Example 6 with OperandType
use of com.google.security.zynamics.reil.OperandType in project binnavi by google.
the class BaseTransformer method inputOperandsAreLiterals.
/**
* Determines whether the two input operands of an instruction are both literals.
*
* @param instruction The instruction whose input operands are checked.
*
* @return True, if both input operands of the instruction are literals.
*/
private static boolean inputOperandsAreLiterals(final ReilInstruction instruction) {
final OperandType firstOperandType = instruction.getFirstOperand().getType();
final OperandType secondOperandType = instruction.getSecondOperand().getType();
return (firstOperandType == OperandType.INTEGER_LITERAL) && (secondOperandType == OperandType.INTEGER_LITERAL);
}
Also used :
OperandType(com.google.security.zynamics.reil.OperandType)
Example 7 with OperandType
use of com.google.security.zynamics.reil.OperandType in project binnavi by google.
the class RegisterTrackingTransformationProvider method transformOr.
@Override
protected Pair<RegisterSetLatticeElement, RegisterSetLatticeElement> transformOr(final ReilInstruction ins, final RegisterSetLatticeElement state) {
final OperandType operandOneType = ins.getFirstOperand().getType();
final OperandType operandTwoType = ins.getSecondOperand().getType();
final OperandSize operandOneSize = ins.getFirstOperand().getSize();
final OperandSize operandTwoSize = ins.getSecondOperand().getSize();
final OperandSize operandThreeSize = ins.getThirdOperand().getSize();
final String operandOneValue = ins.getFirstOperand().getValue();
final String operandTwoValue = ins.getSecondOperand().getValue();
final String mask = getMask(operandThreeSize);
if ((operandOneType == OperandType.INTEGER_LITERAL) && mask.equalsIgnoreCase(operandOneValue) && operandThreeSize.equals(operandTwoSize) && operandThreeSize.equals(operandOneSize)) {
final RegisterSetLatticeElement newState = state.copy();
newState.untaint(ins.getThirdOperand().getValue());
return new Pair<RegisterSetLatticeElement, RegisterSetLatticeElement>(newState, null);
} else if ((operandTwoType == OperandType.INTEGER_LITERAL) && mask.equalsIgnoreCase(operandTwoValue) && operandThreeSize.equals(operandTwoSize) && operandThreeSize.equals(operandOneSize)) {
final RegisterSetLatticeElement newState = state.copy();
newState.untaint(ins.getThirdOperand().getValue());
return new Pair<RegisterSetLatticeElement, RegisterSetLatticeElement>(newState, null);
}
return transformNormalInstruction(ins, state);
}
Also used :
OperandType(com.google.security.zynamics.reil.OperandType)
OperandSize(com.google.security.zynamics.reil.OperandSize)
Pair(com.google.security.zynamics.zylib.general.Pair)
Example 8 with OperandType
use of com.google.security.zynamics.reil.OperandType in project binnavi by google.
the class Helpers method processLeafNode.
private static TranslationResult processLeafNode(final ITranslationEnvironment environment, final long baseOffset, final IOperandTreeNode expression, OperandSize size, boolean loadOperand) throws InternalTranslationException {
// All leaves are either registers or integer literals. They are translated
// into "STR leaf, , nextVariable" instructions. Optimizations are handled
// during the translation of their parent nodes.
// Get the type of the leaf.
final String value = expression.getValue();
final OperandType operandType = OperandType.getOperandType(value);
TranslationResultType nodeType = null;
switch(operandType) {
case REGISTER:
nodeType = TranslationResultType.REGISTER;
break;
case INTEGER_LITERAL:
nodeType = TranslationResultType.LITERAL;
break;
default:
throw new InternalTranslationException("Error: Leaf has invalid type");
}
final List<ReilInstruction> instructions = new ArrayList<>();
final String nextVariableString = environment.getNextVariableString();
if ((operandType == OperandType.INTEGER_LITERAL) || !needsExtraction(environment, value)) {
if (loadOperand) {
instructions.add(ReilHelpers.createStr(baseOffset, size, value, size, nextVariableString));
return new TranslationResult(nextVariableString, size, nodeType, null, instructions, baseOffset);
} else {
// str t3, --, ebx
return new TranslationResult(value, size, nodeType, null, instructions, baseOffset);
}
} else {
// Mask smaller operands
return extractRegister(environment, baseOffset, value);
}
}
Also used :
ReilInstruction(com.google.security.zynamics.reil.ReilInstruction)
OperandType(com.google.security.zynamics.reil.OperandType)
TranslationResultType(com.google.security.zynamics.reil.translators.TranslationResultType)
ArrayList(java.util.ArrayList)
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult)
Example 9 with OperandType
use of com.google.security.zynamics.reil.OperandType in project binnavi by google.
the class LeaTranslator method translate.
// TODO: Check the code again
/**
* Translates a LEA instruction to REIL code.
*
* @param environment A valid translation environment.
* @param instruction The LEA instruction to translate.
* @param instructions The generated REIL code will be added to this list
*
* @throws InternalTranslationException if any of the arguments are null the passed instruction is
* not a LAHF instruction
*/
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "lea");
if (instruction.getOperands().size() != 2) {
throw new InternalTranslationException("Error: Argument instruction is not a lea instruction (invalid number of operands)");
}
final long baseOffset = instruction.getAddress().toLong() * 0x100;
long offset = baseOffset;
final List<? extends IOperandTree> operands = instruction.getOperands();
final IOperandTree targetOperand = operands.get(0);
final IOperandTree sourceOperand = operands.get(1);
// The first operand must be a register.
final String destination = Helpers.getLeafValue(targetOperand.getRootNode());
final OperandSize size = Helpers.getOperandSize(targetOperand);
// Load the operand.
final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, false);
String sourceRegister = sourceResult.getRegister() != null ? sourceResult.getRegister() : sourceResult.getAddress();
sourceResult.getType();
final List<ReilInstruction> sourceInstructions = sourceResult.getInstructions();
// The source operand must always be loaded.
instructions.addAll(sourceInstructions);
// Adjust the offset of the next REIL instruction
offset = baseOffset + instructions.size();
if (size == OperandSize.WORD) {
// Destination size is a sub-register
final OperandType operandType = OperandType.getOperandType(sourceRegister);
if (operandType == OperandType.INTEGER_LITERAL) {
// Integer literals can be truncated directly.
sourceRegister = String.valueOf(Long.valueOf(sourceRegister) & 0xFFFF);
} else if (operandType == OperandType.REGISTER) {
// Registers must be truncated later
// => Add an AND instruction that truncates.
final String truncatedValue = environment.getNextVariableString();
final OperandSize registerSize = sourceInstructions.size() == 0 ? Helpers.getRegisterSize(sourceRegister) : environment.getArchitectureSize();
// Add the truncating instruction
instructions.add(ReilHelpers.createAnd(offset, registerSize, sourceRegister, OperandSize.WORD, "65535", OperandSize.WORD, truncatedValue));
offset++;
sourceRegister = truncatedValue;
} else {
// Shouldn't be possible.
assert false;
}
// Write the loaded value into the destination register.
Helpers.writeBack(environment, offset, targetOperand, sourceRegister, size, null, TranslationResultType.REGISTER, instructions);
} else if (size == OperandSize.DWORD) {
// Destination is a DWORD register
// Handling DWORD values is easier. Just add a STR
// instruction that writes the loaded source value
// into the destination register.
instructions.add(ReilHelpers.createStr(offset, size, sourceRegister, size, destination));
// instructions.addAll(Helpers.writeBack(environment, offset, targetOperand, sourceRegister,
// size, null, TranslationResultType.REGISTER));
} else {
assert false;
}
}
Also used :
ReilInstruction(com.google.security.zynamics.reil.ReilInstruction)
IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree)
OperandType(com.google.security.zynamics.reil.OperandType)
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult)
OperandSize(com.google.security.zynamics.reil.OperandSize)
Aggregations
OperandType (com.google.security.zynamics.reil.OperandType)9
OperandSize (com.google.security.zynamics.reil.OperandSize)2
ReilInstruction (com.google.security.zynamics.reil.ReilInstruction)2
InternalTranslationException (com.google.security.zynamics.reil.translators.InternalTranslationException)2
TranslationResult (com.google.security.zynamics.reil.translators.TranslationResult)2
Pair (com.google.security.zynamics.zylib.general.Pair)2
ReilOperand (com.google.security.zynamics.reil.ReilOperand)1
IValueElement (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)1
MemoryCell (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.MemoryCell)1
Undefined (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Undefined)1
TranslationResultType (com.google.security.zynamics.reil.translators.TranslationResultType)1
IOperandTree (com.google.security.zynamics.zylib.disassembly.IOperandTree)1
BigInteger (java.math.BigInteger)1
ArrayList (java.util.ArrayList)1
