Examples with IOperandTree com.google.security.zynamics.zylib.disassembly.IOperandTree used on opensource projects

Search in sources :

Example 51 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class BtcTranslator method translate.

/**
   * Translates a BTC instruction to REIL code.
   * 
   * @param environment A valid translation environment
   * @param instruction The BTC instruction to translate
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a BTC instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "btc");
    if (instruction.getOperands().size() != 2) {
        throw new InternalTranslationException("Error: Argument instruction is not a btc instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final IOperandTree targetOperand = instruction.getOperands().get(0);
    final IOperandTree sourceOperand = instruction.getOperands().get(1);
    // Load the target operand.
    final TranslationResult targetResult = Helpers.translateOperand(environment, offset, targetOperand, true);
    instructions.addAll(targetResult.getInstructions());
    offset = baseOffset + instructions.size();
    // Load the source operand.
    final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
    instructions.addAll(sourceResult.getInstructions());
    offset = baseOffset + instructions.size();
    final String negatedIndex = environment.getNextVariableString();
    // final String truncatedNegatedIndex = environment.getNextVariableString();
    final String shiftedTarget = environment.getNextVariableString();
    // TODO: Due to a bug in the REIL BSH specification we can not truncate the result
    // of the subtraction here. See the tests for an example of what goes wrong.
    instructions.add(ReilHelpers.createSub(offset++, OperandSize.BYTE, "0", sourceResult.getSize(), sourceResult.getRegister(), OperandSize.WORD, negatedIndex));
    // instructions.add(ReilHelpers.createAnd(offset++, OperandSize.WORD, negatedIndex,
    // OperandSize.BYTE, "255", OperandSize.BYTE, truncatedNegatedIndex));
    instructions.add(ReilHelpers.createBsh(offset++, targetResult.getSize(), targetResult.getRegister(), OperandSize.BYTE, negatedIndex, targetResult.getSize(), shiftedTarget));
    instructions.add(ReilHelpers.createAnd(offset++, targetResult.getSize(), shiftedTarget, OperandSize.BYTE, "1", OperandSize.BYTE, Helpers.CARRY_FLAG));
    // Set the bit in the destination
    final String shiftedIndex = environment.getNextVariableString();
    final String andedResult = environment.getNextVariableString();
    instructions.add(ReilHelpers.createBsh(offset++, OperandSize.BYTE, "1", sourceResult.getSize(), sourceResult.getRegister(), targetResult.getSize(), shiftedIndex));
    instructions.add(ReilHelpers.createXor(offset++, targetResult.getSize(), targetResult.getRegister(), targetResult.getSize(), shiftedIndex, targetResult.getSize(), andedResult));
    Helpers.writeBack(environment, offset++, targetOperand, andedResult, targetResult.getSize(), targetResult.getAddress(), targetResult.getType(), instructions);
}
Also used : IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree) InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException) TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult)

Example 52 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class BtrTranslator method translate.

/**
   * Translates a BTR instruction to REIL code.
   * 
   * @param environment A valid translation environment
   * @param instruction The BTR instruction to translate
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a BTR instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "btr");
    if (instruction.getOperands().size() != 2) {
        throw new InternalTranslationException("Error: Argument instruction is not a btr instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final IOperandTree targetOperand = instruction.getOperands().get(0);
    final IOperandTree sourceOperand = instruction.getOperands().get(1);
    // Load the target operand.
    final TranslationResult targetResult = Helpers.translateOperand(environment, offset, targetOperand, true);
    instructions.addAll(targetResult.getInstructions());
    offset = baseOffset + instructions.size();
    // Load the source operand.
    final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
    instructions.addAll(sourceResult.getInstructions());
    offset = baseOffset + instructions.size();
    final String negatedIndex = environment.getNextVariableString();
    // final String truncatedNegatedIndex = environment.getNextVariableString();
    final String shiftedTarget = environment.getNextVariableString();
    // TODO: Due to a bug in the REIL BSH specification we can not truncate the result
    // of the subtraction here. See the tests for an example of what goes wrong.
    instructions.add(ReilHelpers.createSub(offset++, OperandSize.BYTE, "0", sourceResult.getSize(), sourceResult.getRegister(), OperandSize.WORD, negatedIndex));
    // instructions.add(ReilHelpers.createAnd(offset++, OperandSize.WORD, negatedIndex,
    // OperandSize.BYTE, "255", OperandSize.BYTE, truncatedNegatedIndex));
    instructions.add(ReilHelpers.createBsh(offset++, targetResult.getSize(), targetResult.getRegister(), OperandSize.BYTE, negatedIndex, targetResult.getSize(), shiftedTarget));
    instructions.add(ReilHelpers.createAnd(offset++, targetResult.getSize(), shiftedTarget, OperandSize.BYTE, "1", OperandSize.BYTE, Helpers.CARRY_FLAG));
    // Clear the bit in the destination
    final String shiftedIndex = environment.getNextVariableString();
    final String negatedShiftedIndex = environment.getNextVariableString();
    final String andedResult = environment.getNextVariableString();
    // Shift the mask to the right bit
    instructions.add(ReilHelpers.createBsh(offset++, OperandSize.BYTE, "1", sourceResult.getSize(), sourceResult.getRegister(), targetResult.getSize(), shiftedIndex));
    // Toggle the bits of the shift mask
    instructions.add(ReilHelpers.createXor(offset++, targetResult.getSize(), shiftedIndex, targetResult.getSize(), String.valueOf(TranslationHelpers.getAllBitsMask(targetResult.getSize())), targetResult.getSize(), negatedShiftedIndex));
    // Preserve all original bits except for the one at the shift position which is cleared
    instructions.add(ReilHelpers.createAnd(offset++, targetResult.getSize(), targetResult.getRegister(), targetResult.getSize(), negatedShiftedIndex, targetResult.getSize(), andedResult));
    Helpers.writeBack(environment, offset++, targetOperand, andedResult, targetResult.getSize(), targetResult.getAddress(), targetResult.getType(), instructions);
}
Also used : IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree) InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException) TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult)

Example 53 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class CallTranslator method translate.

/**
   * Translates a CALL instruction to REIL code.
   * 
   * @param environment A valid translation environment
   * @param instruction The CALL instruction to translate
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a CALL instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "call");
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not a call instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final OperandSize archSize = environment.getArchitectureSize();
    final OperandSize nextSize = TranslationHelpers.getNextSize(archSize);
    final String truncateMask = String.valueOf(TranslationHelpers.getAllBitsMask(archSize));
    final String tempEsp = environment.getNextVariableString();
    final String returnAddress = String.valueOf(instruction.getAddress().toLong() + instruction.getLength());
    // Move the stack, make sure to truncate potential overflows
    instructions.add(ReilHelpers.createSub(offset, archSize, "esp", archSize, "4", nextSize, tempEsp));
    instructions.add(ReilHelpers.createAnd(offset + 1, nextSize, tempEsp, archSize, truncateMask, archSize, "esp"));
    // Push the return address onto the stack
    instructions.add(ReilHelpers.createStm(offset + 2, archSize, returnAddress, archSize, "esp"));
    // CALL instructions have exactly one operand
    final IOperandTree targetOperand = instruction.getOperands().get(0);
    // Load the operand.
    final TranslationResult result = Helpers.translateOperand(environment, offset + 3, targetOperand, true);
    instructions.addAll(result.getInstructions());
    // Adjust the offset of the next REIL instruction
    offset = baseOffset + instructions.size();
    // Add the unconditional jump to the target
    instructions.add(ReilHelpers.createJcc(offset, OperandSize.DWORD, "1", result.getSize(), result.getRegister(), "isCall", "true"));
}
Also used : IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree) InternalTranslationException(com.google.security.zynamics.reil.translators.InternalTranslationException) TranslationResult(com.google.security.zynamics.reil.translators.TranslationResult) OperandSize(com.google.security.zynamics.reil.OperandSize)

Example 54 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class MulTranslator method translate.

@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "mul");
    final Triple<IOperandTree, IOperandTree, IOperandTree> operands = OperandLoader.loadDuplicateFirst(instruction);
    final String targetRegister = operands.first().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister1 = operands.second().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister2 = operands.third().getRootNode().getChildren().get(0).getValue();
    final OperandSize dw = OperandSize.DWORD;
    final OperandSize qw = OperandSize.QWORD;
    final long baseOffset = ReilHelpers.toReilAddress(instruction.getAddress()).toLong();
    long offset = baseOffset;
    final String tempResult = environment.getNextVariableString();
    Helpers.signedMul(offset, environment, instructions, dw, sourceRegister1, dw, sourceRegister2, qw, tempResult);
    offset = baseOffset + instructions.size();
    instructions.add(ReilHelpers.createAnd(offset, qw, tempResult, dw, String.valueOf(0xFFFFFFFFL), dw, targetRegister));
}
Also used : IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree) OperandSize(com.google.security.zynamics.reil.OperandSize)

Example 55 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class AndiTranslator method translate.

@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "andi");
    final Triple<IOperandTree, IOperandTree, IOperandTree> operands = OperandLoader.loadDuplicateFirst(instruction);
    final String targetRegister = operands.first().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister1 = operands.second().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister2 = operands.third().getRootNode().getChildren().get(0).getValue();
    final OperandSize ww = OperandSize.WORD;
    final OperandSize dw = OperandSize.DWORD;
    final long baseOffset = ReilHelpers.toReilAddress(instruction.getAddress()).toLong();
    long offset = baseOffset;
    instructions.add(ReilHelpers.createAnd(offset++, dw, sourceRegister1, ww, sourceRegister2, dw, targetRegister));
}
Also used : IOperandTree(com.google.security.zynamics.zylib.disassembly.IOperandTree) OperandSize(com.google.security.zynamics.reil.OperandSize)

Aggregations

IOperandTree (com.google.security.zynamics.zylib.disassembly.IOperandTree)60 OperandSize (com.google.security.zynamics.reil.OperandSize)53 TranslationResult (com.google.security.zynamics.reil.translators.TranslationResult)39 InternalTranslationException (com.google.security.zynamics.reil.translators.InternalTranslationException)35 ReilInstruction (com.google.security.zynamics.reil.ReilInstruction)2 TranslationResultType (com.google.security.zynamics.reil.translators.TranslationResultType)2 OperandType (com.google.security.zynamics.reil.OperandType)1 ReilOperand (com.google.security.zynamics.reil.ReilOperand)1 ReilOperandNode (com.google.security.zynamics.reil.ReilOperandNode)1 Triple (com.google.security.zynamics.zylib.general.Triple)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial