-
Notifications
You must be signed in to change notification settings - Fork 29
/
Parameters.py
97 lines (71 loc) · 3 KB
/
Parameters.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
"""
This file is part of SEA.
reserbot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
reserbot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with SEA. If not, see <http://www.gnu.org/licenses/>.
Copyright 2013 by neuromancer
"""
from Instruction import *
from Reil import parse_reil
from Operand import *
from Function import *
from Common import getTypedValueFromCode
class FuncParametersREIL:
def __init__(self):
self.parameters = dict()
def __str__(self):
counters = self.parameters.keys()
counters.sort()
ret = "Parameters detected:"
for c in counters:
ret = ret + "\n" + str(c) + " -> "
param_info = self.parameters[c]
fname = param_info["function"]
ret = ret + fname + "("
for (l,p) in param_info["parameters"]:
#print self.parameters[c]#["function"]
ret = ret + " " + str(l) + " := " + str(p) + ","
ret = ret + ")"
return ret
def getParameters(self, counter):
if counter in self.parameters:
return self.parameters[counter]["parameters"]
return None
def detectFuncParameters(self, reil_code, memaccess, callstack, inputs, counter):
pins = parse_reil(reil_code[-1])
ins = Instruction(pins,None)
assert(ins.instruction == "call" and ins.called_function <> None)
# first we locate the stack pointer to know where the parameters are located
esp = Operand("esp","DWORD")
pbase = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, esp)
#print pbase.name
#print pbase.mem_source
#
func_cons = funcs.get(ins.called_function, Function)
func = func_cons(pbase = pbase)
parameters = []
for (par_type, location, needed) in func.getParameterLocations():
#print (ins.called_function, par_type, location.mem_source, needed)
if needed:
reil_code.reverse()
reil_code.reset()
val = getTypedValueFromCode(reil_code, callstack, inputs, memaccess, location)
#print "parameter of",ins.called_function, "at", str(location) , "has value:", val.name
parameters.append((location, val))
else:
parameters.append((None, None))
if parameters <> []:
self.parameters[counter] = self.__getParameters__(ins, parameters)
def __getParameters__(self, ins, raw_parameters):
parameters = dict()
parameters["function"] = ins.called_function
parameters["parameters"] = list(raw_parameters)
parameters["address"] = ins.address
return parameters