public void Dfa2_StackArgs()
{
var pb = new ProgramBuilder(new FakeArchitecture());
pb.Add("test", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Reg32("r1");
var r2 = m.Reg32("r2");
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r1, m.LoadDw(m.IAdd(sp, 4)));
m.Assign(r2, m.LoadDw(m.IAdd(sp, 8)));
m.Assign(r1, m.IAdd(r1, r2));
m.Store(m.Word32(0x010008), r1);
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb);
}
protected Program CompileTest(Action<ProcedureBuilder> m)
{
var mock = new ProcedureBuilder();
m(mock);
var pmock = new ProgramBuilder();
pmock.Add(mock);
return pmock.BuildProgram();
}
private void AssertProgram(string sExp, ProgramBuilder pb)
{
var sw = new StringWriter();
pb.Program.Procedures.Values.First().Write(false, sw);
var sActual = sw.ToString();
if (sExp != sActual)
Debug.WriteLine(sActual);
Assert.AreEqual(sExp, sw.ToString());
}
public void DpaSimple()
{
var prog = new ProgramBuilder();
prog.Add("test", m=>
{
var r1 = m.Register(1);
m.Assign(r1, m.Load(PrimitiveType.Real32, m.Word32(0x10000000)));
});
RunTest(prog.BuildProgram(), "Typing/DpaSimple.txt");
}
public void Setup()
{
arch = new IntelArchitecture(ProcessorMode.Protected32);
m = new ProcedureBuilder(arch);
prog = new Program();
prog.Architecture = arch;
exit = new Procedure("exit", new Frame(PrimitiveType.Word32));
flow = new ProgramDataFlow();
p = new ProgramBuilder();
}
public void Setup()
{
exit = new ExternalProcedure("exit",
new ProcedureSignature(null, new Identifier("retCode", PrimitiveType.Int32, new StackArgumentStorage(0, PrimitiveType.Int32))));
exit.Characteristics = new ProcedureCharacteristics();
exit.Characteristics.Terminates = true;
progMock = new ProgramBuilder();
flow = new ProgramDataFlow();
}
private void CreateIntraProceduralJumps()
{
var regS = new RegisterStorage("reg", 1, PrimitiveType.Word32);
prog = new ProgramBuilder();
var mainProc = prog.Add("main", (m) =>
{
var reg = m.Frame.EnsureRegister(regS);
m.Assign(reg, 0);
m.Store(m.Word32(0x1234), reg);
m.Return();
});
}
public void EP_TestCondition()
{
var p = new ProgramBuilder();
p.Add("main", (m) =>
{
m.Label("foo");
m.BranchCc(ConditionCode.EQ, "foo");
m.Return();
});
var proc = p.BuildProgram().Procedures.Values.First();
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep);
Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString());
}
public void EP_ConditionOf()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var szo = m.Frame.EnsureFlagGroup(0x7, "SZO", PrimitiveType.Byte);
var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 0, PrimitiveType.Word32));
var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16);
m.Assign(v4, m.IAdd(m.LoadW(ebx), 1));
m.Store(ebx, v4);
m.Assign(szo, m.Cond(v4));
m.Return();
});
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep);
Assert.AreEqual("SZO = cond(v4)", newInstr.ToString());
}
public void DtbSegmentedPointer()
{
var m = new ProgramBuilder();
m.Add(new SegmentedPointerProc());
RunTest(m.BuildProgram(), "Typing/DtbSegmentedPointer.txt");
}
public void DtbSegMem3()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new SegMem3Mock());
RunTest(mock.BuildProgram(), "Typing/DtbSegMem3.txt");
}
public void DtbFnPointerMock()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new FnPointerFragment());
RunTest(mock, "Typing/DtbFnPointerMock.txt");
}
public void DtbFramePointer()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new FramePointerFragment(factory));
RunTest(mock, "Typing/DtbFramePointer.txt");
throw new NotImplementedException();
}
public void Dfa2_FactorialReg()
{
pb = new ProgramBuilder();
pb.Add("fact", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Register(1);
var r2 = m.Register(2);
var r3 = m.Register(3);
var cc = m.Flags(0xF, "cc");
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r2, r1);
m.Assign(r1, 1);
m.Assign(cc, m.Cond(m.ISub(r2, r1)));
m.BranchIf(m.Test(ConditionCode.LE, cc), "done");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, r2);
m.Assign(r1, m.ISub(r2, r1));
m.Call("fact", 0);
m.Assign(r2, m.LoadDw(sp));
m.Assign(sp, m.IAdd(sp, 4));
m.Assign(r1, m.IMul(r1, r2));
m.Label("done");
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp =
@"@@@";
AssertProgram(sExp, pb);
}
public void DtbStructurePointerPassedToFunction()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn1", m =>
{
Identifier p = m.Local32("p");
m.Store(m.IAdd(p, 4), m.Word32(0x42));
m.SideEffect(m.Fn("Fn2", p));
m.Return();
});
pp.Add("Fn2", m =>
{
Identifier arg1 = m.Local32("arg1");
m.Procedure.Signature = new ProcedureSignature(null, new Identifier[] { arg1 });
m.Store(m.IAdd(arg1, 8), m.Int32(0x23));
m.Return();
});
RunTest(pp.BuildProgram(), "Typing/DtbStructurePointerPassedToFunction.txt");
}
public void DtbSegmentedMemoryPointer()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new SegmentedMemoryPointerMock());
RunTest(m.BuildProgram(), "Typing/DtbSegmentedMemoryPointer.txt");
}
public void CceShrRcrPattern()
{
var p = new ProgramBuilder(new FakeArchitecture());
p.Add("main", (m) =>
{
var C = m.Flags("C");
var r1 = MockReg(m, 1);
var r2 = MockReg(m, 2);
m.Assign(r1, m.Shr(r1, 1));
m.Assign(C, m.Cond(r1));
m.Assign(r2, m.Fn(new PseudoProcedure(PseudoProcedure.RorC, r2.DataType, 2), r2, C));
m.Assign(C, m.Cond(r2));
m.Store(m.Word32(0x3000), r1);
m.Store(m.Word32(0x3004), r2);
});
RunTest(p, "Analysis/CceShrRcrPattern.txt");
}
public void CceAddAdcPattern()
{
var p = new ProgramBuilder(new FakeArchitecture());
p.Add("main", (m) =>
{
var r1 = MockReg(m, 1);
var r2 = MockReg(m, 2);
var r3 = MockReg(m, 3);
var r4 = MockReg(m, 4);
var SCZ = m.Frame.EnsureFlagGroup(0x7, "SZC", PrimitiveType.Byte);
var C = m.Frame.EnsureFlagGroup(0x4, "C", PrimitiveType.Byte);
m.Assign(r1, m.IAdd(r1, r2));
m.Assign(SCZ, m.Cond(r1));
m.Assign(r3, m.IAdd(m.IAdd(r3, r4), C));
m.Store(m.Word32(0x0444400), r1);
m.Store(m.Word32(0x0444404), r3);
m.Return();
});
RunTest(p, "Analysis/CceAddAdcPattern.txt");
}
private void GivenProgram(ProgramBuilder pb)
{
}
public void DtbSegmentedDoubleReference()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new SegmentedDoubleReferenceMock());
RunTest(m, "Typing/DtbSegmentedDoubleReference.txt");
}
public void DtbTreeFind()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new TreeFindMock());
RunTest(m, "Typing/DtbTreeFind.txt");
}
public void DtbSequenceWithSegment()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
m.SegStore(ds, m.Word16(0x0100), m.Seq(ds, m.Word16(0x1234)));
ProgramBuilder prog = new ProgramBuilder();
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DtbSequenceWithSegment.txt");
}
public void DtbFn1CallFn2()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn1", m =>
{
Identifier loc1 = m.Local32("loc1");
Identifier loc2 = m.Local32("loc2");
m.Assign(loc2, m.Fn("Fn2", loc1));
m.Return();
});
pp.Add("Fn2", m =>
{
Identifier arg1 = m.Local32("arg1");
Identifier ret = m.Register(1);
m.Procedure.Signature = new ProcedureSignature(ret, new Identifier[] { arg1 });
m.Procedure.Signature.Parameters[0] = arg1;
m.Assign(ret, m.IAdd(arg1, 1));
m.Return(ret);
});
RunTest(pp.BuildProgram(), "Typing/DtbFn1CallFn2.txt");
}
public void DtbCallTable()
{
var pb = new ProgramBuilder();
pb.Add(new IndirectCallFragment());
RunTest(pb.BuildProgram(), "Typing/DtbCallTable.txt");
}
public void DtbSignedCompare()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier p = m.Local32("p");
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
Identifier ds2 = m.Local16("ds2");
ds.DataType = PrimitiveType.SegmentSelector;
m.Assign(ds2, ds);
m.Store(
m.SegMem(PrimitiveType.Bool, ds, m.Word16(0x5400)),
m.Lt(m.SegMemW(ds, m.Word16(0x5404)), m.Word16(20)));
m.Store(m.SegMemW(ds2, m.Word16(0x5404)), m.Word16(0));
ProgramBuilder prog = new ProgramBuilder();
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DtbSignedCompare.txt");
}
public void Dfa2_CallProc()
{
pb = new ProgramBuilder();
pb.Add("test", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var fooProc = GivenFunction("foo", m.Architecture.GetRegister(1), 4, 8);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 2);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 1);
m.Call(fooProc, 4);
m.Assign(sp, m.IAdd(sp, 8));
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb);
}
public void DtbArrayConstantPointers()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn", m =>
{
Identifier a = m.Local32("a");
Identifier i = m.Local32("i");
m.Assign(a, 0x00123456); // array pointer
m.Store(m.IAdd(a, m.IMul(i, 8)), m.Int32(42));
});
RunTest(pp.BuildProgram(), "Typing/DtbArrayConstantPointers.txt");
}
private void RunTest(ProgramBuilder p, string output)
{
SaveRunOutput(p.BuildProgram(), RunTest, output);
}
public void DtbArrayAccess()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new ArrayAccess());
RunTest(mock, "Typing/DtbArrayAccess.txt");
}
public void DtbGlobalVariables()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new GlobalVariablesMock());
RunTest(mock, "Typing/DtbGlobalVariables.txt");
}
