Examples with IOperandTree com.google.security.zynamics.zylib.disassembly.IOperandTree used on opensource projects

Example 41 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class NegTranslator method translate.

/**
   * Translates an NEG instruction to REIL code.
   *
   * @param environment A valid translation environment.
   * @param instruction The NEG instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   *
   * @throws InternalTranslationException if any of the arguments are null the passed instruction
   *         is not a NEG instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "neg");
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not an neg instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    // NEG instructions have exactly one operand.
    final IOperandTree operand = instruction.getOperands().get(0);
    // Load the operand.
    final TranslationResult result = Helpers.translateOperand(environment, offset, operand, true);
    instructions.addAll(result.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    final String operandRegister = result.getRegister();
    final OperandSize size = result.getSize();
    final OperandSize resultSize = TranslationHelpers.getNextSize(size);
    final String msbMask = String.valueOf(TranslationHelpers.getMsbMask(size));
    final String truncateMask = String.valueOf(TranslationHelpers.getAllBitsMask(size));
    final String shiftValue = String.valueOf(TranslationHelpers.getShiftMsbLsbMask(size));
    final String targetIsZero = environment.getNextVariableString();
    final String msbTarget = environment.getNextVariableString();
    final String negResult = environment.getNextVariableString();
    final String msbResult = environment.getNextVariableString();
    final String tempOf = environment.getNextVariableString();
    final String truncatedResult = environment.getNextVariableString();
    // CF = ( original value == 0 ? 0 : 1 )
    instructions.add(ReilHelpers.createBisz(offset, size, operandRegister, OperandSize.BYTE, targetIsZero));
    instructions.add(ReilHelpers.createBisz(offset + 1, OperandSize.BYTE, targetIsZero, OperandSize.BYTE, Helpers.CARRY_FLAG));
    // Isolate the MSB of the original value
    instructions.add(ReilHelpers.createAnd(offset + 2, size, operandRegister, size, msbMask, size, msbTarget));
    // Negate the value
    instructions.add(ReilHelpers.createSub(offset + 3, size, "0", size, operandRegister, resultSize, negResult));
    // Isolate the MSB of the result and write it into SF
    instructions.add(ReilHelpers.createAnd(offset + 4, resultSize, negResult, size, msbMask, size, msbResult));
    instructions.add(ReilHelpers.createBsh(offset + 5, size, msbResult, size, shiftValue, OperandSize.BYTE, Helpers.SIGN_FLAG));
    // The OF is set is the original value was the lowest negative value of the target
    // Example: EAX => OF is set if value was 0x80000000
    // If that happens, the MSB of the operand and the result must both be set.
    instructions.add(ReilHelpers.createAnd(offset + 6, size, msbTarget, size, msbResult, size, tempOf));
    instructions.add(ReilHelpers.createBsh(offset + 7, size, tempOf, size, shiftValue, OperandSize.BYTE, Helpers.OVERFLOW_FLAG));
    // Make sure the result does not overflow
    instructions.add(ReilHelpers.createAnd(offset + 8, resultSize, negResult, size, truncateMask, size, truncatedResult));
    // Set the ZF according to the result
    instructions.add(ReilHelpers.createBisz(offset + 9, size, truncatedResult, OperandSize.BYTE, Helpers.ZERO_FLAG));
    // Write the truncated result back to the operand
    Helpers.writeBack(environment, offset + 10, operand, truncatedResult, size, result.getAddress(), result.getType(), instructions);
}

Example 42 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class OrTranslator method translate.

/**
   * Translates a OR instruction to REIL code.
   * 
   * @param environment A valid translation environment.
   * @param instruction The OR instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a OR instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "or");
    if (instruction.getOperands().size() != 2) {
        throw new InternalTranslationException("Error: Argument instruction is not a or instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final List<? extends IOperandTree> operands = instruction.getOperands();
    final IOperandTree targetOperand = operands.get(0);
    final IOperandTree sourceOperand = operands.get(1);
    // Load source operand.
    final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
    instructions.addAll(sourceResult.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    // Load destination operand.
    final TranslationResult targetResult = Helpers.translateOperand(environment, offset, targetOperand, true);
    instructions.addAll(targetResult.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    final OperandSize size = targetResult.getSize();
    final String sourceRegister = sourceResult.getRegister();
    final String targetRegister = targetResult.getRegister();
    final String orResult = environment.getNextVariableString();
    // Do the OR operation
    instructions.add(ReilHelpers.createOr(offset, size, sourceRegister, size, targetRegister, size, orResult));
    // Set the flags according to the result of the OR operation
    Helpers.generateBinaryOperationFlags(environment, offset + 1, orResult, size, instructions);
    offset = baseOffset + instructions.size();
    // Write the result of the OR operation back into the target operand
    Helpers.writeBack(environment, offset, targetOperand, orResult, size, targetResult.getAddress(), targetResult.getType(), instructions);
}

Example 43 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class PopTranslator method translate.

/**
   * Translates a POP instruction to REIL code.
   * 
   * @param environment A valid translation environment.
   * @param instruction The PUSH instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not an POP instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    if (instruction.getOperands().size() != 1) {
        throw new InternalTranslationException("Error: Argument instruction is not a pop instruction (invalid number of operands)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    // POP instructions have exactly one operand
    final IOperandTree operand = instruction.getOperands().get(0);
    // Load the operand
    final TranslationResult result = Helpers.translateOperand(environment, offset, operand, false);
    final TranslationResultType resultType = result.getType();
    final OperandSize resultSize = result.getSize();
    instructions.addAll(result.getInstructions());
    // Adjust the offset of the next REIL instruction
    offset = baseOffset + instructions.size();
    // Load the value from the stack
    final String popResult = Helpers.generatePop(environment, offset, resultSize, null, instructions);
    // Adjust the offset of the next REIL instruction
    offset = baseOffset + instructions.size();
    // Write the loaded value into the target register
    Helpers.writeBack(environment, offset, operand, popResult, resultSize, result.getAddress(), resultType, instructions);
}

Example 44 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class MovzxTranslator method translate.

/**
   * Translates a MOVZX instruction to REIL code.
   * 
   * @param environment A valid translation environment.
   * @param instruction The MOVZX instruction to translate.
   * @param instructions The generated REIL code will be added to this list
   * 
   * @throws InternalTranslationException if any of the arguments are null the passed instruction is
   *         not a MOVZX instruction
   */
@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "movzx");
    if (instruction.getOperands().size() != 2) {
        throw new InternalTranslationException("Error: Argument instruction is not a movzx instruction (invalid number of operand)");
    }
    final long baseOffset = instruction.getAddress().toLong() * 0x100;
    long offset = baseOffset;
    final List<? extends IOperandTree> operands = instruction.getOperands();
    final IOperandTree destOperand = operands.get(0);
    final IOperandTree sourceOperand = operands.get(1);
    // Load source operand.
    final TranslationResult sourceResult = Helpers.translateOperand(environment, offset, sourceOperand, true);
    instructions.addAll(sourceResult.getInstructions());
    // Adjust the offset of the next REIL instruction.
    offset = baseOffset + instructions.size();
    final String sourceRegister = sourceResult.getRegister();
    // Load destination operand (must be a register).
    final String destRegister = Helpers.getLeafValue(destOperand.getRootNode());
    final OperandSize destSize = Helpers.getRegisterSize(destRegister);
    final OperandSize sourceSize = sourceResult.getSize();
    if (destSize == environment.getArchitectureSize()) {
        instructions.add(ReilHelpers.createOr(offset, destSize, "0", sourceSize, sourceRegister, destSize, destRegister));
    } else {
        Helpers.moveAndMask(environment, offset, sourceSize, sourceRegister, destRegister, instructions);
    }
}

Example 45 with IOperandTree

use of com.google.security.zynamics.zylib.disassembly.IOperandTree in project binnavi by google.

the class SltTranslator method translate.

@Override
public void translate(final ITranslationEnvironment environment, final IInstruction instruction, final List<ReilInstruction> instructions) throws InternalTranslationException {
    TranslationHelpers.checkTranslationArguments(environment, instruction, instructions, "slt");
    final Triple<IOperandTree, IOperandTree, IOperandTree> operands = OperandLoader.loadDuplicateFirst(instruction);
    final String targetRegister = operands.first().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister1 = operands.second().getRootNode().getChildren().get(0).getValue();
    final String sourceRegister2 = operands.third().getRootNode().getChildren().get(0).getValue();
    final OperandSize dw = OperandSize.DWORD;
    final long baseOffset = ReilHelpers.toReilAddress(instruction.getAddress()).toLong();
    long offset = baseOffset;
    final String subtractedValue = environment.getNextVariableString();
    final String temporaryResultOne = environment.getNextVariableString();
    final String temporaryResultTwo = environment.getNextVariableString();
    final String xoredValue = environment.getNextVariableString();
    final String result = environment.getNextVariableString();
    // x<y = (x-y) XOR [(x XOR y) AND ((x-y) XOR x)]
    // Subtract the input values
    instructions.add(ReilHelpers.createSub(offset++, dw, sourceRegister1, dw, sourceRegister2, dw, subtractedValue));
    // XOR the input values
    instructions.add(ReilHelpers.createXor(offset++, dw, sourceRegister1, dw, sourceRegister2, dw, xoredValue));
    // ((x-y) XOR x)
    instructions.add(ReilHelpers.createXor(offset++, dw, subtractedValue, dw, xoredValue, dw, temporaryResultOne));
    // (x XOR y) AND ((x-y) XOR x)
    instructions.add(ReilHelpers.createAnd(offset++, dw, temporaryResultOne, dw, xoredValue, dw, temporaryResultTwo));
    // (x-y) XOR [(x XOR y) AND ((x-y) XOR x)]
    instructions.add(ReilHelpers.createXor(offset++, dw, subtractedValue, dw, temporaryResultTwo, dw, result));
    instructions.add(ReilHelpers.createBsh(offset++, dw, result, dw, String.valueOf(-31L), dw, targetRegister));
}