Examples with InternalTranslationException com.google.security.zynamics.reil.translators.InternalTranslationException used on opensource projects

Example 36 with InternalTranslationException

use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.

the class SetccTranslator method translate.

/**
   * Translates a SETcc instruction to REIL code.
   * 
   * @param environment A valid translation environment.
   * @param instruction The SETcc instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a conditional set instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    Preconditions.checkNotNull(environment, "Error: Argument environment can't be null");
    Preconditions.checkNotNull(instruction, "Error: Argument instruction can't be null");
    Preconditions.checkNotNull(instructions, "Error: Argument instructions can't be null");
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not a conditional setcc instruction (invalid number of operands)");
    }
    final long reilOffsetBase = instruction.getAddress().toLong() * 0x100;
    long reilOffset = reilOffsetBase;
    // SETCC instructions have exactly one operand.
    final IOperandTree operand = instruction.getOperands().get(0);
    // Load the operand.
    final TranslationResult result = Helpers.translateOperand(environment, reilOffset, operand, false);
    final OperandSize size = result.getSize();
    final TranslationResultType type = result.getType();
    final String address = result.getAddress();
    instructions.addAll(result.getInstructions());
    // Adjust the offset of the next REIL instruction.
    reilOffset = reilOffsetBase + instructions.size();
    final Pair<OperandSize, String> condition = conditionGenerator.generate(environment, reilOffset, instructions);
    reilOffset = reilOffsetBase + instructions.size();
    final String conditionRegister = condition.second();
    Helpers.writeBack(environment, reilOffset, operand, conditionRegister, size, address, type, instructions);
}

Example 37 with InternalTranslationException

use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.

the class CmpxchgTranslator method translate.

/**
   * Translates a CMPXCHG instruction to REIL code.
   *
   * @param environment A valid translation environment.
   * @param instruction The CMPXCHG instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   *
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a CMPXCHG instruction
   *
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "cmpxchg");
    Preconditions.checkArgument(instruction.getOperands().size() == 2, "Error: Argument instruction is not a cmp instruction (invalid number of operands)");
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final List<? extends IOperandTree> operands = instruction.getOperands();
    final IOperandTree targetOperand = operands.get(0);
    final IOperandTree sourceOperand = operands.get(1);
    // Load first operand.
    final TranslationResult targetResult = Helpers.translateOperand(environment, offset, targetOperand, true);
    instructions.addAll(targetResult.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    // Load second operand.
    final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
    instructions.addAll(sourceResult.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    // Compare the first operand to AL/AX/EAX
    String xaxRegister;
    switch(targetResult.getSize()) {
        case BYTE:
            xaxRegister = "al";
            break;
        case WORD:
            xaxRegister = "ax";
            break;
        case DWORD:
            xaxRegister = "eax";
            break;
        default:
            throw new InternalTranslationException("Error: The first operand has to be BYTE/WORD/DWORD !");
    }
    String comparisonResult = environment.getNextVariableString();
    OperandSize currentSize = targetResult.getSize();
    // Subtract the first operand from AL/AX/EAX
    instructions.add(ReilHelpers.createSub(baseOffset + instructions.size(), currentSize, xaxRegister, currentSize, targetResult.getRegister(), currentSize, comparisonResult));
    // Set the ZF if the two values were equal
    instructions.add(ReilHelpers.createBisz(baseOffset + instructions.size(), currentSize, comparisonResult, OperandSize.BYTE, Helpers.ZERO_FLAG));
    // The control flow is as follows:
    // Jump to secondWriteBack if not equal
    // firstWriteBack
    // Jump to terminatingNop (avoid falling through from the first case)
    // secondWriteBack
    // terminatingNop
    // firstWriteBack: if the content of AL/AX/EAX is equal to the source operand,
    // move sourceOperand to targetOperand.
    final List<ReilInstruction> firstWriteBack = new ArrayList<ReilInstruction>();
    Helpers.writeBack(environment, // reserve space for the first JCC
    baseOffset + instructions.size() + 1, targetOperand, sourceResult.getRegister(), sourceResult.getSize(), targetResult.getAddress(), targetResult.getType(), firstWriteBack);
    // Jump to secondWriteBack if not equal.
    // Reserve space for the two JCC and firstWriteBack when calculating target address.
    final long secondWriteBackOffset = instructions.size() + firstWriteBack.size() + 3;
    final String secondWriteBackGoal = String.format("%d.%d", instruction.getAddress().toLong(), secondWriteBackOffset);
    instructions.add(ReilHelpers.createJcc(baseOffset + instructions.size(), currentSize, comparisonResult, OperandSize.ADDRESS, secondWriteBackGoal));
    // Add the mov code that's executed if the condition is true.
    instructions.addAll(firstWriteBack);
    // Create an operand representing the AL/AX/EAX register so that we can write back to it.
    ReilOperandNode xAXOperandRoot = new ReilOperandNode(currentSize.toSizeString(), ExpressionType.SIZE_PREFIX);
    ReilOperandNode xAXOperandLeaf = new ReilOperandNode(xaxRegister, ExpressionType.REGISTER);
    ReilOperandNode.link(xAXOperandRoot, xAXOperandLeaf);
    ReilOperand xAXOperand = new ReilOperand(xAXOperandRoot);
    // secondWriteBack: if the content of AL/AX/EAX is not equal to the source operand,
    // move targetOperand to AL/AX/EAX.
    final List<ReilInstruction> secondWriteBack = new ArrayList<ReilInstruction>();
    Helpers.writeBack(environment, // reserve space for the second JCC
    baseOffset + instructions.size() + 1, xAXOperand, targetResult.getRegister(), currentSize, null, /* Memory address of the writeBack target. Empty since target is a register. */
    TranslationResultType.REGISTER, secondWriteBack);
    // Jump to terminatingNop (avoid falling through from firstWriteBack).
    // Reserve addresses for JCC and for secondWriteBack when calculating target address.
    final long terminatingNopOffset = instructions.size() + secondWriteBack.size() + 2;
    final String terminatingNopGoal = String.format("%d.%d", instruction.getAddress().toLong(), terminatingNopOffset);
    instructions.add(ReilHelpers.createJcc(baseOffset + instructions.size(), OperandSize.BYTE, "1", OperandSize.ADDRESS, terminatingNopGoal));
    // Add the mov code that's executed if the condition is true.
    instructions.addAll(secondWriteBack);
    // Add a terminating NOP, this makes it easier to get a target for the conditional jump.
    instructions.add(ReilHelpers.createNop(baseOffset + instructions.size()));
}

Example 38 with InternalTranslationException

use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.

the class DecTranslator method translate.

/**
   * Translates an DEC instruction to REIL code.
   * 
   * @param environment A valid translation environment
   * @param instruction The DEC instruction to translate
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not an DEC instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "dec");
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not an dec instruction (invalid number of operand)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    // DEC instructions have exactly one operand.
    final IOperandTree operand = instruction.getOperands().get(0);
    // Load the operand.
    final TranslationResult result = Helpers.translateOperand(environment, offset, operand, true);
    instructions.addAll(result.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    final String loadedRegister = result.getRegister();
    final OperandSize registerSize = result.getSize();
    final OperandSize nextSize = TranslationHelpers.getNextSize(registerSize);
    final String msbMask = String.valueOf(TranslationHelpers.getMsbMask(registerSize));
    final String shiftMsbLsbMask = String.valueOf(TranslationHelpers.getShiftMsbLsbMask(registerSize));
    final String truncMask = String.valueOf(TranslationHelpers.getAllBitsMask(registerSize));
    final String maskedMsb = environment.getNextVariableString();
    final String decResult = environment.getNextVariableString();
    final String maskedMsbResult = environment.getNextVariableString();
    final String maskedMsbNeg = environment.getNextVariableString();
    final String tempOF = environment.getNextVariableString();
    final String truncatedResult = environment.getNextVariableString();
    // Isolate the MSB of the operand
    instructions.add(ReilHelpers.createAnd(offset, registerSize, loadedRegister, registerSize, msbMask, registerSize, maskedMsb));
    // Decrement the value
    instructions.add(ReilHelpers.createSub(offset + 1, registerSize, loadedRegister, registerSize, "1", nextSize, decResult));
    // Isolate the MSB of the result and put it into the Sign Flag
    instructions.add(ReilHelpers.createAnd(offset + 2, nextSize, decResult, registerSize, msbMask, registerSize, maskedMsbResult));
    instructions.add(ReilHelpers.createBsh(offset + 3, registerSize, maskedMsbResult, registerSize, shiftMsbLsbMask, OperandSize.BYTE, Helpers.SIGN_FLAG));
    // The OF is only set if the result of the dec operation is 0x7F
    // OF = ( MSB(old) == 1 ) AND ( MSB(new) == 0 )
    // OF = MSB(old) AND NOT(MSB(new))
    instructions.add(ReilHelpers.createXor(offset + 4, registerSize, maskedMsbResult, registerSize, msbMask, registerSize, maskedMsbNeg));
    instructions.add(ReilHelpers.createAnd(offset + 5, registerSize, maskedMsb, registerSize, maskedMsbNeg, registerSize, tempOF));
    // Write the result into the Overflow Flag
    instructions.add(ReilHelpers.createBsh(offset + 6, registerSize, tempOF, registerSize, shiftMsbLsbMask, OperandSize.BYTE, Helpers.OVERFLOW_FLAG));
    // Truncate the result to fit into the target
    instructions.add(ReilHelpers.createAnd(offset + 7, nextSize, decResult, registerSize, truncMask, registerSize, truncatedResult));
    // Update the Zero Flag
    instructions.add(ReilHelpers.createBisz(offset + 8, registerSize, truncatedResult, OperandSize.BYTE, Helpers.ZERO_FLAG));
    // Write the truncated result back into the operand
    Helpers.writeBack(environment, offset + 9, operand, truncatedResult, registerSize, result.getAddress(), result.getType(), instructions);
}

Example 39 with InternalTranslationException

use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.

the class DivTranslator method translate.

/**
   * Translates a DIV instruction to REIL code.
   *
   * @param environment A valid translation environment
   * @param instruction The DIV instruction to translate
   * @param instructions The generated REIL code will be added to this list
   *
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not an DIV instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "div");
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not a div instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final List<? extends IOperandTree> operands = instruction.getOperands();
    final IOperandTree divisorOperand = operands.get(0);
    final OperandSize size = Helpers.getOperandSize(divisorOperand);
    // Load the dividend
    final TranslationResult resultDividend = Helpers.loadFirstDivOperand(environment, offset, size);
    instructions.addAll(resultDividend.getInstructions());
    // Adjust the offset of the next REIL instruction
    offset = baseOffset + instructions.size();
    final String dividend = resultDividend.getRegister();
    // Load the divisor
    final TranslationResult resultDivisor = Helpers.translateOperand(environment, offset, divisorOperand, true);
    instructions.addAll(resultDivisor.getInstructions());
    // Adjust the offset of the next REIL instruction
    offset = baseOffset + instructions.size();
    final String divisor = resultDivisor.getRegister();
    final String divResult = environment.getNextVariableString();
    final String modResult = environment.getNextVariableString();
    // Perform divison and modulo operation
    instructions.add(ReilHelpers.createDiv(offset++, size, dividend, size, divisor, size, divResult));
    instructions.add(ReilHelpers.createMod(offset++, size, dividend, size, divisor, size, modResult));
    // Write the result back and set the flags
    instructions.addAll(Helpers.writeDivResult(environment, offset++, divResult, modResult, size));
    offset = baseOffset + instructions.size();
    // Undefine flags
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.AUXILIARY_FLAG));
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.CARRY_FLAG));
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.OVERFLOW_FLAG));
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.PARITY_FLAG));
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.SIGN_FLAG));
    instructions.add(ReilHelpers.createUndef(offset++, OperandSize.BYTE, Helpers.ZERO_FLAG));
}

Example 40 with InternalTranslationException

use of com.google.security.zynamics.reil.translators.InternalTranslationException in project binnavi by google.

the class Helpers method moveAndMask.

/**
   * Writes a value into a subregister.
   *
   * @param environment A valid translation environment
   * @param offset The next unused REIL offset; new code is add here
   * @param valueSize Size of the value
   * @param value Value to write into the subregister
   * @param subRegister The target subregister
   * @param instructions List of instructions where the code is added
   *
   * @throws IllegalArgumentException Thrown if arguments passed to the function are invalid
   */
public static void moveAndMask(final ITranslationEnvironment environment, final long offset, final OperandSize valueSize, final String value, final String subRegister, final List<ReilInstruction> instructions) throws IllegalArgumentException, InternalTranslationException, IllegalArgumentException {
    Preconditions.checkNotNull(environment, "Error: Argument environment can't be null");
    Preconditions.checkNotNull(value, "Error: Argument value can't be null");
    Preconditions.checkNotNull(subRegister, "Error: Argument subRegister can't be null");
    Preconditions.checkNotNull(valueSize, "Error: Argument valueSize can't be null");
    Preconditions.checkNotNull(instructions, "Error: Argument instructions can't be null");
    final String parentRegister = getParentRegister(subRegister);
    final OperandSize registerSize = getRegisterSize(subRegister);
    final OperandSize parentRegisterSize = getRegisterSize(parentRegister);
    final OperandSize archSize = environment.getArchitectureSize();
    // The subregister is too large => Not a subregister
    if (registerSize.getByteSize() >= archSize.getByteSize()) {
        throw new InternalTranslationException("Error: Register is not a subregister");
    }
    // The value is too large => Doesn't fit into a subregister
    if (valueSize.getByteSize() >= archSize.getByteSize()) {
        throw new InternalTranslationException("Error: Value doesn't fit into a subregister");
    }
    // The value is too large => Doesn't fit into a parent register
    if (valueSize.getByteSize() >= parentRegisterSize.getByteSize()) {
        throw new InternalTranslationException("Error: Value doesn't fit into a parent register");
    }
    final String mask = String.valueOf(getNegativeMask(subRegister));
    if (isHigher8BitRegister(subRegister)) {
        // AH, BH, CH and DH must be shifted into position first.
        final String shiftedValue = environment.getNextVariableString();
        final String maskedValue = environment.getNextVariableString();
        // Shift the value into place.
        instructions.add(ReilHelpers.createBsh(offset, valueSize, value, valueSize, "8", archSize, shiftedValue));
        // Clear the parts of the parent register that will be overwritten
        instructions.add(ReilHelpers.createAnd(offset + 1, archSize, parentRegister, archSize, mask, archSize, maskedValue));
        // Write the new value into the parent register.
        instructions.add(ReilHelpers.createOr(offset + 2, archSize, shiftedValue, archSize, maskedValue, archSize, parentRegister));
    } else {
        // No shifting necessary for subregisters that are already at the LSB
        final String maskedValue = environment.getNextVariableString();
        // Clear the relevant parts of the parent register and fill it with the new value.
        instructions.add(ReilHelpers.createAnd(offset, archSize, parentRegister, archSize, mask, archSize, maskedValue));
        instructions.add(ReilHelpers.createOr(offset + 1, valueSize, value, archSize, maskedValue, archSize, parentRegister));
    }
}