Examples with IAddress com.google.security.zynamics.zylib.disassembly.IAddress used on opensource projects

Search in sources :

Example 41 with IAddress

use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.

the class CTracking method track.

/**
 * Performs a register forward tracking operation.
 *
 * @param view The view where the operation happens.
 * @param startInstruction The start instruction.
 * @param trackedRegister The register to track.
 * @param options Register tracking options.
 *
 * @return The result of the register tracking operation.
 *
 * @throws InternalTranslationException Thrown if the graph from the code could not be translated
 *         to REIL.
 */
public static CTrackingResult track(final INaviView view, final INaviInstruction startInstruction, final String trackedRegister, final RegisterTrackingOptions options) throws InternalTranslationException {
    Preconditions.checkNotNull(view, "IE01660: View argument can not be null");
    Preconditions.checkNotNull(startInstruction, "IE01661: Start instruction argument can not be null");
    Preconditions.checkNotNull(trackedRegister, "IE01662: Register argument can not be null");
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(view.getContent().getReilCode(), startInstruction, trackedRegister, options);
    final Map<IAddress, INaviInstruction> instructionMap = CRegisterTrackingHelper.getInstructionMap(view);
    final List<CInstructionResult> instructionResultList = new ArrayList<CInstructionResult>();
    final Map<IAddress, RegisterSetLatticeElement> perInstructionElement = result.generateAddressToStateMapping(startInstruction, options.trackIncoming());
    for (final Map.Entry<IAddress, RegisterSetLatticeElement> addressToStateMapEntry : perInstructionElement.entrySet()) {
        final RegisterSetLatticeElement element = addressToStateMapEntry.getValue();
        if (!element.getReadRegisters().isEmpty() || !element.getNewlyTaintedRegisters().isEmpty() || !element.getUntaintedRegisters().isEmpty() || !element.getUpdatedRegisters().isEmpty()) {
            final CAddress concreteAddress = new CAddress(addressToStateMapEntry.getKey().toLong() >> 8);
            instructionResultList.add(new CInstructionResult(instructionMap.get(concreteAddress), addressToStateMapEntry.getValue()));
        }
    }
    return new CTrackingResult(startInstruction, trackedRegister, instructionResultList);
}
Also used : ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) CAddress(com.google.security.zynamics.zylib.disassembly.CAddress) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) Map(java.util.Map) INaviInstruction(com.google.security.zynamics.binnavi.disassembly.INaviInstruction)

Example 42 with IAddress

use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.

the class ProcessManager method getModule.

/**
 * Returns the module that contains to the given address or null if no such module exists.
 *
 * @param address The address for which to find the corresponding memory module.
 * @return The module that contains the given address.
 */
public MemoryModule getModule(final RelocatedAddress address) {
    // Note: modules are non-overlapping so the head set either contains zero or one elements.
    final SortedSet<IAddress> moduleAddressesHeadSet = moduleAddresses.headSet(address.getAddress(), true);
    if (moduleAddressesHeadSet.isEmpty()) {
        return null;
    } else {
        final MemoryModule module = moduleByAddress.get(moduleAddressesHeadSet.last());
        final BigInteger endAddress = module.getBaseAddress().getAddress().toBigInteger().add(BigInteger.valueOf(module.getSize()));
        return address.getAddress().toBigInteger().compareTo(endAddress) <= 0 ? module : null;
    }
}
Also used : BigInteger(java.math.BigInteger) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress)

Example 43 with IAddress

use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.

the class CReilInstructionGraph method createInstructionEdge.

/**
 * Creates an instruction graph edge between the source node and the destination node and returns
 * the resulting yfiles edge.
 *
 * @param sourceNode The source node of the edge to be created.
 * @param destinationNode The destination node of the edge to be created.
 * @param isTrueEdge Boolean parameter to determine if the edge is a conditional true edge.
 *
 * @return The yfiles edge which has been created and inserted in the graph.
 */
private Edge createInstructionEdge(final Node sourceNode, final Node destinationNode, final boolean isTrueEdge) {
    final ReilInstruction reilInstruction = m_nodesMap.get(destinationNode).getReilInstruction();
    boolean isExitEdge = false;
    if (reilInstruction != null) {
        final IAddress reilInstructionAddress = reilInstruction.getAddress();
        if ((reilInstructionAddress.toLong() & 0xFF) == 0) {
            isExitEdge = true;
        }
    }
    final Edge edge = m_internalGraph.createEdge(sourceNode, destinationNode);
    m_edgesMap.put(edge, new ReilInstructionGraphEdge(isTrueEdge, isExitEdge));
    return edge;
}
Also used : ReilInstruction(com.google.security.zynamics.reil.ReilInstruction) ReilInstructionGraphEdge(com.google.security.zynamics.reil.algorithms.mono2.common.instructiongraph.ReilInstructionGraphEdge) IInstructionGraphEdge(com.google.security.zynamics.reil.algorithms.mono2.common.instructiongraph.interfaces.IInstructionGraphEdge) Edge(y.base.Edge) ReilEdge(com.google.security.zynamics.reil.ReilEdge) ReilInstructionGraphEdge(com.google.security.zynamics.reil.algorithms.mono2.common.instructiongraph.ReilInstructionGraphEdge) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress)

Example 44 with IAddress

use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.

the class TestFollowZFIncomingBackwards method testRegisterTrackFlagDirectionUpMultiEdgeIn.

@Test
public void testRegisterTrackFlagDirectionUpMultiEdgeIn() {
    final MockInstruction startInstruction = new MockInstruction(Long.parseLong("4"), "jz", new ArrayList<MockOperandTree>());
    m_options = new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.UP);
    final List<String> nop1 = new ArrayList<String>();
    nop1.add("100: nop [,,]");
    final List<String> nop2 = new ArrayList<String>();
    nop2.add("200: nop [,,]");
    final List<String> inst = new ArrayList<String>();
    inst.add("300: bisz [DWORD eax, EMPTY , BYTE ZF]");
    inst.add("400: jcc [BYTE ZF, EMPTY, DWORD 123456]");
    final List<List<String>> blocks = Lists.newArrayList();
    blocks.add(nop1);
    blocks.add(nop2);
    blocks.add(inst);
    final List<String> edgeStrings = new ArrayList<String>();
    edgeStrings.add("100 [JUMP_UNCONDITIONAL]-> 300");
    edgeStrings.add("200 [JUMP_UNCONDITIONAL]-> 300");
    generateReilGraph(blocks, edgeStrings);
    m_function = new ReilFunction("FOLLOWZF", m_graph1);
    final String trackedRegister = "ZF";
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, startInstruction, trackedRegister, m_options);
    final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(startInstruction, m_options.trackIncoming());
    for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
        if (resultEntry.getKey().toLong() == Long.parseLong("100", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().isEmpty());
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("200", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().isEmpty());
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("300", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getReadRegisters().contains("ZF"));
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("400", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
    }
}
Also used : ReilFunction(com.google.security.zynamics.reil.ReilFunction) ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) MockInstruction(com.google.security.zynamics.zylib.disassembly.MockInstruction) MockOperandTree(com.google.security.zynamics.zylib.disassembly.MockOperandTree) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 45 with IAddress

use of com.google.security.zynamics.zylib.disassembly.IAddress in project binnavi by google.

the class TestFollowZFIncomingBackwards method testTransformFollowZFinStream1.

@Test
public void testTransformFollowZFinStream1() {
    final MockOperandTree operandTreeFirst1 = new MockOperandTree();
    operandTreeFirst1.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
    operandTreeFirst1.root.m_children.add(new MockOperandTreeNode(ExpressionType.IMMEDIATE_INTEGER, "16827245"));
    final List<MockOperandTree> operandsFirst = Lists.newArrayList(operandTreeFirst1);
    conditionalJumpInstruction1 = new MockInstruction(Long.parseLong("100C32F", 16), "jz", operandsFirst);
    m_options = new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.UP);
    final List<String> instructionStrings1 = new ArrayList<String>();
    // cmp
    instructionStrings1.add("0000000100C32C00: add [DWORD 12, DWORD ebp, QWORD t0]");
    instructionStrings1.add("0000000100C32C01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings1.add("0000000100C32C02: ldm [DWORD t1, EMPTY , BYTE t2]");
    instructionStrings1.add("0000000100C32C03: and [DWORD ebx, BYTE 255, BYTE t4]");
    instructionStrings1.add("0000000100C32C04: and [BYTE t2, BYTE 128, BYTE t5]");
    instructionStrings1.add("0000000100C32C05: and [BYTE t4, BYTE 128, BYTE t6]");
    instructionStrings1.add("0000000100C32C06: sub [BYTE t2, BYTE t4, WORD t7]");
    instructionStrings1.add("0000000100C32C07: and [WORD t7, WORD 128, BYTE t8]");
    instructionStrings1.add("0000000100C32C08: bsh [BYTE t8, BYTE -7, BYTE SF]");
    instructionStrings1.add("0000000100C32C09: xor [BYTE t5, BYTE t6, BYTE t9]");
    instructionStrings1.add("0000000100C32C0A: xor [BYTE t5, BYTE t8, BYTE t10]");
    instructionStrings1.add("0000000100C32C0B: and [BYTE t9, BYTE t10, BYTE t11]");
    instructionStrings1.add("0000000100C32C0C: bsh [BYTE t11, BYTE -7, BYTE OF]");
    instructionStrings1.add("0000000100C32C0D: and [WORD t7, WORD 256, WORD t12]");
    instructionStrings1.add("0000000100C32C0E: bsh [WORD t12, WORD -8, BYTE CF]");
    instructionStrings1.add("0000000100C32C0F: and [WORD t7, WORD 255, BYTE t13]");
    instructionStrings1.add("0000000100C32C10: bisz [BYTE t13, EMPTY , BYTE ZF]");
    // jz
    instructionStrings1.add("0000000100C32F00: jcc [BYTE ZF, EMPTY , DWORD 16827245]");
    final List<List<String>> reilBlocks = new ArrayList<List<String>>();
    reilBlocks.add(instructionStrings1);
    generateReilGraph(reilBlocks, new ArrayList<String>());
    m_function = new ReilFunction("FOLLOWZF", m_graph1);
    final String trackedRegister = "ZF";
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, conditionalJumpInstruction1, trackedRegister, m_options);
    final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(conditionalJumpInstruction1, m_options.trackIncoming());
    System.out.println(m_graph1.toString());
    for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
        if (resultEntry.getKey().toLong() == Long.parseLong("0000000100C32F00", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("0000000100C32C00", 16)) {
            final RegisterSetLatticeElement cmpElement = resultEntry.getValue();
            assertTrue(cmpElement.getNewlyTaintedRegisters().contains("ebx"));
            assertTrue(cmpElement.getReadRegisters().contains("ZF"));
            assertTrue(cmpElement.getTaintedRegisters().contains("ebx"));
            assertTrue(cmpElement.getUntaintedRegisters().contains("ZF"));
            assertTrue(cmpElement.getUpdatedRegisters().isEmpty());
        }
    }
}
Also used : MockOperandTreeNode(com.google.security.zynamics.zylib.disassembly.MockOperandTreeNode) ReilFunction(com.google.security.zynamics.reil.ReilFunction) ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) MockInstruction(com.google.security.zynamics.zylib.disassembly.MockInstruction) MockOperandTree(com.google.security.zynamics.zylib.disassembly.MockOperandTree) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

IAddress (com.google.security.zynamics.zylib.disassembly.IAddress)82 INaviModule (com.google.security.zynamics.binnavi.disassembly.INaviModule)28 ArrayList (java.util.ArrayList)23 CAddress (com.google.security.zynamics.zylib.disassembly.CAddress)19 INaviFunction (com.google.security.zynamics.binnavi.disassembly.INaviFunction)16 INaviInstruction (com.google.security.zynamics.binnavi.disassembly.INaviInstruction)15 Test (org.junit.Test)14 SQLException (java.sql.SQLException)12 CouldntLoadDataException (com.google.security.zynamics.binnavi.Database.Exceptions.CouldntLoadDataException)11 ResultSet (java.sql.ResultSet)11 BigInteger (java.math.BigInteger)10 HashMap (java.util.HashMap)10 INaviCodeNode (com.google.security.zynamics.binnavi.disassembly.INaviCodeNode)9 COperandTree (com.google.security.zynamics.binnavi.disassembly.COperandTree)7 INaviOperandTreeNode (com.google.security.zynamics.binnavi.disassembly.INaviOperandTreeNode)7 INaviView (com.google.security.zynamics.binnavi.disassembly.views.INaviView)7 CConnection (com.google.security.zynamics.binnavi.Database.CConnection)6 CouldntSaveDataException (com.google.security.zynamics.binnavi.Database.Exceptions.CouldntSaveDataException)6 ReilFunction (com.google.security.zynamics.reil.ReilFunction)6 List (java.util.List)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial