Examples with RegisterSetLatticeElement com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement used on opensource projects

Search in sources :

Example 1 with RegisterSetLatticeElement

use of com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement in project binnavi by google.

the class RegisterSetLatticeTest method combine.

@Test
public void combine() {
    final RegisterSetLattice lattice = new RegisterSetLattice();
    final RegisterSetLatticeElement element = lattice.combine(Lists.newArrayList(m_fullRegisterSetLatticeElement, m_emptyRegisterSetLatticeElement));
    Assert.assertTrue(element.getTaintedRegisters().containsAll(m_fullRegisterSetLatticeElement.getTaintedRegisters()));
    Assert.assertTrue(element.getUntaintedRegisters().containsAll(m_fullRegisterSetLatticeElement.getUntaintedRegisters()));
    Assert.assertTrue(element.getReadRegisters().containsAll(m_fullRegisterSetLatticeElement.getReadRegisters()));
    Assert.assertTrue(element.getUpdatedRegisters().containsAll(m_fullRegisterSetLatticeElement.getUpdatedRegisters()));
}
Also used : RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) RegisterSetLattice(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLattice) Test(org.junit.Test)

Example 2 with RegisterSetLatticeElement

use of com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement in project binnavi by google.

the class RegisterSetLatticeTest method setUp.

@Before
public void setUp() {
    m_emptyRegisterSetLatticeElement = new RegisterSetLatticeElement();
    m_fullSet = Sets.newHashSet("eax", "ebx", "ecx", "edx", "esi");
    m_fullRegisterSetLatticeElement = new RegisterSetLatticeElement(m_fullSet, m_fullSet, new HashSet<String>(), m_fullSet, m_fullSet);
}
Also used : RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) HashSet(java.util.HashSet) Before(org.junit.Before)

Example 3 with RegisterSetLatticeElement

use of com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement in project binnavi by google.

the class CTracking method track.

/**
 * Performs a register forward tracking operation.
 *
 * @param view The view where the operation happens.
 * @param startInstruction The start instruction.
 * @param trackedRegister The register to track.
 * @param options Register tracking options.
 *
 * @return The result of the register tracking operation.
 *
 * @throws InternalTranslationException Thrown if the graph from the code could not be translated
 *         to REIL.
 */
public static CTrackingResult track(final INaviView view, final INaviInstruction startInstruction, final String trackedRegister, final RegisterTrackingOptions options) throws InternalTranslationException {
    Preconditions.checkNotNull(view, "IE01660: View argument can not be null");
    Preconditions.checkNotNull(startInstruction, "IE01661: Start instruction argument can not be null");
    Preconditions.checkNotNull(trackedRegister, "IE01662: Register argument can not be null");
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(view.getContent().getReilCode(), startInstruction, trackedRegister, options);
    final Map<IAddress, INaviInstruction> instructionMap = CRegisterTrackingHelper.getInstructionMap(view);
    final List<CInstructionResult> instructionResultList = new ArrayList<CInstructionResult>();
    final Map<IAddress, RegisterSetLatticeElement> perInstructionElement = result.generateAddressToStateMapping(startInstruction, options.trackIncoming());
    for (final Map.Entry<IAddress, RegisterSetLatticeElement> addressToStateMapEntry : perInstructionElement.entrySet()) {
        final RegisterSetLatticeElement element = addressToStateMapEntry.getValue();
        if (!element.getReadRegisters().isEmpty() || !element.getNewlyTaintedRegisters().isEmpty() || !element.getUntaintedRegisters().isEmpty() || !element.getUpdatedRegisters().isEmpty()) {
            final CAddress concreteAddress = new CAddress(addressToStateMapEntry.getKey().toLong() >> 8);
            instructionResultList.add(new CInstructionResult(instructionMap.get(concreteAddress), addressToStateMapEntry.getValue()));
        }
    }
    return new CTrackingResult(startInstruction, trackedRegister, instructionResultList);
}
Also used : ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) CAddress(com.google.security.zynamics.zylib.disassembly.CAddress) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) Map(java.util.Map) INaviInstruction(com.google.security.zynamics.binnavi.disassembly.INaviInstruction)

Example 4 with RegisterSetLatticeElement

use of com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement in project binnavi by google.

the class ReilTranslatorTest method testInlinedFunctionGeneration.

@Test
public void testInlinedFunctionGeneration() throws InternalTranslationException {
    final MockBlockContainer container = new MockBlockContainer();
    final MockCodeContainer block1 = new MockCodeContainer();
    block1.m_instructions.add(createMov(0x1000, "eax", "1"));
    final MockCodeContainer block2 = new MockCodeContainer();
    block2.m_instructions.add(createMov(0x1200, "ebx", "eax"));
    final MockCodeContainer block3 = new MockCodeContainer();
    block3.m_instructions.add(createMov(0x1001, "ecx", "ebx"));
    container.m_blocks.add(block1);
    container.m_blocks.add(block2);
    container.m_blocks.add(block3);
    container.m_edges.add(new MockCodeEdge<MockCodeContainer>(block1, block2, EdgeType.ENTER_INLINED_FUNCTION));
    container.m_edges.add(new MockCodeEdge<MockCodeContainer>(block2, block3, EdgeType.LEAVE_INLINED_FUNCTION));
    final ReilFunction function = m_translator.translate(new StandardEnvironment(), container);
    System.out.println(function.getGraph().getNodes());
    System.out.println(function.getGraph().getEdges());
    assertEquals(3, function.getGraph().getNodes().size());
    assertEquals(2, function.getGraph().getEdges().size());
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(function, Iterables.getFirst(block1.getInstructions(), null), "eax", new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.DOWN));
    System.out.println(result);
}
Also used : MockCodeContainer(com.google.security.zynamics.zylib.disassembly.MockCodeContainer) RegisterTrackingOptions(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) MockBlockContainer(com.google.security.zynamics.zylib.disassembly.MockBlockContainer) ReilFunction(com.google.security.zynamics.reil.ReilFunction) StandardEnvironment(com.google.security.zynamics.reil.translators.StandardEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 5 with RegisterSetLatticeElement

use of com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement in project binnavi by google.

the class ReilTranslatorTest method testInlinedFunctionGeneration2.

@Test
public void testInlinedFunctionGeneration2() throws InternalTranslationException {
    final MockBlockContainer container = new MockBlockContainer();
    final MockCodeContainer block1 = new MockCodeContainer();
    block1.m_instructions.add(createPush(0x1000, "eax"));
    block1.m_instructions.add(createMov(0x1001, "edx", "3"));
    block1.m_instructions.add(createCall(0x1002));
    final MockCodeContainer block2 = new MockCodeContainer();
    block2.m_instructions.add(createPush(0x2500, "ebx"));
    final MockCodeContainer block3 = new MockCodeContainer();
    block3.m_instructions.add(createPush(0x1003, "ecx"));
    container.m_blocks.add(block1);
    container.m_blocks.add(block2);
    container.m_blocks.add(block3);
    final MockCodeEdge<MockCodeContainer> edge1 = new MockCodeEdge<MockCodeContainer>(block1, block2, EdgeType.ENTER_INLINED_FUNCTION);
    final MockCodeEdge<MockCodeContainer> edge2 = new MockCodeEdge<MockCodeContainer>(block2, block3, EdgeType.LEAVE_INLINED_FUNCTION);
    block1.m_outgoingEdges.add(edge1);
    container.m_edges.add(edge1);
    container.m_edges.add(edge2);
    final ReilFunction function = m_translator.translate(new StandardEnvironment(), container);
    System.out.println(function.getGraph().getEdges());
    assertEquals(3, function.getGraph().getNodes().size());
    assertEquals(2, function.getGraph().getEdges().size());
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(function, Iterables.get(block1.getInstructions(), 0), "esp", new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.DOWN));
    System.out.println(result);
}
Also used : MockCodeContainer(com.google.security.zynamics.zylib.disassembly.MockCodeContainer) MockCodeEdge(com.google.security.zynamics.zylib.disassembly.MockCodeEdge) RegisterTrackingOptions(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) MockBlockContainer(com.google.security.zynamics.zylib.disassembly.MockBlockContainer) ReilFunction(com.google.security.zynamics.reil.ReilFunction) StandardEnvironment(com.google.security.zynamics.reil.translators.StandardEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

RegisterSetLatticeElement (com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement)5 HashSet (java.util.HashSet)3 Test (org.junit.Test)3 ReilFunction (com.google.security.zynamics.reil.ReilFunction)2 RegisterTrackingOptions (com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions)2 StandardEnvironment (com.google.security.zynamics.reil.translators.StandardEnvironment)2 MockBlockContainer (com.google.security.zynamics.zylib.disassembly.MockBlockContainer)2 MockCodeContainer (com.google.security.zynamics.zylib.disassembly.MockCodeContainer)2 ArrayList (java.util.ArrayList)2 INaviInstruction (com.google.security.zynamics.binnavi.disassembly.INaviInstruction)1 MonoReilSolver (com.google.security.zynamics.reil.algorithms.mono2.common.MonoReilSolver)1 IInstructionGraphEdge (com.google.security.zynamics.reil.algorithms.mono2.common.instructiongraph.interfaces.IInstructionGraphEdge)1 RegisterSetLattice (com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLattice)1 CReilInstructionGraph (com.google.security.zynamics.reil.yfileswrap.algorithms.mono2.common.instructiongraph.CReilInstructionGraph)1 CAddress (com.google.security.zynamics.zylib.disassembly.CAddress)1 IAddress (com.google.security.zynamics.zylib.disassembly.IAddress)1 MockCodeEdge (com.google.security.zynamics.zylib.disassembly.MockCodeEdge)1 Pair (com.google.security.zynamics.zylib.general.Pair)1 Map (java.util.Map)1 Before (org.junit.Before)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial