public void X86St_SetAhRegisterFileValue() { var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.ah, Constant.Byte(0x3A)); Assert.IsFalse(state.IsValid(Registers.ax)); Assert.IsTrue(state.IsValid(Registers.ah)); }
public X86State(X86State st) : base(st) { arch = st.arch; FpuStackItems = st.FpuStackItems; regs = (ulong[])st.regs.Clone(); valid = (bool []) st.valid.Clone(); }
public void X86St_SetAhThenAl() { var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.ah, Constant.Byte(0x12)); state.SetRegister(Registers.al, Constant.Byte(0x34)); Assert.IsTrue(state.IsValid(Registers.ax)); Assert.IsTrue(state.IsValid(Registers.al)); Assert.IsTrue(state.IsValid(Registers.ah)); }
public void X86St_OnBeforeCall_DecrementStackRegister() { var arch = new IntelArchitecture(ProcessorMode.Protected32); var state = new X86State(arch); var esp = CreateId(Registers.esp); state.SetRegister(Registers.esp, Constant.Word32(-4)); state.OnProcedureEntered(); var site = state.OnBeforeCall(esp, 4); Assert.AreEqual(4, site.SizeOfReturnAddressOnStack); Assert.AreEqual("0xFFFFFFFC", state.GetValue(esp).ToString()); }
public Address AddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { if (mode == ProcessorMode.Protected32) { return Address.Ptr32(offset); } else { return state.AddressFromSegOffset(seg, offset); } }
public void Setup() { prog = new Program(); prog.Image = new LoadedImage(Address.Ptr32(0x10000), new byte[4]); var procAddress = Address.Ptr32(0x10000000); instr = new IntelInstruction(Opcode.nop, PrimitiveType.Word32, PrimitiveType.Word32) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); state = (X86State) arch.CreateProcessorState(); orw = new OperandRewriter32(arch, proc.Frame, new FakeRewriterHost(prog)); }
public void X86St_Simple() { var arch = new IntelArchitecture(ProcessorMode.Real); X86State st = new X86State(arch); st.SetRegister(Registers.cs, Constant.Word16(0xC00)); st.SetRegister(Registers.ax, Constant.Word16(0x1234)); Assert.IsTrue(!st.GetRegister(Registers.bx).IsValid); Assert.IsTrue(st.GetRegister(Registers.ax).IsValid); Assert.IsTrue(st.GetRegister(Registers.al).IsValid); Assert.AreEqual(0x34, st.GetRegister(Registers.al).ToUInt32()); Assert.IsTrue(st.GetRegister(Registers.ah).IsValid); Assert.AreEqual(0x12, st.GetRegister(Registers.ah).ToUInt32()); }
public X86Rewriter( IntelArchitecture arch, IRewriterHost host, X86State state, EndianImageReader rdr, IStorageBinder binder) { if (host == null) { throw new ArgumentNullException("host"); } this.arch = arch; this.host = host; this.state = state; this.rdr = rdr; this.binder = binder; this.dasm = new LookaheadEnumerator <X86Instruction>(arch.CreateDisassemblerImpl(rdr)); }
public void Setup() { var mem = new MemoryArea(Address.Ptr32(0x10000), new byte[4]); program = new Program { SegmentMap = new SegmentMap( mem.BaseAddress, new ImageSegment(".text", mem, AccessMode.ReadExecute)) }; var procAddress = Address.Ptr32(0x10000000); instr = new X86Instruction(Opcode.nop, PrimitiveType.Word32, PrimitiveType.Word32) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); state = (X86State) arch.CreateProcessorState(); orw = new OperandRewriter32(arch, new ExpressionEmitter(), proc.Frame, new FakeRewriterHost(program)); }
public void StackUnderflow_ReportError() { var arch = new IntelArchitecture(ProcessorMode.Protected32); string reportedError = null; var state = new X86State(arch) { ErrorListener = (err) => { reportedError = err; } }; state.OnProcedureEntered(); state.SetRegister(Registers.esp, Constant.Word32(-4)); // Push only 4 bytes var esp = CreateId(Registers.esp); var site = state.OnBeforeCall(esp, 4); state.OnAfterCall(esp, new ProcedureSignature { StackDelta = 16, // ...but pop 16 bytes }, new Reko.Evaluation.ExpressionSimplifier(state)); //$TODO: hm. Move simplification out of state. Assert.IsNotNull(reportedError); }
public void Setup() { arch = new IntelArchitecture(ProcessorMode.Real); var image = new LoadedImage(Address.Ptr32(0x10000), new byte[4]); var prog = new Program( image, image.CreateImageMap(), arch, null); var procAddress = Address.Ptr32(0x10000000); instr = new X86Instruction(Opcode.nop, PrimitiveType.Word16, PrimitiveType.Word16) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); orw = new OperandRewriter16(arch, proc.Frame, new FakeRewriterHost(prog)); state = (X86State)arch.CreateProcessorState(); }
public Expression Transform(IntelInstruction instr, MachineOperand op, PrimitiveType opWidth, X86State state) { var reg = op as RegisterOperand; if (reg != null) return AluRegister(reg); var mem = op as MemoryOperand; if (mem != null) return CreateMemoryAccess(instr, mem, opWidth, state); var imm = op as ImmediateOperand; if (imm != null) return CreateConstant(imm, opWidth); var fpu = op as FpuOperand; if (fpu != null) return FpuRegister(fpu.StNumber, state); var addr = op as AddressOperand; if (addr != null) return addr.Address; throw new NotImplementedException(string.Format("Operand {0}", op)); }
public bool HasSameValues(X86State st2) { for (int i = 0; i < valid.Length; ++i) { if (valid[i] != st2.valid[i]) { return(false); } if (valid[i]) { RegisterStorage reg = Registers.GetRegister(i); ulong u1 = (ulong)(regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); ulong u2 = (ulong)(st2.regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); if (u1 != u2) { return(false); } } } return(true); }
public void Setup() { arch = new X86ArchitectureReal(); var mem = new MemoryArea(Address.Ptr32(0x10000), new byte[4]); var prog = new Program( new SegmentMap( mem.BaseAddress, new ImageSegment( "code", mem, AccessMode.ReadWriteExecute)), arch, new DefaultPlatform(null, arch)); var procAddress = Address.Ptr32(0x10000000); instr = new X86Instruction(Opcode.nop, PrimitiveType.Word16, PrimitiveType.Word16) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); orw = new OperandRewriter16(arch, proc.Frame, new FakeRewriterHost(prog)); state = (X86State)arch.CreateProcessorState(); }
public override Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return(Address.Ptr64(offset)); }
public Expression CreateMemoryAccess(X86Instruction instr, MemoryOperand mem, DataType dt, X86State state) { var exp = ImportedProcedure(instr.Address, mem.Width, mem); if (exp != null) { return(new ProcedureConstant(arch.PointerType, exp)); } Expression expr = EffectiveAddressExpression(instr, mem, state); if (IsSegmentedAccessRequired || (mem.DefaultSegment != Registers.ds && mem.DefaultSegment != Registers.ss)) { Expression seg = ReplaceCodeSegment(mem.DefaultSegment, state); if (seg == null) { seg = AluRegister(mem.DefaultSegment); } return(new SegmentedAccess(MemoryIdentifier.GlobalMemory, seg, expr, dt)); } else { return(new MemoryAccess(MemoryIdentifier.GlobalMemory, expr, dt)); } }
public bool HasSameValues(X86State st2) { for (int i = 0; i < valid.Length; ++i) { if (valid[i] != st2.valid[i]) return false; if (valid[i]) { RegisterStorage reg = Registers.GetRegister(i); ulong u1 = (ulong)(regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); ulong u2 = (ulong)(st2.regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); if (u1 != u2) return false; } } return true; }
public void X86St_SetCxSymbolic_Invalid() { var ctx = new Dictionary<Storage, Expression> { { Registers.cl, Constant.Byte(0) } }; var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.cx, Constant.Invalid); Assert.IsFalse(state.IsValid(Registers.cx)); Assert.IsFalse(state.IsValid(Registers.cl)); Assert.IsFalse(state.IsValid(Registers.ch)); Assert.IsFalse(state.IsValid(Registers.ecx)); }
public void X86St_SetDhSymbolic_Invalid() { var ctx = new Dictionary<Storage, Expression> { { Registers.dl, Constant.Byte(3) } }; var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.dh, Constant.Invalid); Assert.IsFalse(state.IsValid(Registers.dh)); Assert.IsFalse(state.IsValid(Registers.dx)); Assert.IsFalse(state.IsValid(Registers.edx)); Assert.AreEqual("0x03", ctx[Registers.dl].ToString()); }
public Expression Transform(X86Instruction instr, MachineOperand op, DataType opWidth, X86State state) { var reg = op as RegisterOperand; if (reg != null) { return(AluRegister(reg)); } var mem = op as MemoryOperand; if (mem != null) { return(CreateMemoryAccess(instr, mem, opWidth, state)); } var imm = op as ImmediateOperand; if (imm != null) { return(CreateConstant(imm, (PrimitiveType)opWidth)); } var fpu = op as FpuOperand; if (fpu != null) { return(FpuRegister(fpu.StNumber, state)); } var addr = op as AddressOperand; if (addr != null) { return(addr.Address); } throw new NotImplementedException(string.Format("Operand {0}", op)); }
/// <summary> /// Changes the stack-relative address 'reg' into a frame-relative operand. /// If the register number is larger than the stack depth, then /// the register was passed on the stack when the function was called. /// </summary> /// <param name="reg"></param> /// <returns></returns> public Identifier FpuRegister(int reg, X86State state) { return frame.EnsureFpuStackVariable(reg - state.FpuStackItems, PrimitiveType.Real64); }
public Expression CreateMemoryAccess(X86Instruction instr, MemoryOperand mem, DataType dt, X86State state) { var exg = ImportedGlobal(instr.Address, mem.Width, mem); if (exg is ProcedureConstant) { return(exg); } else if (exg != null) { return(new UnaryExpression(Operator.AddrOf, dt, exg)); } var exp = ImportedProcedure(instr.Address, mem.Width, mem); if (exp != null) { return(new ProcedureConstant(arch.PointerType, exp)); } Expression expr = EffectiveAddressExpression(instr, mem, state); if (IsSegmentedAccessRequired || (mem.DefaultSegment != Registers.cs && mem.DefaultSegment != Registers.ds && mem.DefaultSegment != Registers.ss)) { Expression seg; if (mem.DefaultSegment == Registers.cs) { seg = Constant.Create(PrimitiveType.SegmentSelector, instr.Address.Selector.Value); } else { seg = AluRegister(mem.DefaultSegment); } return(new SegmentedAccess(MemoryIdentifier.GlobalMemory, seg, expr, dt)); } else { return(new MemoryAccess(MemoryIdentifier.GlobalMemory, expr, dt)); } }
/// <summary> /// Memory accesses are translated into expressions. /// </summary> /// <param name="mem"></param> /// <param name="state"></param> /// <returns></returns> public Expression EffectiveAddressExpression(X86Instruction instr, MemoryOperand mem, X86State state) { Expression eIndex = null; Expression eBase = null; Expression expr = null; bool ripRelative = false; if (mem.Base != RegisterStorage.None) { if (mem.Base == Registers.rip) { ripRelative = true; } else { eBase = AluRegister(mem.Base); if (expr != null) { expr = m.IAdd(eBase, expr); } else { expr = eBase; } } } if (mem.Offset.IsValid) { if (ripRelative) { expr = instr.Address + (instr.Length + mem.Offset.ToInt64()); } else if (expr != null) { BinaryOperator op = Operator.IAdd; long l = mem.Offset.ToInt64(); if (l < 0 && l > -0x800) { l = -l; op = Operator.ISub; } DataType dt = (eBase != null) ? eBase.DataType : eIndex.DataType; Constant cOffset = Constant.Create(dt, l); expr = new BinaryExpression(op, dt, expr, cOffset); } else { expr = mem.Offset; } } if (mem.Index != RegisterStorage.None) { eIndex = AluRegister(mem.Index); if (mem.Scale != 0 && mem.Scale != 1) { eIndex = m.IMul(eIndex, Constant.Create(mem.Index.DataType, mem.Scale)); } expr = m.IAdd(expr, eIndex); } return(expr); }
public override Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return Address.Ptr64(offset); }
public void AreEqual() { var arch = new IntelArchitecture(ProcessorMode.Real); X86State st1 = new X86State(arch); X86State st2 = new X86State(arch); Assert.IsTrue(st1.HasSameValues(st2)); }
public X86State(X86State st) : base(st) { arch = st.arch; regs = (ulong[])st.regs.Clone(); valid = (ulong [])st.valid.Clone(); }
private X86Rewriter CreateRewriter64(byte[] bytes) { state = new X86State(arch64); return new X86Rewriter(arch64, host, state, new LeImageReader(image, 0), new Frame(arch64.WordWidth)); }
private X86Rewriter CreateRewriter32(X86Assembler m) { state = new X86State(arch32); return new X86Rewriter(arch32, host, state, m.GetImage().Image.CreateLeReader(0), new Frame(arch32.WordWidth)); }
public Expression CreateMemoryAccess(IntelInstruction instr, MemoryOperand mem, DataType dt, X86State state) { var exp = ImportedProcedure(instr.Address, mem.Width, mem); if (exp != null) return new ProcedureConstant(arch.PointerType, exp); Expression expr = EffectiveAddressExpression(instr, mem, state); if (IsSegmentedAccessRequired || (mem.DefaultSegment != Registers.ds && mem.DefaultSegment != Registers.ss)) { Expression seg = ReplaceCodeSegment(mem.DefaultSegment, state); if (seg == null) seg = AluRegister(mem.DefaultSegment); return new SegmentedAccess(MemoryIdentifier.GlobalMemory, seg, expr, dt); } else { return new MemoryAccess(MemoryIdentifier.GlobalMemory, expr, dt); } }
public Constant ReplaceCodeSegment(RegisterStorage reg, X86State state) { if (reg == Registers.cs && arch.WordWidth == PrimitiveType.Word16) return state.GetRegister(reg); else return null; }
public void X86St_SetBp() { var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.bp, Constant.Word16(0x1234)); Assert.IsFalse(state.IsValid(Registers.ebp)); Assert.IsTrue(state.IsValid(Registers.bp)); }
public Expression CreateMemoryAccess(IntelInstruction instr, MemoryOperand memoryOperand, X86State state) { return CreateMemoryAccess(instr, memoryOperand, memoryOperand.Width, state); }
public Expression CreateMemoryAccess(X86Instruction instr, MemoryOperand memoryOperand, X86State state) { return(CreateMemoryAccess(instr, memoryOperand, memoryOperand.Width, state)); }
public void X86St_SetCx() { var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.cx, Constant.Word16(0x1234)); Assert.AreEqual(0x1234, (int)state.GetRegister(Registers.cx).ToUInt16()); Assert.AreEqual(0x34, (int)state.GetRegister(Registers.cl).ToByte()); Assert.AreEqual(0x12, (int)state.GetRegister(Registers.ch).ToByte()); Assert.IsTrue(state.IsValid(Registers.cx)); Assert.IsTrue(state.IsValid(Registers.cl)); Assert.IsTrue(state.IsValid(Registers.ch)); }
/// <summary> /// Changes the stack-relative address 'reg' into a frame-relative operand. /// If the register number is larger than the stack depth, then /// the register was passed on the stack when the function was called. /// </summary> /// <param name="reg"></param> /// <returns></returns> public Identifier FpuRegister(int reg, X86State state) { return(binder.EnsureFpuStackVariable(reg - state.FpuStackItems, PrimitiveType.Real64)); }
public void X86St_SetEdx() { var state = new X86State(new X86ArchitectureFlat64()); state.SetRegister(Registers.edx, Constant.Word32(0x12345678)); Assert.AreEqual(0x12345678, (long)state.GetRegister(Registers.edx).ToUInt64()); Assert.AreEqual(0x5678, (int)state.GetRegister(Registers.dx).ToUInt32()); Assert.AreEqual(0x78, (int)state.GetRegister(Registers.dl).ToUInt32()); Assert.AreEqual(0x56, (int)state.GetRegister(Registers.dh).ToUInt32()); }
public Expression Transform(X86Instruction instr, MachineOperand op, DataType opWidth, X86State state) { switch (op) { case RegisterOperand reg: return(AluRegister(reg)); case MemoryOperand mem: return(CreateMemoryAccess(instr, mem, opWidth, state)); case ImmediateOperand imm: return(CreateConstant(imm, (PrimitiveType)opWidth)); case FpuOperand fpu: return(FpuRegister(fpu.StNumber, state)); case AddressOperand addr: return(addr.Address); default: throw new NotImplementedException(string.Format("Operand {0}", op)); } }
/// <summary> /// Memory accesses are translated into expressions. /// </summary> /// <param name="mem"></param> /// <param name="state"></param> /// <returns></returns> public Expression EffectiveAddressExpression(IntelInstruction instr, MemoryOperand mem, X86State state) { Expression eIndex = null; Expression eBase = null; Expression expr = null; PrimitiveType type = PrimitiveType.CreateWord(mem.Width.Size); bool ripRelative = false; if (mem.Base != RegisterStorage.None) { if (mem.Base == Registers.rip) { ripRelative = true; } else { eBase = AluRegister(mem.Base); if (expr != null) { expr = new BinaryExpression(Operator.IAdd, eBase.DataType, eBase, expr); } else { expr = eBase; } } } if (mem.Offset.IsValid) { if (ripRelative) { expr = instr.Address + (instr.Length + mem.Offset.ToInt64()); } else if (expr != null) { BinaryOperator op = Operator.IAdd; long l = mem.Offset.ToInt64(); if (l < 0 && l > -0x800) { l = -l; op = Operator.ISub; } DataType dt = (eBase != null) ? eBase.DataType : eIndex.DataType; Constant cOffset = Constant.Create(dt, l); expr = new BinaryExpression(op, dt, expr, cOffset); } else { expr = mem.Offset; } } if (mem.Index != RegisterStorage.None) { eIndex = AluRegister(mem.Index); if (mem.Scale != 0 && mem.Scale != 1) { eIndex = new BinaryExpression( Operator.IMul, eIndex.DataType, eIndex, Constant.Create(mem.Width, mem.Scale)); } expr = new BinaryExpression(Operator.IAdd, expr.DataType, expr, eIndex); } return expr; }
public virtual Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return state.AddressFromSegOffset(seg, offset); }
public Expression CreateMemoryAccess(X86Instruction instr, MemoryOperand mem, DataType dt, X86State state) { Expression expr = EffectiveAddressExpression(instr, mem, state); //$REVIEW: perhaps the code below could be moved to Scanner since it is arch-independent? if (expr is Address addrThunk) { var exg = host.GetImport(addrThunk, instr.Address); if (exg is ProcedureConstant) { return(exg); } else if (exg != null) { return(new UnaryExpression(Operator.AddrOf, dt, exg)); } var exp = host.GetImportedProcedure(arch, addrThunk, instr.Address); if (exp != null) { return(new ProcedureConstant(arch.PointerType, exp)); } } if (IsSegmentedAccessRequired || (mem.DefaultSegment != Registers.cs && mem.DefaultSegment != Registers.ds && mem.DefaultSegment != Registers.ss)) { Expression seg; if (mem.DefaultSegment == Registers.cs) { seg = Constant.Create(PrimitiveType.SegmentSelector, instr.Address.Selector.Value); } else { seg = AluRegister(mem.DefaultSegment); } return(new SegmentedAccess(MemoryIdentifier.GlobalMemory, seg, expr, dt)); } else { return(new MemoryAccess(MemoryIdentifier.GlobalMemory, expr, dt)); } }
public virtual Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return(state.AddressFromSegOffset(seg, offset)); }
private X86Rewriter CreateRewriter32(X86Assembler m) { state = new X86State(arch32); return new X86Rewriter( arch32, host, state, m.GetImage().SegmentMap.Segments.Values.First().MemoryArea.CreateLeReader(0), new Frame(arch32.WordWidth)); }