Example 11 with InternalTranslationException
use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.
the class BtsTranslator method translate.
/**
* Translates a BTS instruction to REIL code.
*
* @param environment A valid translation environment
* @param instruction The BTR instruction to translate
* @param instructions The generated REIL code will be added to this list
*
* @throws InternalTranslationException if any of the arguments are null the passed instruction is
* not a BTS instruction
*/
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "bts");
if (instruction.getOperands().size() != 2) {
throw new InternalTranslationException("Error: Argument instruction is not a bts instruction (invalid number of operands)");
}
final long baseOffset = instruction.getAddress().toLong() * 0x100;
long offset = baseOffset;
final IOperandTree targetOperand = instruction.getOperands().get(0);
final IOperandTree sourceOperand = instruction.getOperands().get(1);
// Load the target operand.
final TranslationResult targetResult = Helpers.translateOperand(environment, offset, targetOperand, true);
instructions.addAll(targetResult.getInstructions());
offset = baseOffset + instructions.size();
// Load the source operand.
final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
instructions.addAll(sourceResult.getInstructions());
offset = baseOffset + instructions.size();
final String negatedIndex = environment.getNextVariableString();
// final String truncatedNegatedIndex = environment.getNextVariableString();
final String shiftedTarget = environment.getNextVariableString();
// TODO: Due to a bug in the REIL BSH specification we can not truncate the result
// of the subtraction here. See the tests for an example of what goes wrong.
instructions.add(ReilHelpers.createSub(offset++, OperandSize.BYTE, "0", sourceResult.getSize(), sourceResult.getRegister(), OperandSize.WORD, negatedIndex));
// instructions.add(ReilHelpers.createAnd(offset++, OperandSize.WORD, negatedIndex,
// OperandSize.BYTE, "255", OperandSize.BYTE, truncatedNegatedIndex));
instructions.add(ReilHelpers.createBsh(offset++, targetResult.getSize(), targetResult.getRegister(), OperandSize.BYTE, negatedIndex, targetResult.getSize(), shiftedTarget));
instructions.add(ReilHelpers.createAnd(offset++, targetResult.getSize(), shiftedTarget, OperandSize.BYTE, "1", OperandSize.BYTE, Helpers.CARRY_FLAG));
// Set the bit in the destination
final String shiftedIndex = environment.getNextVariableString();
final String andedResult = environment.getNextVariableString();
instructions.add(ReilHelpers.createBsh(offset++, OperandSize.BYTE, "1", sourceResult.getSize(), sourceResult.getRegister(), targetResult.getSize(), shiftedIndex));
instructions.add(ReilHelpers.createOr(offset++, targetResult.getSize(), targetResult.getRegister(), targetResult.getSize(), shiftedIndex, targetResult.getSize(), andedResult));
Helpers.writeBack(environment, offset++, targetOperand, andedResult, targetResult.getSize(), targetResult.getAddress(), targetResult.getType(), instructions);
}
Also used :
IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree)
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult)
Example 12 with InternalTranslationException
use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.
the class CNodeClickHandler method handleRegisterTracking.
private void handleRegisterTracking(final NaviNode node, final double y, final COperandTreeNode operand, final AnalysisDirection direction) {
if (!(node.getRawNode() instanceof INaviCodeNode)) {
// register tracking is only possible on code nodes.
return;
}
final INaviCodeNode codeNode = (INaviCodeNode) node.getRawNode();
final double yPos = y - node.getY();
final int row = node.positionToRow(yPos);
final INaviInstruction instruction = CCodeNodeHelpers.lineToInstruction(codeNode, row);
if (instruction == null) {
return;
}
if (!operand.getType().equals(ExpressionType.REGISTER)) {
return;
}
final Set<String> clearedRegisters = Sets.newHashSet();
if (instruction.getArchitecture().equalsIgnoreCase("x86-32")) {
clearedRegisters.add("eax");
} else if (instruction.getArchitecture().equalsIgnoreCase("x86-64")) {
clearedRegisters.add("rax");
} else if (instruction.getArchitecture().equalsIgnoreCase("PowerPC-32")) {
clearedRegisters.addAll(Lists.newArrayList("R3", "R4", "R5", "R6", "R7", "R8", "R9", "R10", "R11", "R12"));
} else if (instruction.getArchitecture().equalsIgnoreCase("ARM-32")) {
clearedRegisters.addAll(Lists.newArrayList("r0", "r1", "r2", "r3", "r12", "r14"));
} else if (instruction.getArchitecture().equalsIgnoreCase("MIPS-32")) {
clearedRegisters.addAll(Lists.newArrayList("$a0", "$a1", "$a2", "$a3", "$t0", "$t1", "$t2", "$t3", "$t4", "$t5", "$t6", "$t7", "$v0", "$v1"));
} else {
return;
}
final boolean trackIncoming = instruction.getOperandPosition(operand.getOperand()) != 0;
final RegisterTrackingOptions options = new RegisterTrackingOptions(false, clearedRegisters, trackIncoming, direction);
try {
// TODO(timkornau): comment this code in once we know how to access the bottom panel.
// final CTrackingResult result =
CTracking.track(m_model.getGraph().getRawView(), instruction, operand.getValue(), options);
} catch (final InternalTranslationException exception) {
CUtilityFunctions.logException(exception);
}
// TODO: (timkornau@google) there is currently no way to access the bottom panel to display the
// results. We need to somehow get access to the register tracking results container which
// exposes a method to set a new result.
}
Also used :
INaviCodeNode(com.google.security.zynamics.binnavi.disassembly.INaviCodeNode)
RegisterTrackingOptions(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions)
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
INaviInstruction(com.google.security.zynamics.binnavi.disassembly.INaviInstruction)
Example 13 with InternalTranslationException
use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.
the class AddressingModeOneGenerator method generate.
/**
* The FlexirandGenerator Class takes the Flexible Operand <operand2> of an ARM instruction and
* provides the result of the computation within <operand2> to the caller.
*
* @return a pair with optional overflow and optional carry-out of shifter
*/
public static Pair<String, String> generate(final long baseOffset, final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions, final IOperandTreeNode rootNode) throws InternalTranslationException {
Preconditions.checkNotNull(environment, "Error: Argument environment can't be null");
Preconditions.checkNotNull(instruction, "Error: Argument instruction can't be null");
Preconditions.checkNotNull(instructions, "Error: Argument instructions can't be null");
/**
* parse the received operand tree to see what we need to be calling
*/
if (rootNode.getChildren().get(0).getType() == ExpressionType.IMMEDIATE_INTEGER) {
// matched #<immediate> with rotate_imm == 0
return immediateRotateZero(rootNode.getChildren().get(0).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("ROR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.IMMEDIATE_INTEGER)) {
// matched #<immediate> with rotate_imm != 0
return immediateROR(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if (rootNode.getChildren().get(0).getType() == ExpressionType.REGISTER) {
// matched <Rm>
return register(rootNode.getChildren().get(0).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("LSL") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.IMMEDIATE_INTEGER)) {
// matched Rn LSL #imm
return lslImmediate(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("LSL") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.REGISTER)) {
// matched Rn LSL Rn
return lslRegister(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("LSR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.IMMEDIATE_INTEGER)) {
// matched Rn LSR #imm
return lsrImmediate(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("LSR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.REGISTER)) {
// matched Rn LSR Rn
return lsrRegister(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("ASR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.IMMEDIATE_INTEGER)) {
// matched Rn ASR #imm
return asrImmediate(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("ASR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.REGISTER)) {
// matched Rn ASR Rn
return asrRegister(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("ROR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.IMMEDIATE_INTEGER)) {
// matched Rn ROR #imm
return rorImmediate(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("ROR") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER) && (rootNode.getChildren().get(0).getChildren().get(1).getType() == ExpressionType.REGISTER)) {
// matched Rn ROR Rn
return rorRegister(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue(), rootNode.getChildren().get(0).getChildren().get(1).getValue());
} else if ((rootNode.getChildren().get(0).getType() == ExpressionType.OPERATOR) && rootNode.getChildren().get(0).getValue().equals("RRX") && (rootNode.getChildren().get(0).getChildren().get(0).getType() == ExpressionType.REGISTER)) {
// matched Rn RRX
return rrxRegister(baseOffset, environment, instructions, rootNode.getChildren().get(0).getChildren().get(0).getValue());
} else {
throw new InternalTranslationException("Error: AddressOperandTypeOne OperandTree is not valid" + instruction.getMnemonic() + " " + instruction.getAddress().toString());
}
}
Also used :
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
Example 14 with InternalTranslationException
use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.
the class ConditionGenerator method generate.
public static void generate(final long offset, final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions, final String extension, final String jumpGoal) throws InternalTranslationException {
Preconditions.checkNotNull(environment, "Error: Argument environment can't be null");
Preconditions.checkNotNull(instruction, "Error: Argument instruction can't be null");
Preconditions.checkNotNull(instructions, "Error: Argument instructions can't be null");
/*
* 2.5.2 Execution conditions The relation of condition code suffixes to the N, Z, C and V flags
* is shown in Table 2-1. Table 2-1 Condition code suffixes Suffix Flags Meaning EQ Z set Equal
* NE Z clear Not equal CS/HS C set Higher or same (unsigned >= ) CC/LO C clear Lower (unsigned
* < ) MI N set Negative PL N clear Positive or zero VS V set Overflow VC V clear No overflow HI
* C set and Z clear Higher (unsigned > ) LS C clear or Z set Lower or same (unsigned <= ) GE N
* and V the same Signed >= LT N and V differ Signed < GT Z clear, N and V the same Signed > LE
* Z set, N and V differ Signed <= AL Any Always. This suffix is normally omitted.
*/
final OperandSize bt = OperandSize.BYTE;
// final OperandSize dw = OperandSize.DWORD;
final String tmpVar1 = environment.getNextVariableString();
final String tmpVar2 = environment.getNextVariableString();
final String tmpVar3 = environment.getNextVariableString();
final String jumpCondition = environment.getNextVariableString();
long baseOffset = offset;
final String[] meta = new String[0];
if (extension.compareTo("EQ") == 0) {
/*
* z set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "Z", bt, jumpCondition));
} else if (extension.compareTo("NE") == 0) {
/*
* z not set
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, "Z", bt, jumpCondition));
} else if ((extension.compareTo("CS") == 0) || (extension.compareTo("HS") == 0)) {
/*
* c set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "C", bt, jumpCondition));
} else if ((extension.compareTo("CC") == 0) || (extension.compareTo("LO") == 0)) {
/*
* c not set
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, "C", bt, jumpCondition));
} else if (extension.compareTo("MI") == 0) {
/*
* n set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "N", bt, jumpCondition));
} else if (extension.compareTo("PL") == 0) {
/*
* n not set
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, "N", bt, jumpCondition));
} else if (extension.compareTo("VS") == 0) {
/*
* v set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "V", bt, jumpCondition));
} else if (extension.compareTo("VC") == 0) {
/*
* v not set
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, "V", bt, jumpCondition));
} else if (extension.compareTo("HI") == 0) {
/*
* c set and z not set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "C", bt, tmpVar1));
instructions.add(ReilHelpers.createAnd(baseOffset++, bt, tmpVar1, bt, "Z", bt, jumpCondition));
} else if (extension.compareTo("LS") == 0) {
/*
* c not set and z set
*/
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "Z", bt, tmpVar1));
instructions.add(ReilHelpers.createAnd(baseOffset++, bt, tmpVar1, bt, "C", bt, jumpCondition));
} else if (extension.compareTo("GE") == 0) {
/*
* n equal v
*/
instructions.add(ReilHelpers.createXor(baseOffset++, bt, "N", bt, "V", bt, tmpVar1));
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, tmpVar1, bt, jumpCondition));
} else if (extension.compareTo("LT") == 0) {
/*
* n is not equal v
*/
instructions.add(ReilHelpers.createXor(baseOffset++, bt, "N", bt, "V", bt, tmpVar1));
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, tmpVar1, bt, jumpCondition));
} else if (extension.compareTo("GT") == 0) {
/*
* z clear and n equals v
*/
instructions.add(ReilHelpers.createXor(baseOffset++, bt, "N", bt, "V", bt, tmpVar1));
instructions.add(ReilHelpers.createAnd(baseOffset++, bt, tmpVar1, bt, "Z", bt, jumpCondition));
} else if (extension.compareTo("LE") == 0) {
/*
* z set and n is not equal v
*/
instructions.add(ReilHelpers.createXor(baseOffset++, bt, "N", bt, "V", bt, tmpVar1));
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, tmpVar1, bt, tmpVar3));
instructions.add(ReilHelpers.createBisz(baseOffset++, bt, "Z", bt, tmpVar2));
instructions.add(ReilHelpers.createAnd(baseOffset++, bt, tmpVar3, bt, tmpVar2, bt, jumpCondition));
} else if (extension.compareTo("AL") == 0) {
/*
* any
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, String.valueOf(0L), bt, jumpCondition));
} else if (extension.compareTo("NV") == 0) {
/*
* none
*/
instructions.add(ReilHelpers.createStr(baseOffset++, bt, String.valueOf(1L), bt, jumpCondition));
} else {
throw new InternalTranslationException("ERROR: unknown condition " + extension);
}
instructions.add(ReilHelpers.createJcc(baseOffset++, bt, jumpCondition, OperandSize.ADDRESS, jumpGoal, meta));
}
Also used :
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
OperandSize(com.google.security.zynamics.reil.OperandSize)
Example 15 with InternalTranslationException
use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.
the class LiTranslator method translate.
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "li");
if (instruction.getOperands().size() != 2) {
throw new InternalTranslationException("Error: Argument instruction is not a li instruction (invalid number of operands)");
}
final IOperandTreeNode literalOperand = instruction.getOperands().get(1).getRootNode().getChildren().get(0);
final IOperandTreeNode registerOperand = instruction.getOperands().get(0).getRootNode().getChildren().get(0);
final long baseOffset = instruction.getAddress().toLong() * 0x100;
final BigInteger literalValue = BigInteger.valueOf(Long.valueOf(literalOperand.getValue()));
if (literalValue.testBit(15)) {
instructions.add(ReilHelpers.createStr(baseOffset, OperandSize.DWORD, String.valueOf(literalValue.or(BigInteger.valueOf(0xFFFF0000L))), OperandSize.DWORD, registerOperand.getValue()));
} else {
instructions.add(ReilHelpers.createStr(baseOffset, OperandSize.DWORD, String.valueOf(literalValue), OperandSize.DWORD, registerOperand.getValue()));
}
}
Also used :
BigInteger(java.math.BigInteger)
InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException)
IOperandTreeNode(com.google.security.zynamics.zylib.disassembly.IOperandTreeNode)
Aggregations
InternalTranslationException (com.google.security.zynamics.reil.translators.InternalTranslationException)62
OperandSize (com.google.security.zynamics.reil.OperandSize)46
TranslationResult (com.google.security.zynamics.reil.translators.TranslationResult)42
IOperandTree (com.google.security.zynamics.zylib.disassembly.IOperandTree)35
ReilInstruction (com.google.security.zynamics.reil.ReilInstruction)6
ArrayList (java.util.ArrayList)5
TranslationResultType (com.google.security.zynamics.reil.translators.TranslationResultType)3
INaviInstruction (com.google.security.zynamics.binnavi.disassembly.INaviInstruction)2
OperandType (com.google.security.zynamics.reil.OperandType)2
IOperandTreeNode (com.google.security.zynamics.zylib.disassembly.IOperandTreeNode)2
BigInteger (java.math.BigInteger)2
MockCodeNodeData (com.google.security.zynamics.binnavi.Database.MockClasses.MockCodeNodeData)1
MockCodeNodeProvider (com.google.security.zynamics.binnavi.Database.MockClasses.MockCodeNodeProvider)1
MockSqlProvider (com.google.security.zynamics.binnavi.Database.MockClasses.MockSqlProvider)1
CCodeNodeParser (com.google.security.zynamics.binnavi.Database.NodeParser.CCodeNodeParser)1
MaybeNullException (com.google.security.zynamics.binnavi.Exceptions.MaybeNullException)1
CCodeNode (com.google.security.zynamics.binnavi.disassembly.CCodeNode)1
INaviCodeNode (com.google.security.zynamics.binnavi.disassembly.INaviCodeNode)1
MockFunction (com.google.security.zynamics.binnavi.disassembly.MockFunction)1
MockModule (com.google.security.zynamics.binnavi.disassembly.Modules.MockModule)1
