miasm
Reverse engineering framework
Functions | Variables
asmblock Namespace Reference

Functions

def remove_useless_blocks (d_g, graph)
 Check final state. More...
 

Variables

 data = decode_hex("5589e583ec10837d08007509c745fc01100000eb73837d08017709c745fc02100000eb64837d08057709c745fc03100000eb55837d080774138b450801c083f80e7509c745fc04100000eb3c8b450801c083f80e7509c745fc05100000eb298b450883e03085c07409c745fc06100000eb16837d08427509c745fc07100000eb07c745fc081000008b45fcc9c3")
 
 loc_db = LocationDB()
 
 cont = Container.from_string(data, loc_db)
 
 machine = Machine("x86_32")
 
 mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)
 
 first_block = mdis.dis_block(0)
 Disassembly of one block. More...
 
 first_block_bis = mdis.dis_block(0)
 Test redisassemble asmcfg. More...
 
 asmcfg = mdis.dis_multiblock(0)
 Disassembly of several block, with cache. More...
 
 leaves = asmcfg.leaves()
 Equality between assembly lines is not yet implemented. More...
 
 last_block_loc_key = leaves.pop()
 
bool good = False
 Modification must be reported from the graph. More...
 
 dg = DiGraphSimplifier()
 Use a graph simplifier to recursively apply the simplification pass. More...
 
 testlabel = loc_db.get_or_create_name_location("testlabel")
 Only two asmcfg should remain. More...
 
 my_block = AsmBlock(loc_db, testlabel)
 
 testlabel_bad = loc_db.get_or_create_name_location("testlabel_bad")
 Bad asmcfg. More...
 
 my_bad_block = AsmBlockBad(loc_db, testlabel_bad)
 
 testlabel_nextitself = loc_db.get_or_create_name_location("testlabel_nextitself")
 Link the bad block and update edges Indeed, a sub-element has been modified (bto from a block from asmcfg) More...
 
 my_block_ni = AsmBlock(loc_db, testlabel_nextitself)
 
bool error_raised = False
 OK for now. More...
 
 testlabel_target = loc_db.get_or_create_name_location("testlabel_target")
 Back to a normal state. More...
 
 my_block_target = AsmBlock(loc_db, testlabel_target)
 
 testlabel_src1 = loc_db.get_or_create_name_location("testlabel_src1")
 
 testlabel_src2 = loc_db.get_or_create_name_location("testlabel_src2")
 
 my_block_src1 = AsmBlock(loc_db, testlabel_src1)
 
 my_block_src2 = AsmBlock(loc_db, testlabel_src2)
 
 testlabel_pend_src = loc_db.get_or_create_name_location("testlabel_pend_src")
 Guess block size Initial state. More...
 
 testlabel_pend_dst = loc_db.get_or_create_name_location("testlabel_pend_dst")
 
 my_block_src = AsmBlock(loc_db, testlabel_pend_src)
 
 my_block_dst = AsmBlock(loc_db, testlabel_pend_dst)
 
 pending = list(asmcfg.pendings[my_block_dst.loc_key])[0]
 Check resulting state. More...
 
 data2 = decode_hex("31c0eb0c31c9750c31d2eb0c31ffebf831dbebf031edebfc31f6ebf031e4c3")
 Pending must disappeared when adding expected block. More...
 
 cont2 = Container.from_string(data2, loc_db)
 
 entry_asmcfg = asmcfg.heads()
 Dump the graph after merging. More...
 
 bad_block_lbl
 
 alone_block
 
 entry_block = asmcfg.loc_key_to_block(entry_asmcfg.pop())
 Check resulting function. More...
 
 nextb
 
 tob
 
 asmcfg_bef = asmcfg.copy()
 Without condition for a split, no change. More...
 
 inside_firstbbl = loc_db.get_offset_location(4)
 Create conditions for a block split. More...
 
 lbl_newb = asmcfg.successors(entry_block.loc_key)[0]
 Check result. More...
 
 newb = asmcfg.loc_key_to_block(lbl_newb)
 
 preds = asmcfg.predecessors(lbl_newb)
 
 bbl0 = MatchGraphJoker(name="0")
 Check resulting disasm. More...
 
 bbl2 = MatchGraphJoker(name="2")
 
 bbl4 = MatchGraphJoker(name="4")
 
 bbl9 = MatchGraphJoker(name="9")
 
 bblB = MatchGraphJoker(name="B")
 
 bbl10 = MatchGraphJoker(name="10")
 
 matcher = bbl0 >> bbl2 >> bbl4 >> bbl9 >> bblB >> bbl10
 
 solutions = list(matcher.match(asmcfg))
 
 solution = solutions.pop()
 
 offset = loc_db.get_location_offset(label)
 
 loc_key_dum = loc_db.get_or_create_name_location("dummy_loc")
 

Function Documentation

◆ remove_useless_blocks()

def asmblock.remove_useless_blocks (   d_g,
  graph 
)

Check final state.

Simplify the obtained graph to keep only asmcfg which reach a block finishing with RET

Remove leaves without a RET

Variable Documentation

◆ alone_block

asmblock.alone_block
Initial value:
1 = next((asmcfg.loc_key_to_block(lbl) for lbl in entry_asmcfg
2  if len(asmcfg.successors(lbl)) == 0))

◆ asmcfg

asmblock.asmcfg = mdis.dis_multiblock(0)

Disassembly of several block, with cache.

Block alone.

Elements to merge.

Test redisassemble asmcfg.

Bad block

Dump the graph before merging

Apply merging

◆ asmcfg_bef

asmblock.asmcfg_bef = asmcfg.copy()

Without condition for a split, no change.

◆ bad_block_lbl

asmblock.bad_block_lbl
Initial value:
1 = next((lbl for lbl in entry_asmcfg
2  if isinstance(asmcfg.loc_key_to_block(lbl), AsmBlockBad)))

◆ bbl0

asmblock.bbl0 = MatchGraphJoker(name="0")

Check resulting disasm.

Check graph structure

◆ bbl10

asmblock.bbl10 = MatchGraphJoker(name="10")

◆ bbl2

asmblock.bbl2 = MatchGraphJoker(name="2")

◆ bbl4

asmblock.bbl4 = MatchGraphJoker(name="4")

◆ bbl9

asmblock.bbl9 = MatchGraphJoker(name="9")

◆ bblB

asmblock.bblB = MatchGraphJoker(name="B")

◆ cont

asmblock.cont = Container.from_string(data, loc_db)

◆ cont2

asmblock.cont2 = Container.from_string(data2, loc_db)

◆ data

asmblock.data = decode_hex("5589e583ec10837d08007509c745fc01100000eb73837d08017709c745fc02100000eb64837d08057709c745fc03100000eb55837d080774138b450801c083f80e7509c745fc04100000eb3c8b450801c083f80e7509c745fc05100000eb298b450883e03085c07409c745fc06100000eb16837d08427509c745fc07100000eb07c745fc081000008b45fcc9c3")

◆ data2

asmblock.data2 = decode_hex("31c0eb0c31c9750c31d2eb0c31ffebf831dbebf031edebfc31f6ebf031e4c3")

Pending must disappeared when adding expected block.

◆ dg

asmblock.dg = DiGraphSimplifier()

Use a graph simplifier to recursively apply the simplification pass.

◆ entry_asmcfg

asmblock.entry_asmcfg = asmcfg.heads()

Dump the graph after merging.

Check the final state

Check "special" asmcfg

◆ entry_block

asmblock.entry_block = asmcfg.loc_key_to_block(entry_asmcfg.pop())

Check resulting function.

◆ error_raised

bool asmblock.error_raised = False

OK for now.

Sanity check must fail.

Add a second next from src2 to target (already src1 -> target)

◆ first_block

asmblock.first_block = mdis.dis_block(0)

Disassembly of one block.

Remove first_block for the rest of the graph.

◆ first_block_bis

asmblock.first_block_bis = mdis.dis_block(0)

Test redisassemble asmcfg.

◆ good

bool asmblock.good = False

Modification must be reported from the graph.

Remove predecessors of last block

Link first and last block

Only one link between two asmcfg

◆ inside_firstbbl

asmblock.inside_firstbbl = loc_db.get_offset_location(4)

Create conditions for a block split.

◆ last_block_loc_key

asmblock.last_block_loc_key = leaves.pop()

◆ lbl_newb

asmblock.lbl_newb = asmcfg.successors(entry_block.loc_key)[0]

Check result.

◆ leaves

asmblock.leaves = asmcfg.leaves()

Equality between assembly lines is not yet implemented.

Convert to dot

Modify the structure: link the first and the last block

◆ loc_db

asmblock.loc_db = LocationDB()

◆ loc_key_dum

asmblock.loc_key_dum = loc_db.get_or_create_name_location("dummy_loc")

◆ machine

asmblock.machine = Machine("x86_32")

◆ matcher

asmblock.matcher = bbl0 >> bbl2 >> bbl4 >> bbl9 >> bblB >> bbl10

◆ mdis

asmblock.mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)

◆ my_bad_block

asmblock.my_bad_block = AsmBlockBad(loc_db, testlabel_bad)

◆ my_block

asmblock.my_block = AsmBlock(loc_db, testlabel)

◆ my_block_dst

asmblock.my_block_dst = AsmBlock(loc_db, testlabel_pend_dst)

◆ my_block_ni

asmblock.my_block_ni = AsmBlock(loc_db, testlabel_nextitself)

◆ my_block_src

asmblock.my_block_src = AsmBlock(loc_db, testlabel_pend_src)

◆ my_block_src1

asmblock.my_block_src1 = AsmBlock(loc_db, testlabel_src1)

◆ my_block_src2

asmblock.my_block_src2 = AsmBlock(loc_db, testlabel_src2)

◆ my_block_target

asmblock.my_block_target = AsmBlock(loc_db, testlabel_target)

◆ newb

asmblock.newb = asmcfg.loc_key_to_block(lbl_newb)

◆ nextb

asmblock.nextb
Initial value:
1 = asmcfg.loc_key_to_block(next((cons.loc_key for cons in entry_block.bto
2  if cons.c_t == AsmConstraint.c_next)))

◆ offset

asmblock.offset = loc_db.get_location_offset(label)

◆ pending

asmblock.pending = list(asmcfg.pendings[my_block_dst.loc_key])[0]

Check resulting state.

◆ preds

asmblock.preds = asmcfg.predecessors(lbl_newb)

◆ solution

asmblock.solution = solutions.pop()

◆ solutions

asmblock.solutions = list(matcher.match(asmcfg))

◆ testlabel

asmblock.testlabel = loc_db.get_or_create_name_location("testlabel")

Only two asmcfg should remain.

Graph the final output

loc_key_to_block should always be updated

◆ testlabel_bad

asmblock.testlabel_bad = loc_db.get_or_create_name_location("testlabel_bad")

Bad asmcfg.

Add a bad block, not linked

◆ testlabel_nextitself

asmblock.testlabel_nextitself = loc_db.get_or_create_name_location("testlabel_nextitself")

Link the bad block and update edges Indeed, a sub-element has been modified (bto from a block from asmcfg)

Test strict option

Sanity check

Next on itself

◆ testlabel_pend_dst

asmblock.testlabel_pend_dst = loc_db.get_or_create_name_location("testlabel_pend_dst")

◆ testlabel_pend_src

asmblock.testlabel_pend_src = loc_db.get_or_create_name_location("testlabel_pend_src")

Guess block size Initial state.

Check pendings Create a pending element

◆ testlabel_src1

asmblock.testlabel_src1 = loc_db.get_or_create_name_location("testlabel_src1")

◆ testlabel_src2

asmblock.testlabel_src2 = loc_db.get_or_create_name_location("testlabel_src2")

◆ testlabel_target

asmblock.testlabel_target = loc_db.get_or_create_name_location("testlabel_target")

Back to a normal state.

Multiple next on the same node

◆ tob

asmblock.tob
Initial value:
1 = asmcfg.loc_key_to_block(next((cons.loc_key for cons in entry_block.bto
2  if cons.c_t == AsmConstraint.c_to)))