Example 1 with ReilOperand
use of com.google.security.zynamics.reil.ReilOperand in project binnavi by google.
the class BaseTransformer method transformRegisterLiteral.
/**
* Transforms MNEM R1, L1, R2 to (R2 => COMBINE(R1, L1))
*
* @param instruction The instruction in question.
* @param incomingState The incoming state from the parents of the instruction.
* @param generator Combines the input operand values of the instruction.
*
* @return The new state of the graph node that represents the instruction.
*/
protected static ValueTrackerElement transformRegisterLiteral(final ReilInstruction instruction, final ValueTrackerElement incomingState, final IElementGenerator generator) {
// Combine a register to a literal. This means we have to look up the state of the input
// register
// in the incoming state.
final boolean registerFirst = inputOperandsAreRegisterLiteral(instruction);
final ReilOperand registerOperand = registerFirst ? instruction.getFirstOperand() : instruction.getSecondOperand();
final ReilOperand literalOperand = registerFirst ? instruction.getSecondOperand() : instruction.getFirstOperand();
final ReilOperand outputOperand = instruction.getThirdOperand();
final IValueElement previousState = incomingState.getState(registerOperand.getValue());
final IValueElement result = getOutputValue(registerOperand, previousState, literalOperand, null, generator);
if (previousState instanceof BitwiseAnd) {
return AndSimplifier.simplifyAnd(instruction, registerOperand, literalOperand, (BitwiseAnd) previousState, incomingState, generator);
} else {
return incomingState.update(instruction, new Register(outputOperand.getValue()), result);
}
}
Also used :
IValueElement(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)
Register(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Register)
BitwiseAnd(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.BitwiseAnd)
ReilOperand(com.google.security.zynamics.reil.ReilOperand)
Example 2 with ReilOperand
use of com.google.security.zynamics.reil.ReilOperand in project binnavi by google.
the class BiszTransformer method transform.
public static ValueTrackerElement transform(final ReilInstruction instruction, final ValueTrackerElement incomingState) {
final ReilOperand inputOperand = instruction.getFirstOperand();
final ReilOperand outputOperand = instruction.getThirdOperand();
final Register outputRegister = new Register(outputOperand.getValue());
final IValueElement inputValue = getOperandValue(inputOperand, incomingState);
final IValueElement outputValue = getOutputValue(inputOperand, inputValue);
return incomingState.update(instruction, outputRegister, outputValue);
}
Also used :
IValueElement(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)
Register(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Register)
ReilOperand(com.google.security.zynamics.reil.ReilOperand)
Example 3 with ReilOperand
use of com.google.security.zynamics.reil.ReilOperand in project binnavi by google.
the class LdmTransformer method transform.
public static ValueTrackerElement transform(final ReilInstruction instruction, final ValueTrackerElement incomingState) {
final ReilOperand memoryAddressOperand = instruction.getFirstOperand();
final ReilOperand outputOperand = instruction.getThirdOperand();
final Register outputRegister = new Register(outputOperand.getValue());
final IValueElement memoryAddress = getOperandValue(memoryAddressOperand, incomingState);
if ((memoryAddress == null) || (memoryAddress instanceof Undefined)) {
final IValueElement memoryAddressValue = getAtomicType(memoryAddressOperand);
final Dereference dereference = new Dereference(memoryAddressValue);
return incomingState.update(instruction, outputRegister, dereference);
} else {
final IValueElement previousState2 = incomingState.getState(new MemoryCell(memoryAddress));
if (previousState2 == null) {
return incomingState.update(instruction, outputRegister, new Dereference(memoryAddress));
} else {
return incomingState.update(instruction, outputRegister, previousState2);
}
}
}
Also used :
Undefined(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Undefined)
IValueElement(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)
Register(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Register)
ReilOperand(com.google.security.zynamics.reil.ReilOperand)
Dereference(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Dereference)
MemoryCell(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.MemoryCell)
Example 4 with ReilOperand
use of com.google.security.zynamics.reil.ReilOperand in project binnavi by google.
the class StmTransformer method transform.
public static ValueTrackerElement transform(final ReilInstruction instruction, final ValueTrackerElement state) {
// STM x, , y
final ReilOperand inputOperand = instruction.getFirstOperand();
final ReilOperand addressOperand = instruction.getThirdOperand();
final OperandType inputOperandType = inputOperand.getType();
if (inputOperandType == OperandType.INTEGER_LITERAL) {
final IValueElement previousAddressState = state.getState(addressOperand.getValue());
final IValueElement outputValue = getValue(inputOperand, previousAddressState);
if ((previousAddressState == null) || (previousAddressState instanceof Undefined)) {
final IValueElement newThirdState = getAtomicType(addressOperand);
return state.update(instruction, new MemoryCell(newThirdState), outputValue);
} else {
final IValueElement previousState2b = state.getState(new MemoryCell(previousAddressState));
if ((previousState2b == null) || (previousState2b instanceof Undefined)) {
return state.update(instruction, new MemoryCell(previousAddressState), outputValue);
} else {
return state.update(instruction, new MemoryCell(previousState2b), outputValue);
}
}
} else if (inputOperandType == OperandType.REGISTER) {
final IValueElement newThirdState = getAtomicType(addressOperand);
final IValueElement previousStateInput = state.getState(inputOperand.getValue());
final IValueElement previousState2 = getOperandValue(addressOperand, state);
if ((previousStateInput == null) && (previousState2 == null)) {
return state.update(instruction, new MemoryCell(newThirdState), getAtomicType(inputOperand));
} else if ((previousStateInput == null) && (previousState2 != null)) {
final IValueElement previousState2b = state.getState(new MemoryCell(previousState2));
if (previousState2b == null) {
return state.update(instruction, new MemoryCell(previousState2), getAtomicType(inputOperand));
} else {
return state.update(instruction, new MemoryCell(previousState2b), getAtomicType(inputOperand));
}
} else if ((previousStateInput != null) && (previousState2 == null)) {
return state.update(instruction, new MemoryCell(newThirdState), previousStateInput);
} else if (previousState2 instanceof Undefined) {
return state.update(instruction, new MemoryCell(newThirdState), new Undefined());
} else {
final IValueElement previousState2b = state.getState(new MemoryCell(previousState2));
if ((previousState2b == null) || (previousState2b instanceof Undefined)) {
return state.update(instruction, new MemoryCell(previousState2), previousStateInput);
} else {
return state.update(instruction, new MemoryCell(previousState2b), previousStateInput);
}
}
}
throw new IllegalStateException("Not yet implemented");
}
Also used :
Undefined(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Undefined)
IValueElement(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)
OperandType(com.google.security.zynamics.reil.OperandType)
ReilOperand(com.google.security.zynamics.reil.ReilOperand)
MemoryCell(com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.MemoryCell)
Example 5 with ReilOperand
use of com.google.security.zynamics.reil.ReilOperand in project binnavi by google.
the class RegisterTrackingTransformationProvider method transformNormalInstructionForward.
private Pair<RegisterSetLatticeElement, RegisterSetLatticeElement> transformNormalInstructionForward(final ReilInstruction ins, final RegisterSetLatticeElement state) {
final ReilOperand in1 = ins.getFirstOperand();
final ReilOperand in2 = ins.getSecondOperand();
final ReilOperand out = ins.getThirdOperand();
final Set<String> inputRegisters = new TreeSet<String>();
if (in1.getType() == OperandType.REGISTER) {
inputRegisters.add(in1.getValue());
}
if (in2.getType() == OperandType.REGISTER) {
inputRegisters.add(in2.getValue());
}
// If the intersection of inputRegisters and state is empty, untaint the
// output register. Else, taint the output register.
final RegisterSetLatticeElement outputstate = state.copy();
if (!state.isTainted(inputRegisters)) {
outputstate.untaint(out.getValue());
} else {
for (final String register : inputRegisters) {
if (state.isTainted(register)) {
outputstate.addReadReg(register);
}
}
outputstate.taint(out.getValue());
}
// edge of a conditional branch.
return new Pair<RegisterSetLatticeElement, RegisterSetLatticeElement>(outputstate, null);
}
Also used :
TreeSet(java.util.TreeSet)
ReilOperand(com.google.security.zynamics.reil.ReilOperand)
Pair(com.google.security.zynamics.zylib.general.Pair)
Aggregations
ReilOperand (com.google.security.zynamics.reil.ReilOperand)13
IValueElement (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.IValueElement)8
Register (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Register)7
Undefined (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Undefined)3
Pair (com.google.security.zynamics.zylib.general.Pair)3
ReilInstruction (com.google.security.zynamics.reil.ReilInstruction)2
BitwiseAnd (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.BitwiseAnd)2
Literal (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Literal)2
MemoryCell (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.MemoryCell)2
TreeSet (java.util.TreeSet)2
OperandSize (com.google.security.zynamics.reil.OperandSize)1
OperandType (com.google.security.zynamics.reil.OperandType)1
ReilOperandNode (com.google.security.zynamics.reil.ReilOperandNode)1
Dereference (com.google.security.zynamics.reil.algorithms.mono.valuetracking.elements.Dereference)1
InternalTranslationException (com.google.security.zynamics.reil.translators.InternalTranslationException)1
TranslationResult (com.google.security.zynamics.reil.translators.TranslationResult)1
IAddress (com.google.security.zynamics.zylib.disassembly.IAddress)1
IOperandTree (com.google.security.zynamics.zylib.disassembly.IOperandTree)1
BigInteger (java.math.BigInteger)1
ArrayList (java.util.ArrayList)1
