use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.
the class TestFollowZFIncomingBackwards method testFollowESIInStream.
@Test
public void testFollowESIInStream() {
final MockOperandTree operandTreeFirst = new MockOperandTree();
operandTreeFirst.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
operandTreeFirst.root.m_children.add(new MockOperandTreeNode(ExpressionType.REGISTER, "esi"));
final MockOperandTree operandTreeSecond = new MockOperandTree();
operandTreeSecond.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
operandTreeSecond.root.m_children.add(new MockOperandTreeNode(ExpressionType.MEMDEREF, "["));
operandTreeSecond.root.m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.OPERATOR, "+"));
operandTreeSecond.root.m_children.get(0).m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.REGISTER, "esp"));
operandTreeSecond.root.m_children.get(0).m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.IMMEDIATE_INTEGER, "16"));
final List<MockOperandTree> operandsFirst = Lists.newArrayList(operandTreeFirst, operandTreeSecond);
addInstruction = new MockInstruction(Long.parseLong("58AEE4CE", 16), "add", operandsFirst);
m_options = new RegisterTrackingOptions(true, new HashSet<String>(), false, AnalysisDirection.DOWN);
final List<String> instructionStrings1 = new ArrayList<String>();
instructionStrings1.add("00000058AEE4C100: jcc [BYTE 1, EMPTY , DWORD 1487856843]");
final List<String> instructionStrings2 = new ArrayList<String>();
instructionStrings2.add("00000058AEE4CB00: add [DWORD 16, DWORD esi, QWORD t0]");
instructionStrings2.add("00000058AEE4CB01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings2.add("00000058AEE4CB02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings2.add("00000058AEE4CB03: str [DWORD t2, EMPTY , DWORD esi]");
instructionStrings2.add("00000058AEE4CE00: add [DWORD 16, DWORD esp, QWORD t0]");
instructionStrings2.add("00000058AEE4CE01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings2.add("00000058AEE4CE02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings2.add("00000058AEE4CE03: and [DWORD t2, DWORD 2147483648, DWORD t3]");
instructionStrings2.add("00000058AEE4CE04: and [DWORD esi, DWORD 2147483648, DWORD t4]");
instructionStrings2.add("00000058AEE4CE05: add [DWORD t2, DWORD esi, QWORD t5]");
instructionStrings2.add("00000058AEE4CE06: and [QWORD t5, QWORD 2147483648, DWORD t6]");
instructionStrings2.add("00000058AEE4CE07: bsh [DWORD t6, DWORD -31, BYTE SF]");
instructionStrings2.add("00000058AEE4CE08: xor [DWORD t3, DWORD t4, DWORD t7]");
instructionStrings2.add("00000058AEE4CE09: xor [DWORD t7, DWORD 2147483648, DWORD t8]");
instructionStrings2.add("00000058AEE4CE0A: xor [DWORD t3, DWORD t6, DWORD t9]");
instructionStrings2.add("00000058AEE4CE0B: and [DWORD t8, DWORD t9, DWORD t10]");
instructionStrings2.add("00000058AEE4CE0C: bsh [DWORD t10, DWORD -31, DWORD OF]");
instructionStrings2.add("00000058AEE4CE0D: and [QWORD t5, QWORD 4294967296, QWORD t11]");
instructionStrings2.add("00000058AEE4CE0E: bsh [QWORD t11, QWORD -32, BYTE CF]");
instructionStrings2.add("00000058AEE4CE0F: and [QWORD t5, QWORD 4294967295, DWORD t12]");
instructionStrings2.add("00000058AEE4CE10: bisz [DWORD t12, EMPTY , BYTE ZF]");
instructionStrings2.add("00000058AEE4CE11: str [DWORD t12, EMPTY , DWORD esi]");
instructionStrings2.add("00000058AEE4D200: and [DWORD ebx, DWORD 2147483648, DWORD t0]");
instructionStrings2.add("00000058AEE4D201: and [DWORD eax, DWORD 2147483648, DWORD t1]");
instructionStrings2.add("00000058AEE4D202: add [DWORD ebx, DWORD eax, QWORD t2]");
instructionStrings2.add("00000058AEE4D203: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings2.add("00000058AEE4D204: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings2.add("00000058AEE4D205: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings2.add("00000058AEE4D206: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
instructionStrings2.add("00000058AEE4D207: xor [DWORD t0, DWORD t3, DWORD t6]");
instructionStrings2.add("00000058AEE4D208: and [DWORD t5, DWORD t6, DWORD t7]");
instructionStrings2.add("00000058AEE4D209: bsh [DWORD t7, DWORD -31, DWORD OF]");
instructionStrings2.add("00000058AEE4D20A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
instructionStrings2.add("00000058AEE4D20B: bsh [QWORD t8, QWORD -32, BYTE CF]");
instructionStrings2.add("00000058AEE4D20C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
instructionStrings2.add("00000058AEE4D20D: bisz [DWORD t9, EMPTY , BYTE ZF]");
instructionStrings2.add("00000058AEE4D20E: str [DWORD t9, EMPTY , DWORD eax]");
instructionStrings2.add("00000058AEE4D400: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings2.add("00000058AEE4D401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings2.add("00000058AEE4D402: stm [DWORD eax, EMPTY , DWORD esp]");
instructionStrings2.add("00000058AEE4D500: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings2.add("00000058AEE4D501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings2.add("00000058AEE4D502: stm [DWORD ebx, EMPTY , DWORD esp]");
instructionStrings2.add("00000058AEE4D600: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings2.add("00000058AEE4D601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings2.add("00000058AEE4D602: stm [DWORD 1487856859, EMPTY , DWORD esp]");
instructionStrings2.add("00000058AEE4D603: jcc [DWORD 1, EMPTY , DWORD 1487855744]");
final List<String> instructionStrings3 = Lists.newArrayList();
instructionStrings3.add("00000058AEE08000: and [DWORD esp, DWORD 2147483648, DWORD t0]");
instructionStrings3.add("00000058AEE08001: and [DWORD 136, DWORD 2147483648, DWORD t1]");
instructionStrings3.add("00000058AEE08002: sub [DWORD esp, DWORD 136, QWORD t2]");
instructionStrings3.add("00000058AEE08003: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings3.add("00000058AEE08004: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings3.add("00000058AEE08005: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings3.add("00000058AEE08006: xor [DWORD t0, DWORD t3, DWORD t5]");
instructionStrings3.add("00000058AEE08007: and [DWORD t4, DWORD t5, DWORD t6]");
instructionStrings3.add("00000058AEE08008: bsh [DWORD t6, DWORD -31, BYTE OF]");
instructionStrings3.add("00000058AEE08009: and [QWORD t2, QWORD 4294967296, QWORD t7]");
instructionStrings3.add("00000058AEE0800A: bsh [QWORD t7, QWORD -32, BYTE CF]");
instructionStrings3.add("00000058AEE0800B: and [QWORD t2, QWORD 4294967295, DWORD t8]");
instructionStrings3.add("00000058AEE0800C: bisz [DWORD t8, EMPTY , BYTE ZF]");
instructionStrings3.add("00000058AEE0800D: str [DWORD t8, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE08600: ldm [DWORD 1488871424, EMPTY , DWORD t0]");
instructionStrings3.add("00000058AEE08601: str [DWORD t0, EMPTY , DWORD eax]");
instructionStrings3.add("00000058AEE08B00: xor [DWORD esp, DWORD eax, DWORD t0]");
instructionStrings3.add("00000058AEE08B01: and [DWORD t0, DWORD 2147483648, DWORD t1]");
instructionStrings3.add("00000058AEE08B02: bsh [DWORD t1, DWORD -31, BYTE SF]");
instructionStrings3.add("00000058AEE08B03: bisz [DWORD t0, EMPTY , BYTE ZF]");
instructionStrings3.add("00000058AEE08B04: str [BYTE 0, EMPTY , BYTE CF]");
instructionStrings3.add("00000058AEE08B05: str [BYTE 0, EMPTY , BYTE OF]");
instructionStrings3.add("00000058AEE08B06: str [DWORD t0, EMPTY , DWORD eax]");
instructionStrings3.add("00000058AEE08D00: add [DWORD 132, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE08D01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE08D02: stm [DWORD eax, EMPTY , DWORD t1]");
instructionStrings3.add("00000058AEE09400: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE09401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE09402: stm [DWORD ebx, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE09500: add [DWORD 144, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE09501: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE09502: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings3.add("00000058AEE09503: str [DWORD t2, EMPTY , DWORD ebx]");
instructionStrings3.add("00000058AEE09C00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE09C01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE09C02: stm [DWORD 129, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0A100: add [DWORD 8, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE0A101: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0A102: str [DWORD t1, EMPTY , DWORD eax]");
instructionStrings3.add("00000058AEE0A500: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0A501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0A502: stm [DWORD 0, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0A700: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0A701: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0A702: stm [DWORD eax, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0A800: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0A801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0A802: stm [DWORD 1487855789, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0A803: jcc [DWORD 1, EMPTY , DWORD 1488406128]");
instructionStrings3.add("00000058AEE0AD00: add [DWORD 32, DWORD ebx, QWORD t0]");
instructionStrings3.add("00000058AEE0AD01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0AD02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings3.add("00000058AEE0AD03: str [DWORD t2, EMPTY , DWORD ecx]");
instructionStrings3.add("00000058AEE0B000: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0B001: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0B002: stm [DWORD 1, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0B200: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0B201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0B202: stm [DWORD 0, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0B400: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0B401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0B402: stm [DWORD 15, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0B600: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0B601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0B602: stm [DWORD 128, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0BB00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0BB01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0BB02: stm [DWORD ecx, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0BC00: add [DWORD 36, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE0BC01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0BC02: str [DWORD t1, EMPTY , DWORD edx]");
instructionStrings3.add("00000058AEE0C000: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0C001: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0C002: stm [DWORD edx, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0C100: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0C101: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0C102: stm [DWORD edi, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0C200: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0C201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0C202: stm [DWORD 1487855815, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0C203: jcc [DWORD 1, EMPTY , DWORD 1487799776]");
instructionStrings3.add("00000058AEE0C700: add [DWORD 44, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE0C701: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0C702: str [DWORD t1, EMPTY , DWORD eax]");
instructionStrings3.add("00000058AEE0CB00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0CB01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0CB02: stm [DWORD eax, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0CC00: str [DWORD 129, EMPTY , DWORD edx]");
instructionStrings3.add("00000058AEE0D100: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0D101: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0D102: stm [DWORD 1487855830, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0D103: jcc [DWORD 1, EMPTY , DWORD 1487663360]");
instructionStrings3.add("00000058AEE0D600: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0D601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0D602: stm [DWORD 1, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0D800: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0D801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0D802: stm [DWORD 0, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0DA00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0DA01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0DA02: stm [DWORD 15, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0DC00: add [DWORD 4, DWORD esi, QWORD t0]");
instructionStrings3.add("00000058AEE0DC01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0DC02: stm [DWORD eax, EMPTY , DWORD t1]");
instructionStrings3.add("00000058AEE0DF00: add [DWORD 8, DWORD ebx, QWORD t0]");
instructionStrings3.add("00000058AEE0DF01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0DF02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings3.add("00000058AEE0DF03: str [DWORD t2, EMPTY , DWORD ecx]");
instructionStrings3.add("00000058AEE0E200: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0E201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0E202: stm [DWORD 16, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0E400: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0E401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0E402: stm [DWORD ecx, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0E500: add [DWORD 8, DWORD esi, QWORD t0]");
instructionStrings3.add("00000058AEE0E501: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0E502: str [DWORD t1, EMPTY , DWORD edx]");
instructionStrings3.add("00000058AEE0E800: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0E801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0E802: stm [DWORD edx, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0E900: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0E901: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0E902: stm [DWORD edi, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0EA00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE0EA01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE0EA02: stm [DWORD 1487855855, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE0EA03: jcc [DWORD 1, EMPTY , DWORD 1487799776]");
instructionStrings3.add("00000058AEE0EF00: add [DWORD 208, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE0EF01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0EF02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings3.add("00000058AEE0EF03: str [DWORD t2, EMPTY , DWORD ecx]");
instructionStrings3.add("00000058AEE0F600: add [DWORD 220, DWORD esp, QWORD t0]");
instructionStrings3.add("00000058AEE0F601: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings3.add("00000058AEE0F602: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings3.add("00000058AEE0F603: str [DWORD t2, EMPTY , DWORD eax]");
instructionStrings3.add("00000058AEE0FD00: and [DWORD 72, DWORD 2147483648, DWORD t0]");
instructionStrings3.add("00000058AEE0FD01: and [DWORD esp, DWORD 2147483648, DWORD t1]");
instructionStrings3.add("00000058AEE0FD02: add [DWORD 72, DWORD esp, QWORD t2]");
instructionStrings3.add("00000058AEE0FD03: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings3.add("00000058AEE0FD04: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings3.add("00000058AEE0FD05: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings3.add("00000058AEE0FD06: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
instructionStrings3.add("00000058AEE0FD07: xor [DWORD t0, DWORD t3, DWORD t6]");
instructionStrings3.add("00000058AEE0FD08: and [DWORD t5, DWORD t6, DWORD t7]");
instructionStrings3.add("00000058AEE0FD09: bsh [DWORD t7, DWORD -31, DWORD OF]");
instructionStrings3.add("00000058AEE0FD0A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
instructionStrings3.add("00000058AEE0FD0B: bsh [QWORD t8, QWORD -32, BYTE CF]");
instructionStrings3.add("00000058AEE0FD0C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
instructionStrings3.add("00000058AEE0FD0D: bisz [DWORD t9, EMPTY , BYTE ZF]");
instructionStrings3.add("00000058AEE0FD0E: str [DWORD t9, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE10000: ldm [DWORD esp, EMPTY , DWORD t0]");
instructionStrings3.add("00000058AEE10001: add [DWORD esp, DWORD 4, QWORD t1]");
instructionStrings3.add("00000058AEE10002: and [QWORD t1, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE10003: str [DWORD t0, EMPTY , DWORD ebx]");
instructionStrings3.add("00000058AEE10100: xor [DWORD esp, DWORD ecx, DWORD t0]");
instructionStrings3.add("00000058AEE10101: and [DWORD t0, DWORD 2147483648, DWORD t1]");
instructionStrings3.add("00000058AEE10102: bsh [DWORD t1, DWORD -31, BYTE SF]");
instructionStrings3.add("00000058AEE10103: bisz [DWORD t0, EMPTY , BYTE ZF]");
instructionStrings3.add("00000058AEE10104: str [BYTE 0, EMPTY , BYTE CF]");
instructionStrings3.add("00000058AEE10105: str [BYTE 0, EMPTY , BYTE OF]");
instructionStrings3.add("00000058AEE10106: str [DWORD t0, EMPTY , DWORD ecx]");
instructionStrings3.add("00000058AEE10300: stm [DWORD eax, EMPTY , DWORD esi]");
instructionStrings3.add("00000058AEE10500: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings3.add("00000058AEE10501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE10502: stm [DWORD 1487855882, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE10503: jcc [DWORD 1, EMPTY , DWORD 1488401218]");
instructionStrings3.add("00000058AEE10A00: and [DWORD 136, DWORD 2147483648, DWORD t0]");
instructionStrings3.add("00000058AEE10A01: and [DWORD esp, DWORD 2147483648, DWORD t1]");
instructionStrings3.add("00000058AEE10A02: add [DWORD 136, DWORD esp, QWORD t2]");
instructionStrings3.add("00000058AEE10A03: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings3.add("00000058AEE10A04: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings3.add("00000058AEE10A05: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings3.add("00000058AEE10A06: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
instructionStrings3.add("00000058AEE10A07: xor [DWORD t0, DWORD t3, DWORD t6]");
instructionStrings3.add("00000058AEE10A08: and [DWORD t5, DWORD t6, DWORD t7]");
instructionStrings3.add("00000058AEE10A09: bsh [DWORD t7, DWORD -31, DWORD OF]");
instructionStrings3.add("00000058AEE10A0A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
instructionStrings3.add("00000058AEE10A0B: bsh [QWORD t8, QWORD -32, BYTE CF]");
instructionStrings3.add("00000058AEE10A0C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
instructionStrings3.add("00000058AEE10A0D: bisz [DWORD t9, EMPTY , BYTE ZF]");
instructionStrings3.add("00000058AEE10A0E: str [DWORD t9, EMPTY , DWORD esp]");
instructionStrings3.add("00000058AEE11000: ldm [DWORD esp, EMPTY , DWORD t0]");
instructionStrings3.add("00000058AEE11001: add [DWORD esp, DWORD 4, QWORD t1]");
instructionStrings3.add("00000058AEE11002: and [QWORD t1, QWORD 4294967295, DWORD esp]");
instructionStrings3.add("00000058AEE11003: jcc [DWORD 1, EMPTY , DWORD t0]");
final List<String> instructionStrings4 = Lists.newArrayList();
instructionStrings4.add("00000058AEE4DB00: add [DWORD 24, DWORD esp, QWORD t0]");
instructionStrings4.add("00000058AEE4DB01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings4.add("00000058AEE4DB02: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings4.add("00000058AEE4DB03: and [DWORD 24, DWORD 2147483648, DWORD t3]");
instructionStrings4.add("00000058AEE4DB04: and [DWORD t2, DWORD 2147483648, DWORD t4]");
instructionStrings4.add("00000058AEE4DB05: add [DWORD 24, DWORD t2, QWORD t5]");
instructionStrings4.add("00000058AEE4DB06: and [QWORD t5, QWORD 2147483648, DWORD t6]");
instructionStrings4.add("00000058AEE4DB07: bsh [DWORD t6, DWORD -31, BYTE SF]");
instructionStrings4.add("00000058AEE4DB08: xor [DWORD t3, DWORD t4, DWORD t7]");
instructionStrings4.add("00000058AEE4DB09: xor [DWORD t7, DWORD 2147483648, DWORD t8]");
instructionStrings4.add("00000058AEE4DB0A: xor [DWORD t3, DWORD t6, DWORD t9]");
instructionStrings4.add("00000058AEE4DB0B: and [DWORD t8, DWORD t9, DWORD t10]");
instructionStrings4.add("00000058AEE4DB0C: bsh [DWORD t10, DWORD -31, DWORD OF]");
instructionStrings4.add("00000058AEE4DB0D: and [QWORD t5, QWORD 4294967296, QWORD t11]");
instructionStrings4.add("00000058AEE4DB0E: bsh [QWORD t11, QWORD -32, BYTE CF]");
instructionStrings4.add("00000058AEE4DB0F: and [QWORD t5, QWORD 4294967295, DWORD t12]");
instructionStrings4.add("00000058AEE4DB10: bisz [DWORD t12, EMPTY , BYTE ZF]");
instructionStrings4.add("00000058AEE4DB11: stm [DWORD t12, EMPTY , DWORD t1]");
instructionStrings4.add("00000058AEE4E000: and [DWORD 8, DWORD 2147483648, DWORD t0]");
instructionStrings4.add("00000058AEE4E001: and [DWORD esp, DWORD 2147483648, DWORD t1]");
instructionStrings4.add("00000058AEE4E002: add [DWORD 8, DWORD esp, QWORD t2]");
instructionStrings4.add("00000058AEE4E003: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings4.add("00000058AEE4E004: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings4.add("00000058AEE4E005: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings4.add("00000058AEE4E006: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
instructionStrings4.add("00000058AEE4E007: xor [DWORD t0, DWORD t3, DWORD t6]");
instructionStrings4.add("00000058AEE4E008: and [DWORD t5, DWORD t6, DWORD t7]");
instructionStrings4.add("00000058AEE4E009: bsh [DWORD t7, DWORD -31, DWORD OF]");
instructionStrings4.add("00000058AEE4E00A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
instructionStrings4.add("00000058AEE4E00B: bsh [QWORD t8, QWORD -32, BYTE CF]");
instructionStrings4.add("00000058AEE4E00C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
instructionStrings4.add("00000058AEE4E00D: bisz [DWORD t9, EMPTY , BYTE ZF]");
instructionStrings4.add("00000058AEE4E00E: str [DWORD t9, EMPTY , DWORD esp]");
instructionStrings4.add("00000058AEE4E300: and [DWORD 40, DWORD 2147483648, DWORD t0]");
instructionStrings4.add("00000058AEE4E301: and [DWORD ebx, DWORD 2147483648, DWORD t1]");
instructionStrings4.add("00000058AEE4E302: add [DWORD 40, DWORD ebx, QWORD t2]");
instructionStrings4.add("00000058AEE4E303: and [QWORD t2, QWORD 2147483648, DWORD t3]");
instructionStrings4.add("00000058AEE4E304: bsh [DWORD t3, DWORD -31, BYTE SF]");
instructionStrings4.add("00000058AEE4E305: xor [DWORD t0, DWORD t1, DWORD t4]");
instructionStrings4.add("00000058AEE4E306: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
instructionStrings4.add("00000058AEE4E307: xor [DWORD t0, DWORD t3, DWORD t6]");
instructionStrings4.add("00000058AEE4E308: and [DWORD t5, DWORD t6, DWORD t7]");
instructionStrings4.add("00000058AEE4E309: bsh [DWORD t7, DWORD -31, DWORD OF]");
instructionStrings4.add("00000058AEE4E30A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
instructionStrings4.add("00000058AEE4E30B: bsh [QWORD t8, QWORD -32, BYTE CF]");
instructionStrings4.add("00000058AEE4E30C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
instructionStrings4.add("00000058AEE4E30D: bisz [DWORD t9, EMPTY , BYTE ZF]");
instructionStrings4.add("00000058AEE4E30E: str [DWORD t9, EMPTY , DWORD ebx]");
instructionStrings4.add("00000058AEE4E600: add [DWORD 20, DWORD esp, QWORD t0]");
instructionStrings4.add("00000058AEE4E601: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings4.add("00000058AEE4E602: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings4.add("00000058AEE4E603: and [DWORD t2, DWORD 2147483648, DWORD t3]");
instructionStrings4.add("00000058AEE4E604: and [DWORD 1, DWORD 2147483648, DWORD t4]");
instructionStrings4.add("00000058AEE4E605: sub [DWORD t2, DWORD 1, QWORD t5]");
instructionStrings4.add("00000058AEE4E606: and [QWORD t5, QWORD 2147483648, DWORD t6]");
instructionStrings4.add("00000058AEE4E607: bsh [DWORD t6, DWORD -31, BYTE SF]");
instructionStrings4.add("00000058AEE4E608: xor [DWORD t3, DWORD t4, DWORD t7]");
instructionStrings4.add("00000058AEE4E609: xor [DWORD t3, DWORD t6, DWORD t8]");
instructionStrings4.add("00000058AEE4E60A: and [DWORD t7, DWORD t8, DWORD t9]");
instructionStrings4.add("00000058AEE4E60B: bsh [DWORD t9, DWORD -31, BYTE OF]");
instructionStrings4.add("00000058AEE4E60C: and [QWORD t5, QWORD 4294967296, QWORD t10]");
instructionStrings4.add("00000058AEE4E60D: bsh [QWORD t10, QWORD -32, BYTE CF]");
instructionStrings4.add("00000058AEE4E60E: and [QWORD t5, QWORD 4294967295, DWORD t11]");
instructionStrings4.add("00000058AEE4E60F: bisz [DWORD t11, EMPTY , BYTE ZF]");
instructionStrings4.add("00000058AEE4E610: stm [DWORD t11, EMPTY , DWORD t1]");
instructionStrings4.add("00000058AEE4EB00: bisz [BYTE ZF, EMPTY , BYTE t0]");
instructionStrings4.add("00000058AEE4EB01: jcc [BYTE t0, EMPTY , DWORD 1487856835]");
final List<String> instructionStrings5 = Lists.newArrayList();
instructionStrings5.add("00000058AEE4C300: add [DWORD 28, DWORD esp, QWORD t0]");
instructionStrings5.add("00000058AEE4C301: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings5.add("00000058AEE4C302: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings5.add("00000058AEE4C303: str [DWORD t2, EMPTY , DWORD eax]");
instructionStrings5.add("00000058AEE4C700: add [DWORD 32, DWORD esp, QWORD t0]");
instructionStrings5.add("00000058AEE4C701: and [QWORD t0, DWORD 4294967295, DWORD t1]");
instructionStrings5.add("00000058AEE4C702: ldm [DWORD t1, EMPTY , DWORD t2]");
instructionStrings5.add("00000058AEE4C703: str [DWORD t2, EMPTY , DWORD esi]");
final List<String> instructionStrings6 = Lists.newArrayList();
instructionStrings6.add("00000058AEE4ED00: sub [DWORD esp, DWORD 4, QWORD t0]");
instructionStrings6.add("00000058AEE4ED01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
final List<List<String>> reilBlocks = new ArrayList<List<String>>();
reilBlocks.add(instructionStrings1);
reilBlocks.add(instructionStrings2);
reilBlocks.add(instructionStrings3);
reilBlocks.add(instructionStrings4);
reilBlocks.add(instructionStrings5);
reilBlocks.add(instructionStrings6);
final List<String> edgeStrings = new ArrayList<String>();
edgeStrings.add("00000058AEE4C100 [JUMP_UNCONDITIONAL]-> 00000058AEE4CB00");
edgeStrings.add("00000058AEE4CB00 [ENTER_INLINED_FUNCTION]-> 00000058AEE08000");
edgeStrings.add("00000058AEE08000 [LEAVE_INLINED_FUNCTION]-> 00000058AEE4DB00");
edgeStrings.add("00000058AEE4DB00 [JUMP_CONDITIONAL_TRUE]-> 00000058AEE4C300");
edgeStrings.add("00000058AEE4DB00 [JUMP_CONDITIONAL_FALSE]-> 00000058AEE4ED00");
edgeStrings.add("00000058AEE4C300 [JUMP_UNCONDITIONAL_LOOP]-> 00000058AEE4CB00");
generateReilGraph(reilBlocks, edgeStrings);
m_function = new ReilFunction("FOLLOWESI", m_graph1);
final String trackedRegister = "esi";
final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, addInstruction, trackedRegister, m_options);
final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(addInstruction, m_options.trackIncoming());
System.out.println(m_graph1.toString());
for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
System.out.println(" KEY: " + resultEntry.getKey() + " VALUE: " + resultEntry.getValue().toString());
if (resultEntry.getKey().toLong() == Long.parseLong("0000058AEE4CE00", 16)) {
final RegisterSetLatticeElement jzElement = resultEntry.getValue();
assertTrue(jzElement.getTaintedRegisters().contains("esi"));
}
}
}
use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.
the class TranslatorREIL method translate.
/**
* Translates a REIL instruction to REIL code
*
* @param environment A valid translation environment
* @param instruction The REIL instruction to translate
*
* @return The list of REIL instructions the REIL instruction was translated to
*
* @throws InternalTranslationException An internal translation error occured
* @throws IllegalArgumentException Any of the arguments passed to the function are invalid
*/
@Override
public List<ReilInstruction> translate(final ITranslationEnvironment environment, final InstructionType instruction, final List<ITranslationExtension<InstructionType>> extensions) throws InternalTranslationException {
Preconditions.checkNotNull(environment, "Error: Argument environment can't be null");
Preconditions.checkNotNull(instruction, "Error: Argument instruction can't be null");
final IAddress offset = ReilHelpers.toReilAddress(instruction.getAddress());
final String mnemonic = instruction.getMnemonic();
final ReilOperand firstOperand = convert(instruction.getOperands().get(0));
final ReilOperand secondOperand = convert(instruction.getOperands().get(1));
final ReilOperand thirdOperand = convert(instruction.getOperands().get(2));
return Lists.newArrayList(new ReilInstruction(offset, mnemonic, firstOperand, secondOperand, thirdOperand));
}
use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.
the class PostgreSQLProviderTest method testInstructionFunctionsAddReference5.
@Test(expected = NullPointerException.class)
public void testInstructionFunctionsAddReference5() throws CouldntSaveDataException, CouldntLoadDataException, LoadCancelledException {
final INaviModule module = getProvider().loadModules().get(1);
module.load();
final INaviFunction function = module.getContent().getFunctionContainer().getFunctions().get(1800);
function.load();
final IBlockNode basicBlock = function.getBasicBlocks().get(0);
final INaviInstruction instruction = Iterables.get(basicBlock.getInstructions(), 1);
final COperandTree tree = instruction.getOperands().get(0);
final INaviOperandTreeNode node = tree.getRootNode();
final IAddress address = instruction.getAddress();
PostgreSQLInstructionFunctions.addReference(getProvider(), node, address, null);
}
use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.
the class PostgreSQLProviderTest method testInstructionFunctionsDeleteReference4.
@Test
public void testInstructionFunctionsDeleteReference4() throws CouldntLoadDataException, LoadCancelledException, CouldntSaveDataException, CouldntDeleteException, MaybeNullException {
final INaviModule module = getProvider().loadModules().get(1);
module.load();
final INaviFunction function = module.getContent().getFunctionContainer().getFunction("DelayLoadFailureHook");
function.load();
final IBlockNode basicBlock = function.getBasicBlocks().get(0);
final INaviInstruction instruction = Iterables.get(basicBlock.getInstructions(), 1);
final COperandTree tree = instruction.getOperands().get(0);
final INaviOperandTreeNode node = tree.getRootNode();
final IAddress address = instruction.getAddress();
final ReferenceType type = ReferenceType.DATA;
final int references = node.getReferences().size();
PostgreSQLInstructionFunctions.addReference(getProvider(), node, address, type);
final INaviModule module2 = getProvider().loadModules().get(1);
module2.load();
final INaviFunction function2 = module2.getContent().getFunctionContainer().getFunction("DelayLoadFailureHook");
function2.load();
final IBlockNode basicBlock2 = function2.getBasicBlocks().get(0);
final INaviInstruction instruction2 = Iterables.get(basicBlock2.getInstructions(), 1);
final COperandTree tree2 = instruction2.getOperands().get(0);
final INaviOperandTreeNode node2 = tree2.getRootNode();
assertEquals(references + 1, node2.getReferences().size());
PostgreSQLInstructionFunctions.deleteReference(getProvider(), node2, address, type);
final INaviModule module3 = getProvider().loadModules().get(1);
module3.load();
final INaviFunction function3 = module3.getContent().getFunctionContainer().getFunction("DelayLoadFailureHook");
function3.load();
final IBlockNode basicBlock3 = function3.getBasicBlocks().get(0);
final INaviInstruction instruction3 = Iterables.get(basicBlock3.getInstructions(), 1);
final COperandTree tree3 = instruction3.getOperands().get(0);
final INaviOperandTreeNode node3 = tree3.getRootNode();
assertEquals(references, node3.getReferences().size());
}
use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.
the class CAddressSpaceTest method test_C_Constructors.
@Test
public void test_C_Constructors() {
final MockSqlProvider sql = new MockSqlProvider();
try {
new CAddressSpace(0, "AS Name", "AS Description", new Date(), new Date(), new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, null, "AS Description", new Date(), new Date(), new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, "AS Name", null, new Date(), new Date(), new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, "AS Name", "AS Description", null, new Date(), new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, "AS Name", "AS Description", new Date(), null, new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, "AS Name", "AS Description", new Date(), new Date(), null, null, sql, new MockProject());
fail();
} catch (final Exception exception) {
}
try {
new CAddressSpace(1, "AS Name", "AS Description", new Date(), new Date(), new HashMap<INaviModule, IAddress>(), null, null, new MockProject());
fail();
} catch (final Exception exception) {
}
final CAddressSpace addressSpace = new CAddressSpace(1, "AS Name", "AS Description", new Date(), new Date(), new HashMap<INaviModule, IAddress>(), null, sql, new MockProject());
assertEquals(1, addressSpace.getConfiguration().getId());
assertEquals("AS Name", addressSpace.getConfiguration().getName());
assertEquals("AS Description", addressSpace.getConfiguration().getDescription());
}
Aggregations