILE__, __LINE__, i->format().c_str(), _isrc->getAddressWidth());
            }
        }
    }
    return false;
}
Exemple #2
0
bool
PatchBlock::containsDynamicCall() {
  const ParseAPI::Block::edgelist & out_edges = block_->targets();
  ParseAPI::Block::edgelist::const_iterator eit = out_edges.begin();
   for( ; eit != out_edges.end(); ++eit) {
     if ( ParseAPI::CALL == (*eit)->type() ) { 
         // see if it's a static call to a bad address
         if ((*eit)->sinkEdge()) {
             using namespace InstructionAPI;
             Instruction::Ptr insn = getInsn(last());
             if (insn->readsMemory()) { // memory indirect
                 return true;
             } else { // check for register indirect
                 set<InstructionAST::Ptr> regs;
                 Expression::Ptr tExpr = insn->getControlFlowTarget();
                 if (tExpr)
                     tExpr->getUses(regs);
                 for (set<InstructionAST::Ptr>::iterator rit = regs.begin(); 
                      rit != regs.end(); rit++)
                 {
                     if (RegisterAST::makePC(obj()->co()->cs()->getArch()).getID() != 
                         boost::dynamic_pointer_cast<RegisterAST>(*rit)->getID()) 
                     {
                         return true;
                     }
                 }
             }
         }
      }
   }
   return false;
}
Exemple #3
0
bool IA_x86Details::isTableInsn(Instruction::Ptr i) 
{
  Expression::Ptr jumpExpr = currentBlock->curInsn()->getControlFlowTarget();
  parsing_printf("jumpExpr for table insn is %s\n", jumpExpr->format().c_str());
  if(i->getOperation().getID() == e_mov && i->readsMemory() && i->isWritten(jumpExpr))
  {
    return true;
  }
  if(i->getOperation().getID() == e_lea && i->isWritten(jumpExpr))
  {
    return true;
  }
  return false;
}
Exemple #4
0
void TextRewriter::organizeNewText() {
   /**
    *
    */

   unsigned int textSize = 0;

   textSize = textRegion->getRegionSize();

   oldText = (unsigned char*) textRegion->getPtrToRawData();
   newText = (unsigned char*) calloc (1, sizeof(unsigned char) * textSize);
   memcpy(newText, oldText, textSize);

   //InstructionDecoder decoder(oldText, textSize, Arch_x86_64);
   InstructionDecoder decoder(oldText, textSize, Arch_x86);
   Instruction::Ptr i = decoder.decode();

   long unsigned int currentTextOffset = 0;
   while (i != NULL) {

      //vector<Operand> operands;
      //i->getOperands(operands);
      //if (operands.size() > 0) {
      //  Expression::Ptr exp = operands[0].getValue();
      //  Result res = exp->eval();
      //  Immediate::makeImmediate(Result(u64, 2^32));
      //  fprintf(stderr, "results: %s\n", res.format().c_str());
      //}

      unsigned char* dotTextRaw = (unsigned char*) i->ptr();

      //fprintf(stderr, "%i bytes > %s -- ", i->size(), i->format().c_str());
      //for (int x = 0; x < i->size(); x++) {
      //   fprintf(stderr, " %x ", dotTextRaw[x]);
      //}
      //fprintf(stderr, "\n");

      if (i->readsMemory()) {

         if (/*dotTextRaw[0] == 0xa1 && */i->size() == 5 || i->size() == 6) {
            unsigned int* dataOperand = i->size() == 5 ? (unsigned int*)(dotTextRaw + 1)
               : (unsigned int*)(dotTextRaw + 2);

            // Interpret as int to reverse bytes in memory automatically
            fprintf(stderr, "Data operand: %p\n", (void*) ((unsigned int)*dataOperand));


            unsigned int data = *dataOperand;

            unsigned char* tmp = (unsigned char*) dataOperand;

            if (dataRegion->isOffsetInRegion((*relocs)[data])
                  || bssRegion->isOffsetInRegion((*relocs)[data])) {
               // Hacky, depends on teh 32-bit instructions
               int tmp = i->size() == 5 ? 1 : 2;
               *((unsigned int*)(newText + currentTextOffset + tmp)) = (*relocs)[data];
            }
         }
      }

      //if (dotTextRaw[0] == 0xa1 && i->size() == 9) {
      //   fprintf(stdout, "%i bytes > %s\n", i->size(), i->format().c_str());
      //   unsigned int* dataOperand = (unsigned int*)(dotTextRaw + 1);
      //   if (dataOperand[0] > 134518284) {
      //      ((unsigned int*)(((unsigned char*) dotTextRawMuta) + currentTextOffset + 1))[0] = 134518520;
      //   }
      //}

      currentTextOffset += i->size();
      i = decoder.decode();
   }

   // Assign the data region to point at the new buffer
   if (!textRegion->setPtrToRawData((void*) newText, textRegion->getRegionSize())) {
      fprintf(stderr, "Failed to set pointer to raw text!\n");
      exit(EXIT_FAILURE);
   }
}