Examples with ReilGraph com.google.security.zynamics.reil.ReilGraph used on opensource projects

Example 1 with ReilGraph

use of com.google.security.zynamics.reil.ReilGraph in project binnavi by google.

the class CReilInstructionDialog method show.

/**
   * Shows an instruction dialog.
   *
   * @param parent Parent window used for dialogs.
   * @param instruction The instruction whose REIL code is shown.
   *
   * @throws InternalTranslationException Thrown if the instruction could not be converted to REIL
   *         code.
   */
public static void show(final Window parent, final INaviInstruction instruction) throws InternalTranslationException {
    final ReilTranslator<INaviInstruction> translator = new ReilTranslator<INaviInstruction>();
    final ReilGraph reilGraph = translator.translate(new StandardEnvironment(), instruction);
    final String text = reilGraphToText(reilGraph);
    final String title = String.format("REIL code of '%s'", instruction.toString());
    final CReilInstructionDialog dialog = new CReilInstructionDialog(parent, title, text);
    GuiHelper.centerChildToParent(parent, dialog, true);
    dialog.setVisible(true);
}

Example 2 with ReilGraph

use of com.google.security.zynamics.reil.ReilGraph in project binnavi by google.

the class ReilTranslator method translate.

/**
   * Translates a disassembled function to REIL code.
   * 
   * @param environment The translation environment for the translation process
   * @param function The disassembled function
   * 
   * @return The function translated to REIL code
   * 
   * @throws InternalTranslationException Thrown if an internal error occurs
   */
public ReilFunction translate(final ITranslationEnvironment environment, final IBlockContainer<InstructionType> function, final List<ITranslationExtension<InstructionType>> extensions) throws InternalTranslationException {
    final LinkedHashMap<ICodeContainer<InstructionType>, List<ReilInstruction>> instructionMap = new LinkedHashMap<ICodeContainer<InstructionType>, List<ReilInstruction>>();
    final Map<IInstruction, ReilInstruction> firstMap = new HashMap<IInstruction, ReilInstruction>();
    final Map<IInstruction, ReilInstruction> lastMap = new HashMap<IInstruction, ReilInstruction>();
    final List<List<ReilInstruction>> delayedTrueBranches = new ArrayList<List<ReilInstruction>>();
    for (final ICodeContainer<InstructionType> block : function.getBasicBlocks()) {
        final Iterable<InstructionType> blockInstructions = block.getInstructions();
        final IInstruction lastBlockInstruction = Iterables.getLast(blockInstructions);
        final boolean endsWithInlining = isInlineSource(block);
        final ArrayList<ReilInstruction> instructions = new ArrayList<ReilInstruction>();
        instructionMap.put(block, instructions);
        for (final InstructionType instruction : blockInstructions) {
            environment.nextInstruction();
            final ITranslator<InstructionType> translator = m_translators.get(instruction.getArchitecture().toUpperCase());
            if (translator == null) {
                throw new InternalTranslationException("Could not translate instruction from unknown architecture " + instruction.getArchitecture());
            }
            try {
                final List<ReilInstruction> result = translator.translate(environment, instruction, extensions);
                instructions.addAll(result);
                if (endsWithInlining && (instruction == lastBlockInstruction)) {
                    // We skip the last JCC instruction of blocks that were split by inlining. In 99%
                    // of all cases this should be the inlined call; unless the user removed the
                    // call from the block.
                    final ReilInstruction lastInstruction = instructions.get(instructions.size() - 1);
                    if (lastInstruction.getMnemonic().equals(ReilHelpers.OPCODE_JCC) && lastInstruction.getMetaData().containsKey("isCall")) {
                        instructions.remove(instructions.size() - 1);
                        result.remove(result.size() - 1);
                    }
                }
                firstMap.put(instruction, getFirstInstruction(result));
                lastMap.put(instruction, getLastInstruction(result));
            } catch (final InternalTranslationException exception) {
                exception.setInstruction(instruction);
                throw exception;
            }
        }
        // In this step we have to consider delayed branches of the form
        //
        // BRANCH CONDITION, SOMEWHERE
        // EXECUTE ALWAYS
        //
        // We basically re-order the instructions to
        //
        // EVALUATE CONDITION -> TEMP
        // EXECUTE ALWAYS
        // BRANCH TEMP, SOMEWHERE
        final IInstruction secondLastInstruction = Iterables.size(block.getInstructions()) > 2 ? Iterables.get(block.getInstructions(), Iterables.size(block.getInstructions()) - 2, null) : null;
        if (secondLastInstruction != null) {
            final List<ReilInstruction> secondLastReil = getReilInstructions(secondLastInstruction, instructions);
            if (ReilHelpers.isDelayedBranch(secondLastReil.get(secondLastReil.size() - 1))) {
                final IInstruction lastInstruction = getLastInstruction(block);
                final List<ReilInstruction> lastReil = getReilInstructions(lastInstruction, instructions);
                if (secondLastReil.get(secondLastReil.size() - 1).getMnemonic().equals(ReilHelpers.OPCODE_JCC)) {
                    instructions.removeAll(lastReil);
                    instructions.addAll(instructions.size() - 1, lastReil);
                }
            } else if (ReilHelpers.isDelayedTrueBranch(secondLastReil.get(secondLastReil.size() - 1))) {
                final IInstruction lastInstruction = getLastInstruction(block);
                final List<ReilInstruction> lastReil = getReilInstructions(lastInstruction, instructions);
                delayedTrueBranches.add(lastReil);
            }
        }
    }
    // In this step we determine all jump targets of the input graph.
    // We need them later because not all original jump targets can be
    // found in the translated REIL graph. The reason for this is that
    // source instructions of edges in the input graph do not necessarily
    // have a reference to the address of the edge target. This happens
    // for example when removing the first instruction from a code node.
    // The edge still goes to the code node, but the jump instruction now
    // refers to the removed instruction.
    final Collection<IAddress> nativeJumpTargets = getBlockAddresses(function);
    final Pair<List<ReilBlock>, List<ReilEdge>> pair = ReilGraphGenerator.createGraphElements(instructionMap.values(), nativeJumpTargets);
    final List<ReilBlock> nodes = pair.first();
    final List<ReilEdge> edges = pair.second();
    // In a post-processing step all edges which could not be determined
    // from the REIL instructions alone are inserted into the graph.
    insertNativeEdges(function.getBasicBlockEdges(), nodes, edges, firstMap, lastMap);
    handleDelayedTrueBranches(nodes, edges, delayedTrueBranches);
    return new ReilFunction("REIL - " + function.getName(), new ReilGraph(nodes, edges));
}

Example 3 with ReilGraph

use of com.google.security.zynamics.reil.ReilGraph in project binnavi by google.

the class InstructionGraphTest method testEmpty.

@Test
public void testEmpty() {
    final ReilGraph rg = new ReilGraph(new ArrayList<ReilBlock>(), new ArrayList<ReilEdge>());
    final InstructionGraph g = InstructionGraph.create(rg);
    assertEquals(0, g.nodeCount());
    assertEquals(0, g.edgeCount());
}

Example 4 with ReilGraph

use of com.google.security.zynamics.reil.ReilGraph in project binnavi by google.

the class InstructionGraphTest method testTwoNodes.

@Test
public void testTwoNodes() {
    final ReilBlock block1 = new ReilBlock(Lists.newArrayList(ReilHelpers.createNop(0)));
    final ReilBlock block2 = new ReilBlock(Lists.newArrayList(ReilHelpers.createUndef(1, OperandSize.DWORD, "eax")));
    final ReilEdge edge1 = new ReilEdge(block1, block2, EdgeType.JUMP_CONDITIONAL_FALSE);
    ReilBlock.link(block1, block2, edge1);
    final List<ReilBlock> blocks = Lists.newArrayList(block1, block2);
    final List<ReilEdge> edges = Lists.newArrayList(edge1);
    final ReilGraph rg = new ReilGraph(blocks, edges);
    final InstructionGraph g = InstructionGraph.create(rg);
    assertEquals(2, g.nodeCount());
    assertEquals(1, g.edgeCount());
    assertEquals(0, g.getNodes().get(0).getInstruction().getAddress().toLong());
    assertEquals(1, g.getNodes().get(1).getInstruction().getAddress().toLong());
}

Example 5 with ReilGraph

use of com.google.security.zynamics.reil.ReilGraph in project binnavi by google.

the class OperandGraphTest method testOneNode.

@Test
public void testOneNode() {
    final Collection<ReilInstruction> instructions = new ArrayList<ReilInstruction>();
    instructions.add(ReilHelpers.createAdd(0, OperandSize.DWORD, "eax", OperandSize.DWORD, "123", OperandSize.QWORD, "t0"));
    instructions.add(ReilHelpers.createAnd(1, OperandSize.QWORD, "t0", OperandSize.DWORD, String.valueOf(0xFFFFFFFF), OperandSize.DWORD, "t1"));
    final ReilBlock block1 = new ReilBlock(instructions);
    final List<ReilBlock> blocks = Lists.<ReilBlock>newArrayList(block1);
    final ReilGraph rg = new ReilGraph(blocks, new ArrayList<ReilEdge>());
    final OperandGraph g = OperandGraph.create(rg);
    assertEquals(6, g.nodeCount());
    assertEquals(5, g.edgeCount());
}