public void EP_StackReference()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var r1 = m.Register(1);
m.Assign(sp, m.ISub(sp, 4));
m.Assign(r1, m.LoadDw(m.IAdd(sp, 8)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var newInstr = stms[0].Instruction.Accept(ep);
Assert.AreEqual("r63 = fp - 0x00000004", newInstr.ToString());
newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("r1 = dwArg04", newInstr.ToString());
}
public FakeCakeContext()
{
var fileSystem = new FileSystem();
Log = new FakeLog();
var runtime = new CakeRuntime();
var platform = new FakePlatform(PlatformFamily.Windows);
var environment = new CakeEnvironment(platform, runtime, Log);
var globber = new Globber(fileSystem, environment);
var args = Substitute.For <ICakeArguments>();
var registry = new WindowsRegistry();
var dataService = Substitute.For <ICakeDataService>();
var toolRepository = new ToolRepository(environment);
var toolResolutionStrategy = new ToolResolutionStrategy(fileSystem, environment, globber, new FakeConfiguration());
var tools = new ToolLocator(environment, toolRepository, toolResolutionStrategy);
var processRunner = new ProcessRunner(fileSystem, environment, Log, tools, new FakeConfiguration());
Context = new CakeContext(fileSystem, environment, globber, Log, args, processRunner, registry, tools, dataService);
WorkingDirectory = new DirectoryPath(
System.IO.Path.GetFullPath(AppContext.BaseDirectory));
Context.Environment.WorkingDirectory = WorkingDirectory;
}
public void EP_LValue()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
Identifier r2 = null;
Identifier sp = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
sp = m.Frame.EnsureRegister(arch.StackRegister);
m.Store(m.ISub(sp, 12), m.ISub(sp, 16));
m.Store(m.ISub(sp, 12), m.Word32(2));
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString());
}
public void EP_ConditionOf()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var szo = m.Frame.EnsureFlagGroup(Registers.eflags, 0x7, "SZO", PrimitiveType.Byte);
var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 3, 0, PrimitiveType.Word32));
var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16);
m.Assign(v4, m.IAdd(m.LoadW(ebx), 1));
m.Store(ebx, v4);
m.Assign(szo, m.Cond(v4));
m.Return();
});
var arch = new X86ArchitectureFlat32();
var platform = new FakePlatform(null, arch);
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep);
Assert.AreEqual("SZO = cond(v4)", newInstr.ToString());
}
public FakeCakeContext()
{
testsDir = new DirectoryPath(
System.IO.Path.GetFullPath(AppContext.BaseDirectory));
var fileSystem = new FileSystem();
log = new FakeLog();
var runtime = new CakeRuntime();
var platform = new FakePlatform(PlatformFamily.Windows);
var environment = new CakeEnvironment(platform, runtime);
var globber = new Globber(fileSystem, environment);
var args = new FakeCakeArguments();
var registry = new WindowsRegistry();
var dataService = new FakeDataService();
var toolRepository = new ToolRepository(environment);
var config = new FakeConfiguration();
var toolResolutionStrategy = new ToolResolutionStrategy(fileSystem, environment, globber, config, log);
IToolLocator tools = new ToolLocator(environment, toolRepository, toolResolutionStrategy);
var processRunner = new ProcessRunner(fileSystem, environment, log, tools, config);
context = new CakeContext(fileSystem, environment, globber, log, args, processRunner, registry, tools, dataService, config);
context.Environment.WorkingDirectory = testsDir;
}
public void EP_AddrOf()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
Identifier r2 = null, r3 = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
r3 = m.Register("r3");
m.Assign(r2, 0x1234); // after which R2 has a definite value
m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid.
m.Assign(r3, r2);
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("Foo(out r2)", instr2.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
var instr3 = stms[2].Instruction.Accept(ep);
Assert.AreEqual("r3 = r2", instr3.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString());
}
public void EP_IndirectCall()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var r1 = m.Register("r1");
m.Assign(r1, m.Word32(0x42));
m.Call(r1, 4);
m.Return();
});
var platform = new FakePlatform(null, arch)
{
Test_CreateTrashedRegisters = () => new HashSet <RegisterStorage>()
};
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString());
}
public void Dfa2_UserDefinedStackArgs()
{
var arch = new X86ArchitectureFlat32("x86-protected-32");
var pb = new ProgramBuilder(arch);
var test = pb.Add(
new Procedure_v1
{
CSignature = "void test(int a, int b)"
},
m => {
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
var fp = m.Frame.FramePointer;
m.Assign(r1, m.Mem32(m.IAdd(fp, 4)));
m.Assign(r2, m.Mem32(m.IAdd(fp, 8)));
m.Assign(r1, m.IAdd(r1, r2));
m.Store(m.Word32(0x010008), r1);
m.Return();
});
var program = pb.BuildProgram();
var platform = new FakePlatform(null, arch)
{
Test_DefaultCallingConvention = "__cdecl",
};
platform.Test_CreateImplicitArgumentRegisters = () =>
new HashSet <RegisterStorage>();
//platform.Test_CreateProcedureSerializer = (t, d) =>
//{
// var typeLoader = new TypeLibraryDeserializer(platform, false, new TypeLibrary());
// return new ProcedureSerializer(program.Platform, typeLoader, "__cdecl");
//};
var importResolver = MockRepository.GenerateStub <IImportResolver>();
importResolver.Replay();
program.Platform = platform;
var dfa = new DataFlowAnalysis(program, importResolver, new FakeDecompilerEventListener());
dfa.AnalyzeProgram2();
var sExp = @"// test
// Return size: 4
void test(int32 a, int32 b)
test_entry:
// succ: l1
l1:
word32 r1_7 = a + b
Mem8[0x00010008:word32] = r1_7
word32 r2_6 = b
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb.Program);
}
private static Program Given_FlatProgram()
{
var arch = new FakeArchitecture(new ServiceContainer());
var platform = new FakePlatform(arch.Services, arch);
var mem = new ByteMemoryArea(Address.Ptr32(0x00123300), new byte[0x1000]);
var segment = new ImageSegment(".data", mem, AccessMode.ReadWrite);
var segments = new SegmentMap(segment.Address, segment);
var program = new Program(segments, arch, platform);
return(program);
}
public void Setup()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
this.program = new Program
{
Architecture = arch,
Platform = platform,
};
}
public void Setup()
{
var sc = new ServiceContainer();
var arch = new FakeArchitecture(sc);
var platform = new FakePlatform(sc, arch);
this.program = new Program
{
Architecture = arch,
Platform = platform,
};
}
public void Dfa2_UserDefinedStackArgs()
{
var arch = new X86ArchitectureFlat32();
var pb = new ProgramBuilder(arch);
var test = pb.Add(
new Procedure_v1
{
CSignature = "void test(int a, int b)"
},
m => {
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
var fp = m.Frame.FramePointer;
m.Assign(r1, m.LoadDw(m.IAdd(fp, 4)));
m.Assign(r2, m.LoadDw(m.IAdd(fp, 8)));
m.Assign(r1, m.IAdd(r1, r2));
m.Store(m.Word32(0x010008), r1);
m.Return();
});
var program = pb.BuildProgram();
var platform = new FakePlatform(null, arch);
platform.Test_CreateProcedureSerializer = (t, d) =>
{
var typeLoader = new TypeLibraryDeserializer(platform, false, new TypeLibrary());
return(new X86ProcedureSerializer((IntelArchitecture)program.Architecture, typeLoader, ""));
};
var importResolver = MockRepository.GenerateStub <IImportResolver>();
importResolver.Replay();
program.Platform = platform;
var dfa = new DataFlowAnalysis(program, importResolver, new FakeDecompilerEventListener());
dfa.AnalyzeProgram2();
var sExp = @"// test
// Return size: 4
void test(int32 a, int32 b)
test_entry:
// succ: l1
l1:
word32 r1_7 = a + b
Mem8[0x00010008:word32] = r1_7
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb.Program);
}
private void Given_Program()
{
this.arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
this.program = new Program
{
SegmentMap = new SegmentMap(
Address.Ptr32(0x1000),
new ImageSegment(
".text",
new MemoryArea(Address.Ptr32(0x1000), new byte[1000]),
AccessMode.ReadExecute)),
Platform = platform,
Architecture = arch,
};
}
private void Given_Program(Address address, byte[] bytes)
{
var mem = new MemoryArea(address, bytes);
var segmentMap = new SegmentMap(
mem.BaseAddress,
new ImageSegment("proggie", mem, AccessMode.ReadExecute));
var arch = new X86ArchitectureFlat32("x86-protected-32");
var platform = new FakePlatform(null, arch);
platform.Test_DefaultCallingConvention = "__cdecl";
this.program = new Program
{
Architecture = arch,
SegmentMap = segmentMap,
Platform = platform
};
platform.Test_GetCallingConvention = (ccName) => {
return(new X86CallingConvention(4, 4, 4, true, false));
};
}
private void Given_Program(Address address, byte[] bytes)
{
var mem = new MemoryArea(address, bytes);
var imageMap = new ImageMap(
mem.BaseAddress,
new ImageSegment("proggie", mem, AccessMode.ReadExecute));
var arch = new X86ArchitectureFlat32();
var platform = new FakePlatform(null, arch);
this.program = new Program
{
Architecture = arch,
ImageMap = imageMap,
Platform = platform
};
platform.Test_CreateProcedureSerializer = (t, d) =>
{
var typeLoader = new TypeLibraryDeserializer(platform, false, new TypeLibrary());
return(new X86ProcedureSerializer((IntelArchitecture)program.Architecture, typeLoader, ""));
};
}
public FakeRequest(
string serverAddress,
string route,
Action <Response> successCallBack,
Action <int> failCallback,
string authenticationKey,
Response.Factory responseFactory,
FakePlatform fakePlatform)
{
_serverAddress = "FakeBackend";
_route = route;
_successCallBack = successCallBack;
_failCallback = failCallback;
_authenticationKey = authenticationKey;
_responseFactory = responseFactory;
_fakePlatform = fakePlatform;
var responseJson = Resources.Load <TextAsset>($"{_serverAddress}/tasksList").text;
_simulationData = JsonConvert.DeserializeObject <SimulationData>(responseJson);
_fakeHeaders = new Dictionary <string, string>();
_getTasksFakeResponse = _responseFactory.Create(_fakeHeaders, responseJson);
}
private void RunUnitTest(ProcedureBuilder m, string outfile)
{
var flow = new ProgramDataFlow();
var dynamicLinker = new Mock <IDynamicLinker>();
var proc = m.Procedure;
var platform = new FakePlatform(null, m.Architecture)
{
Test_CreateTrashedRegisters = () =>
new HashSet <RegisterStorage>()
{
(RegisterStorage)r1.Storage,
(RegisterStorage)r2.Storage,
}
};
var program = new Program()
{
Architecture = m.Architecture,
Platform = platform,
};
var sst = new SsaTransform(
program,
proc,
new HashSet <Procedure>(),
dynamicLinker.Object,
flow);
sst.Transform();
ssa = sst.SsaState;
using (var fut = new FileUnitTester(outfile))
{
ssa.Write(fut.TextWriter);
proc.Write(false, fut.TextWriter);
fut.AssertFilesEqual();
ssa.Validate(s => Assert.Fail(s));
}
}
private void RunTest(string sExp, Action <ProcedureBuilder> builder)
{
var pb = new ProcedureBuilder(this.pb.Program.Architecture);
builder(pb);
var proc = pb.Procedure;
var dg = new DominatorGraph <Block>(proc.ControlGraph, proc.EntryBlock);
var project = new Project
{
Programs = { this.pb.Program }
};
var listener = new FakeDecompilerEventListener();
var importResolver = new ImportResolver(
project,
this.pb.Program,
listener);
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
// Register r1 is assumed to always be implicit when calling
// another procedure.
var implicitRegs = new HashSet <RegisterStorage>
{
arch.GetRegister(1)
};
Debug.Print("GetRegister(1) {0}", arch.GetRegister(1));
this.pb.Program.Platform = platform;
this.pb.Program.Platform = new FakePlatform(null, new FakeArchitecture());
this.pb.Program.SegmentMap = new SegmentMap(
Address.Ptr32(0x0000),
new ImageSegment(
".text",
Address.Ptr32(0),
0x40000,
AccessMode.ReadWriteExecute));
// Perform the initial transformation
var ssa = new SsaTransform(programFlow, proc, importResolver, dg, implicitRegs);
// Propagate values and simplify the results.
// We hope the the sequence
// esp = fp - 4
// mov [esp-4],eax
// will become
// esp_2 = fp - 4
// mov [fp - 8],eax
var vp = new ValuePropagator(this.pb.Program.Architecture, ssa.SsaState, listener);
vp.Transform();
ssa.RenameFrameAccesses = true;
ssa.AddUseInstructions = true;
ssa.Transform();
var writer = new StringWriter();
proc.Write(false, writer);
var sActual = writer.ToString();
if (sActual != sExp)
{
Debug.Print(sActual);
}
Assert.AreEqual(sExp, sActual);
ssa.SsaState.CheckUses(s => Assert.Fail(s));
}
