public void Bwi_CallTerminatingProcedure_StopScanning() { proc = Procedure.Create(program.Architecture, "proc", Address.Ptr32(0x102000), new Frame(PrimitiveType.Ptr32)); var terminator = Procedure.Create(program.Architecture, "terminator", Address.Ptr32(0x0001000), new Frame(PrimitiveType.Ptr32)); terminator.Characteristics = new ProcedureCharacteristics { Terminates = true, }; block = proc.AddBlock("the_block"); arch.Stub(a => a.PointerType).Return(PrimitiveType.Word32); scanner.Stub(s => s.FindContainingBlock(Arg <Address> .Is.Anything)).Return(block); scanner.Stub(s => s.GetImportedProcedure(Arg <Address> .Is.Anything, Arg <Address> .Is.NotNull)).Return(null); scanner.Expect(s => s.ScanProcedure( Arg <Address> .Is.Anything, Arg <string> .Is.Anything, Arg <ProcessorState> .Is.Anything)) .Return(terminator); scanner.Expect(s => s.TerminateBlock(Arg <Block> .Is.NotNull, Arg <Address> .Is.NotNull)); arch.Stub(a => a.FramePointerType).Return(PrimitiveType.Ptr32); scanner.Stub(s => s.GetTrace(null, null, null)).IgnoreArguments().Return(trace); mr.ReplayAll(); trace.Add(m => m.Call(Address.Ptr32(0x00102000), 4)); trace.Add(m => m.SideEffect(new ProcedureConstant(VoidType.Instance, new PseudoProcedure("shouldnt_decompile_this", VoidType.Instance, 0)))); var wi = CreateWorkItem(Address.Ptr32(0x2000)); wi.Process(); Assert.AreEqual(1, block.Statements.Count, "Should only have rewritten the Call to 'terminator'"); mr.VerifyAll(); }
public void Bwi_CallTerminatingProcedure_StopScanning() { proc = Procedure.Create(program.Architecture, "proc", Address.Ptr32(0x102000), new Frame(PrimitiveType.Ptr32)); var terminator = Procedure.Create(program.Architecture, "terminator", Address.Ptr32(0x0001000), new Frame(PrimitiveType.Ptr32)); terminator.Characteristics = new ProcedureCharacteristics { Terminates = true, }; block = proc.AddBlock("the_block"); arch.Setup(a => a.PointerType).Returns(PrimitiveType.Word32); scanner.Setup(s => s.FindContainingBlock(It.IsAny <Address>())).Returns(block); Given_NoImportedProcedure(); Given_NoInlinedCall(); scanner.Setup(s => s.ScanProcedure( It.IsNotNull <IProcessorArchitecture>(), It.IsAny <Address>(), It.IsAny <string>(), It.IsAny <ProcessorState>())) .Returns(terminator) .Verifiable(); scanner.Setup(s => s.TerminateBlock(It.IsNotNull <Block>(), It.IsNotNull <Address>())).Verifiable(); arch.Setup(a => a.FramePointerType).Returns(PrimitiveType.Ptr32); Given_SimpleTrace(trace); trace.Add(m => m.Call(Address.Ptr32(0x00102000), 4)); trace.Add(m => m.SideEffect(new ProcedureConstant(VoidType.Instance, new PseudoProcedure("shouldnt_decompile_this", VoidType.Instance, 0)))); var wi = CreateWorkItem(Address.Ptr32(0x2000)); wi.Process(); Assert.AreEqual(1, block.Statements.Count, "Should only have rewritten the Call to 'terminator'"); scanner.Verify(); }
private void Given_Procedure(uint uAddr) { var addr = Address.Ptr32(uAddr); var proc = Procedure.Create(program.Architecture, addr, program.Architecture.CreateFrame()); program.Procedures.Add(addr, proc); }
public void Setup() { var arch = new X86ArchitectureReal(); proc = Procedure.Create("foo", Address.Ptr32(0x100), arch.CreateFrame()); alias = new Aliases(proc, arch); }
public void Setup() { var arch = new IntelArchitecture(ProcessorMode.Real); proc = Procedure.Create("foo", Address.Ptr32(0x100), arch.CreateFrame()); alias = new Aliases(proc, arch); }
public void SemanticError08() { GlobalSymbolList globals = new GlobalSymbolList(); globals.Add("a", Procedure.Create(new Variable[] { new Variable(IrisType.Boolean, "b") })); string input = @"a(true) + 1"; TestHelpers.TestExpressionParserWithError(input, globals, @"(1, 9) Cannot apply operator to procedure call."); }
public void Setup() { this.arch = new Mock <IProcessorArchitecture>(); this.platform = new Mock <IPlatform>(); this.platform.Setup(p => p.Architecture).Returns(arch.Object); this.arch.Setup(a => a.Name).Returns("FakeArch"); this.arch.Setup(a => a.MemoryGranularity).Returns(8); this.arch.Setup(a => a.RenderInstructionOpcode( It.IsAny <MachineInstruction>(), It.IsAny <EndianImageReader>())) .Returns("00 00 "); this.arch.Setup(a => a.CreateImageReader( It.IsAny <ByteMemoryArea>(), It.IsAny <Address>())) .Returns((ByteMemoryArea m, Address a) => new LeImageReader(m, a)); this.arch.Setup(a => a.CreateDisassembler( It.IsAny <EndianImageReader>())) .Returns((EndianImageReader rdr) => new MachineInstruction[] { Instr(rdr.Address.ToUInt32()), Instr(rdr.Address.ToUInt32() + 2), Instr(rdr.Address.ToUInt32() + 4) }); this.arch.Setup(a => a.InstructionBitSize).Returns(8); this.writer = new StringWriter(); this.proc = Procedure.Create(arch.Object, Address.Ptr32(0x42), new Frame(PrimitiveType.Ptr32)); }
public void SemanticError06() { GlobalSymbolList globals = new GlobalSymbolList(); globals.Add("a", Procedure.Create(new Variable[0])); string input = @"not a"; TestHelpers.TestExpressionParserWithError(input, globals, @"(1, 5) Expecting boolean expression."); }
public void TrfCtx_MergeState_Stack() { var state = new Dictionary <Identifier, (Expression, BitRange)>(); var stateOther = new Dictionary <Identifier, (Expression, BitRange)>(); var procFlow = new ProcedureFlow(null); var proc = Procedure.Create(arch, Address.Ptr32(0x00123400), arch.CreateFrame()); var ssa = new SsaState(proc); var ctx = new TrashedRegisterFinder.Context( ssa, null, state, procFlow); var ctxOther = new TrashedRegisterFinder.Context( ssa, null, state, procFlow); var ebp = new Identifier("ebp", PrimitiveType.Word32, new RegisterStorage("ebp", 5, 0, PrimitiveType.Word32)); var esi = new Identifier("esi", PrimitiveType.Word32, new RegisterStorage("esi", 6, 0, PrimitiveType.Word32)); var edi = new Identifier("edi", PrimitiveType.Word32, new RegisterStorage("edi", 7, 0, PrimitiveType.Word32)); ctx.StackState[-4] = ebp; ctx.StackState[-8] = esi; ctx.StackState[-16] = Constant.Word32(0x42); ctx.StackState[-20] = Constant.Word32(0x42); ctxOther.StackState[-4] = ebp; ctxOther.StackState[-12] = edi; ctxOther.StackState[-16] = Constant.Word32(0x42); ctxOther.StackState[-20] = Constant.Word32(0x4711); ctx.MergeWith(ctxOther); Assert.AreEqual(ebp, ctx.StackState[-4]); Assert.AreEqual(esi, ctx.StackState[-8]); Assert.AreEqual(edi, ctx.StackState[-12]); Assert.AreEqual("0x42<32>", ctx.StackState[-16].ToString()); Assert.IsTrue(ctx.StackState[-20] is InvalidConstant); }
public void CreateProcedure() { Procedure proc = Procedure.Create(Address.SegPtr(0xBAFE, 0x0123), null); Assert.IsTrue(proc.EntryBlock != null); Assert.IsTrue(proc.ExitBlock != null); }
public Procedure RegisterFunction(FunctionDefinition fn, Address addr) { var proc = Procedure.Create(program.Architecture, fn.FunctionName, addr, new Frame(program.Platform.PointerType)); var builder = new ProcedureBuilder(proc); Functions.Add(fn, builder); return(proc); }
public void BwiReadConstants() { var addrStart = Address.Ptr32(0x00100000); var blockCallRet = new Block(proc, addrStart, "jmpOut"); trace.Add(m => { m.Assign(r1, 4); m.Assign(r1, m.Or(r1, 0x00100000)); m.Assign(r2, m.Mem32(r1)); m.Call(r2, 0); m.Return(0, 0); }); Given_Segment(".text2", 0x00123000, 0x500, AccessMode.ReadExecute); scanner.Setup(s => s.FindContainingBlock(addrStart)).Returns(block); Given_SimpleTrace(trace); arch.Setup(a => a.MakeAddressFromConstant( It.Is <Constant>(c => c.ToUInt32() == 0x00100004), It.IsAny <bool>())).Returns(Address.Ptr32(0x00100004)); var addr = Constant.Word32(0x00123400); arch.Setup(a => a.TryRead( It.IsNotNull <ByteMemoryArea>(), Address.Ptr32(0x00100004), PrimitiveType.Word32, out addr)).Returns(true); arch.Setup(a => a.MakeAddressFromConstant( It.Is <Constant>(c => c.ToUInt32() == 0x00123400), It.IsAny <bool>())).Returns(Address.Ptr32(0x00123400)); Given_NoInlinedCall(); scanner.Setup(s => s.SetProcedureReturnAddressBytes( proc, 0, addrStart)); scanner.Setup(s => s.TerminateBlock( block, addrStart + 4)); scanner.Setup(f => f.GetImportedProcedure( It.IsAny <IProcessorArchitecture>(), It.IsAny <Address>(), It.IsAny <Address>())).Returns((ExternalProcedure)null); scanner.Setup(s => s.ScanProcedure( It.IsNotNull <IProcessorArchitecture>(), Address.Ptr32(0x00123400), null, It.IsNotNull <ProcessorState>())) .Returns(new ExternalProcedure("fn00123400", new FunctionType())) .Verifiable(); program.Procedures.Add(addrStart + 4, Procedure.Create(arch.Object, addrStart + 4, new Frame(PrimitiveType.Ptr32))); var wi = CreateWorkItem(addrStart); wi.Process(); Assert.AreEqual("call fn00123400 (retsize: 0;)", block.Statements[3].Instruction.ToString()); scanner.Verify(); }
public void SemanticError38() { GlobalSymbolList globals = new GlobalSymbolList(); globals.Add("a", Procedure.Create(new Variable[0])); globals.Add("b", IrisType.Integer); string input = @"b := a"; TestHelpers.TestStatementParserWithError(input, globals, @"(1, 3) Cannot use procedure in assignment statement."); }
public void SemanticError37() { GlobalSymbolList globals = new GlobalSymbolList(); globals.Add("a", Procedure.Create(new Variable[0])); globals.Add("b", IrisType.Integer); string input = @"a := b"; TestHelpers.TestStatementParserWithError(input, globals, @"(1, 3) Cannot assign to result of function or procedure call."); }
public bool TryRegisterProcedure(IProcessorArchitecture arch, Address addrProc) { if (!cfg.F.TryAdd(addrProc, addrProc)) { return(false); } var frame = arch.CreateFrame(); cfg.Procedures.TryAdd(addrProc, Procedure.Create(arch, addrProc, frame)); return(true); }
private Method CreateMethodHelper(IrisType returnType, Variable[] parameters) { if (returnType == IrisType.Void) { return(Procedure.Create(parameters)); } else { return(Function.Create(returnType, parameters)); } }
public void WriteProcedureConstant() { var addr = Address.Ptr32(0x42); var proc = Procedure.Create(arch.Object, "proc", addr, new Frame(PrimitiveType.Word32)); var pc = new ProcedureConstant(PrimitiveType.Word32, proc); map.Add(addr, proc); pc.Accept(hcf); Assert.AreEqual("<a href=\"00000042\">proc</a>", sb.ToString()); }
private void Given_CodeBlock(IProcessorArchitecture arch, uint uAddr, uint len) { var addr = Address.Ptr32(uAddr); var proc = Procedure.Create(arch, addr, new Frame(PrimitiveType.Ptr32)); var block = new Block(proc, $"l{addr}"); program.ImageMap.AddItem(addr, new ImageMapBlock { Address = addr, Block = block, Size = len }); }
private Procedure EnsureProcedure(Address addr, string procedureName) { Procedure proc; if (program.Procedures.TryGetValue(addr, out proc)) { return(proc); } proc = Procedure.Create(procedureName, addr, program.Architecture.CreateFrame()); program.Procedures.Add(addr, proc); program.CallGraph.AddProcedure(proc); return(proc); }
public void Anpi_Populate() { Given_Interactor(); pbSvc.Setup(p => p.Reload()).Verifiable(); form.Object.Show(); program.Procedures.Add( Address.Ptr32(0x12345), Procedure.Create(program.Architecture, "foo", Address.Ptr32(0x12345), program.Architecture.CreateFrame())); interactor.EnterPage(); pbSvc.VerifyAll(); }
public void BwiReadConstants() { var addrStart = Address.Ptr32(0x00100000); var blockCallRet = new Block(proc, "jmpOut"); trace.Add(m => { m.Assign(r1, 4); m.Assign(r1, m.Or(r1, 0x00100000)); m.Assign(r2, m.Mem32(r1)); m.Call(r2, 0); m.Return(0, 0); }); Given_Segment(".text2", 0x00123000, 0x500, AccessMode.ReadExecute); scanner.Stub(s => s.FindContainingBlock(addrStart)).IgnoreArguments().Return(block); scanner.Stub(s => s.GetTrace(null, null, null, null)).IgnoreArguments().Return(trace); arch.Stub(a => a.MakeAddressFromConstant( Arg <Constant> .Matches(c => c.ToUInt32() == 0x00100004))).Return(Address.Ptr32(0x00100004)); arch.Stub(a => a.TryRead( Arg <MemoryArea> .Is.NotNull, Arg <Address> .Is.Equal(Address.Ptr32(0x00100004)), Arg <PrimitiveType> .Is.Equal(PrimitiveType.Word32), out Arg <Constant> .Out(Constant.Word32(0x00123400)).Dummy)).Return(true); arch.Stub(a => a.MakeAddressFromConstant( Arg <Constant> .Matches(c => c.ToUInt32() == 0x00123400))).Return(Address.Ptr32(0x00123400)); Given_NoInlinedCall(); scanner.Stub(s => s.SetProcedureReturnAddressBytes( Arg <Procedure> .Is.Same(proc), Arg <int> .Is.Equal(0), Arg <Address> .Is.Equal(addrStart))); scanner.Stub(s => s.TerminateBlock( Arg <Block> .Is.Same(block), Arg <Address> .Is.Equal(addrStart + 4))); scanner.Stub(f => f.GetImportedProcedure(null, null, null)).IgnoreArguments().Return(null); scanner.Expect(s => s.ScanProcedure( Arg <IProcessorArchitecture> .Is.NotNull, Arg <Address> .Is.Equal(Address.Ptr32(0x00123400)), Arg <string> .Is.Null, Arg <ProcessorState> .Is.NotNull)). Return(new ExternalProcedure("fn00123400", new FunctionType())); program.Procedures.Add(addrStart + 4, Procedure.Create(arch, addrStart + 4, new Frame(PrimitiveType.Ptr32))); mr.ReplayAll(); var wi = CreateWorkItem(addrStart); wi.Process(); Assert.AreEqual("call fn00123400 (retsize: 0;)", block.Statements[3].Instruction.ToString()); mr.VerifyAll(); }
public void Setup() { this.program = new Program(); program.Filename = Path.Combine("bar", "foo.exe"); program.SourceDirectory = "bar"; this.fsSvc = new Mock <IFileSystemService>(); this.dfSvc = new DecompiledFileService(fsSvc.Object); var arch = new Mock <IProcessorArchitecture>(); this.proc1 = Procedure.Create(arch.Object, Address.Ptr32(0x00123400), new Frame(PrimitiveType.Ptr32)); }
public void Setup() { prog = new Program(); prog.Image = new LoadedImage(Address.Ptr32(0x10000), new byte[4]); var procAddress = Address.Ptr32(0x10000000); instr = new X86Instruction(Opcode.nop, PrimitiveType.Word32, PrimitiveType.Word32) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); state = (X86State)arch.CreateProcessorState(); orw = new OperandRewriter32(arch, proc.Frame, new FakeRewriterHost(prog)); }
public void Anpi_Populate() { Given_Interactor(); pbSvc.Expect(p => p.Reload()); mr.ReplayAll(); form.Show(); program.Procedures.Add( Address.Ptr32(0x12345), Procedure.Create("foo", Address.Ptr32(0x12345), program.Architecture.CreateFrame())); interactor.EnterPage(); mr.VerifyAll(); }
public void ProcToString() { Procedure proc1 = Procedure.Create(arch.Object, Address.SegPtr(0x0F00, 0x0BA9), null); Assert.AreEqual("fn0F00_0BA9", proc1.Name); Assert.AreEqual("define fn0F00_0BA9", proc1.ToString()); Procedure proc2 = Procedure.Create(arch.Object, Address.Ptr32(0x0F000BA9), null); Assert.AreEqual("fn0F000BA9", proc2.Name); Assert.AreEqual("define fn0F000BA9", proc2.ToString()); Procedure proc3 = new Procedure(arch.Object, "foo", Address.Ptr32(0x00123400), null); Assert.AreEqual("foo", proc3.Name); Assert.AreEqual("define foo", proc3.ToString()); }
public void ProcToString() { Procedure proc1 = Procedure.Create(Address.SegPtr(0x0F00, 0x0BA9), null); Assert.AreEqual("fn0F00_0BA9", proc1.Name); Assert.AreEqual("void fn0F00_0BA9()", proc1.ToString()); Procedure proc2 = Procedure.Create(Address.Ptr32(0x0F000BA9), null); Assert.AreEqual("fn0F000BA9", proc2.Name); Assert.AreEqual("void fn0F000BA9()", proc2.ToString()); Procedure proc3 = new Procedure("foo", null); Assert.AreEqual("foo", proc3.Name); Assert.AreEqual("void foo()", proc3.ToString()); }
public void CallProcedure02() { GlobalSymbolList globals = new GlobalSymbolList(); globals.Add("p", Procedure.Create(new Variable[0])); string input = @"p();"; string output = TestHelpers.TestStatementParser(input, globals); string expected = @"call _Unknown "; Assert.AreEqual(expected, output); }
private Procedure Given_ProcedureAt(Address address) { var proc = Procedure.Create(arch.Object, address, arch.Object.CreateFrame()); var label = program.NamingPolicy.BlockName(address); var block = new Block(proc, address, label); program.Procedures.Add(address, proc); program.ImageMap.AddItemWithSize( address, new ImageMapBlock(address) { Block = block, Size = 8 }); return(proc); }
private Procedure Given_ProcedureAt(Address address) { var proc = Procedure.Create(arch, address, arch.CreateFrame()); var block = new Block(proc, Block.GenerateName(address)); program.Procedures.Add(address, proc); program.ImageMap.AddItemWithSize( address, new ImageMapBlock { Address = address, Block = block, Size = 8 }); return(proc); }
public void BwiFallIntoOtherProcedure() { var addrStart = Address.Ptr32(0x00100000); var blockCallRet = new Block(proc, "callRetStub"); trace.Add(m => { m.Assign(m.Mem32(m.Word32(0x00123400)), m.Word32(1)); }); scanner.Stub(s => s.GetTrace(null, null, null)).IgnoreArguments().Return(trace); scanner.Stub(s => s.FindContainingBlock(addrStart)).IgnoreArguments().Return(block); scanner.Expect(s => s.CreateCallRetThunk(null, null, null)).IgnoreArguments().Return(blockCallRet); program.Procedures.Add(addrStart + 4, Procedure.Create(program.Architecture, addrStart + 4, new Frame(PrimitiveType.Ptr32))); mr.ReplayAll(); var wi = CreateWorkItem(addrStart); wi.Process(); Assert.AreEqual("Mem0[0x00123400:word32] = 0x00000001", block.Statements[0].Instruction.ToString()); mr.VerifyAll(); }