Esempio n. 1
File: simulate.C Progetto: 8l/rose
// Describe and parse the command-line
static std::vector<std::string>
parseCommandLine(int argc, char *argv[], Partitioner2::Engine &engine)
    using namespace Sawyer::CommandLine;

    std::string purpose = "simulate execution using concrete semantics";
    std::string description =
        "Parses and loads the specimen and then executes its instructions in a concrete domain.";

    // The parser is the same as that created by Engine::commandLineParser except we don't need any partitioning switches since
    // this tool doesn't partition.
    Parser parser;
        .version(std::string(ROSE_SCM_VERSION_ID).substr(0, 8), ROSE_CONFIGURE_DATE)
        .chapter(1, "ROSE Command-line Tools")
             "@prop{programName} [@v{switches}] @v{specimen_names}")
        .doc("Description", description)
        .doc("Specimens", engine.specimenNameDocumentation())
    SwitchGroup tool("Tool switches");
                .argument("address", nonNegativeIntegerParser(settings.startVa))
                .doc("Address at which to start executing. If no address is specified then execution starts at the "
                     "lowest address having execute permission."));

    return parser.with(tool).parse(argc, argv).apply().unreachedArgs();
Esempio n. 2
File: simulate.C Progetto: 8l/rose
int main(int argc, char *argv[]) {
    ::mlog = Diagnostics::Facility("tool", Diagnostics::destination);

    // Parse the command-line
    Partitioner2::Engine engine;
    std::vector<std::string> specimenNames = parseCommandLine(argc, argv, engine);
    if (specimenNames.empty())
        throw std::runtime_error("no specimen specified; see --help");

    // Load specimen into memory
    MemoryMap map = engine.loadSpecimens(specimenNames);

    // Configure instruction semantics
    Partitioner2::Partitioner partitioner = engine.createPartitioner();
    Disassembler *disassembler = engine.obtainDisassembler();
    const RegisterDictionary *regdict = disassembler->get_registers();
    if (disassembler->dispatcher() == NULL)
        throw std::runtime_error("no instruction semantics for this architecture");    
    BaseSemantics::RiscOperatorsPtr ops = InstructionSemantics2::ConcreteSemantics::RiscOperators::instance(regdict);
    BaseSemantics::DispatcherPtr cpu = disassembler->dispatcher()->create(ops);

    // Find starting address
    rose_addr_t va = 0;
    if (settings.startVa) {
        va = *settings.startVa;
    } else if (engine.isaName() == "coldfire") {
        // Use the interrupt vector to initialize the stack pointer and instruction pointer.
        uint32_t sp, ip;
        if (4 !=*)&sp).size())
            throw std::runtime_error("cannot read stack pointer at address 0x00000000");
        ops->writeRegister(disassembler->stackPointerRegister(), ops->number_(32, ByteOrder::be_to_host(sp)));
        if (4 !=*)&ip).size())
            throw std::runtime_error("cannot read instruction pointer at address 0x00000004");
        va = ByteOrder::be_to_host(ip);
    } else if (!map.atOrAfter(0).require(MemoryMap::EXECUTABLE).next().assignTo(va)) {
        throw std::runtime_error("no starting address specified and none marked executable");
    ops->writeRegister(disassembler->instructionPointerRegister(), ops->number_(32, va));

    // Execute
    while (1) {
        va = ops->readRegister(disassembler->instructionPointerRegister())->get_number();
        SgAsmInstruction *insn = partitioner.instructionProvider()[va];
        SAWYER_MESG(::mlog[TRACE]) <<unparseInstructionWithAddress(insn, NULL, regdict) <<"\n";
        try {
        } catch (const BaseSemantics::Exception &e) {
            ::mlog[WARN] <<e <<"\n";

    // std::cout <<"Final state:\n";
    // std::cout <<*ops->currentState();
Esempio n. 3
main(int argc, char *argv[]) {
    //! [setup]
    Partitioner2::Engine engine;
    std::vector<std::string> specimen = engine.parseCommandLine(argc, argv, purpose, description).unreachedArgs();
    if (specimen.empty()) {
        mlog[FATAL] <<"no binary specimen specified; see --help\n";
    //! [setup]
    //! [partition]
    Partitioner2::Partitioner partitioner = engine.partition(specimen);
    //! [partition]

    //! [function cfg]
    BOOST_FOREACH (const Partitioner2::Function::Ptr &function, partitioner.functions()) {
        // global control flow graph
        Partitioner2::ControlFlowGraph cfg = partitioner.cfg();

        // Erase all vertices that don't belong to the function of interest, and their incident edges
        Partitioner2::ControlFlowGraph::VertexIterator vi = cfg.vertices().begin();
        while (vi != cfg.vertices().end()) {
            if (!vi->value().isOwningFunction(function)) {
            } else {

        // Print the results
        std::cout <<"CFG for " <<function->printableName() <<"\n"
                  <<"  Vertices:\n";
        BOOST_FOREACH (const Partitioner2::ControlFlowGraph::Vertex &v, cfg.vertices())
            std::cout <<"    " <<partitioner.vertexName(v) <<"\n";
        std::cout <<"  Edges:\n";
        BOOST_FOREACH (const Partitioner2::ControlFlowGraph::Edge &e, cfg.edges())
            std::cout <<"    " <<partitioner.edgeName(e) <<"\n";
    //! [function cfg]
Esempio n. 4
main(int argc, char *argv[]) {
    //! [commandline]
    ROSE_INITIALIZE;                                    // see rose::initialize
    std::string purpose = "finds static strings in a binary specimen";
    std::string description =
        "This tool disassembles a binary specimen and then scans the "
        "read-only parts of memory to find static strings. It looks for "
        "C-style NUL-termianted printable ASCII strings, zero-terminated "
        "UTF-16 little-endian strings, two-byte little-endian length-encoded "
        "ASCII strings, and some other common formats.";

    Partitioner2::Engine engine;
    std::vector<std::string> specimen =
        engine.parseCommandLine(argc, argv, purpose, description).unreachedArgs();
    //! [commandline]

    //! [load]
    MemoryMap map = engine.loadSpecimens(specimen);
    ByteOrder::Endianness sex = engine.obtainDisassembler()->get_sex();
    //! [load]

    //! [analysis]
    Strings::StringFinder finder;       // the string analyzer
    finder.settings().minLength = 5;    // no strings shorter than 5 characters
    finder.settings().maxLength = 8192; // no strings longer than 8k characters
    finder.insertCommonEncoders(sex);   // match common encodings of strings
    //! [analysis]

    //! [output]
    // Output, or just do "std::cout <<finder" if you're not picky.
    BOOST_FOREACH (const Strings::EncodedString &string, finder.strings()) {
        std::cout <<"string at " <<string.address() <<" for " <<string.size() <<" bytes\n";
        std::cout <<"encoding: " <<string.encoder()->name() <<"\n";
        std::cout <<"narrow value: \"" <<StringUtility::cEscape(string.narrow()) <<"\"\n";
    //! [output]