public void Dfa2_StackArgs() { var pb = new ProgramBuilder(new FakeArchitecture()); pb.Add("test", m => { var sp = m.Register(m.Architecture.StackRegister); var r1 = m.Reg32("r1"); var r2 = m.Reg32("r2"); m.Assign(sp, m.Frame.FramePointer); m.Assign(r1, m.LoadDw(m.IAdd(sp, 4))); m.Assign(r2, m.LoadDw(m.IAdd(sp, 8))); m.Assign(r1, m.IAdd(r1, r2)); m.Store(m.Word32(0x010008), r1); m.Return(); }); var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener()); dfa.UntangleProcedures2(); var sExp = @"// test // Return size: 0 void test() test_entry: // succ: l1 l1: Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32] return // succ: test_exit test_exit: "; AssertProgram(sExp, pb); }
protected Program CompileTest(Action<ProcedureBuilder> m) { var mock = new ProcedureBuilder(); m(mock); var pmock = new ProgramBuilder(); pmock.Add(mock); return pmock.BuildProgram(); }
private void AssertProgram(string sExp, ProgramBuilder pb) { var sw = new StringWriter(); pb.Program.Procedures.Values.First().Write(false, sw); var sActual = sw.ToString(); if (sExp != sActual) Debug.WriteLine(sActual); Assert.AreEqual(sExp, sw.ToString()); }
public void DpaSimple() { var prog = new ProgramBuilder(); prog.Add("test", m=> { var r1 = m.Register(1); m.Assign(r1, m.Load(PrimitiveType.Real32, m.Word32(0x10000000))); }); RunTest(prog.BuildProgram(), "Typing/DpaSimple.txt"); }
public void Setup() { arch = new IntelArchitecture(ProcessorMode.Protected32); m = new ProcedureBuilder(arch); prog = new Program(); prog.Architecture = arch; exit = new Procedure("exit", new Frame(PrimitiveType.Word32)); flow = new ProgramDataFlow(); p = new ProgramBuilder(); }
public void Setup() { exit = new ExternalProcedure("exit", new ProcedureSignature(null, new Identifier("retCode", PrimitiveType.Int32, new StackArgumentStorage(0, PrimitiveType.Int32)))); exit.Characteristics = new ProcedureCharacteristics(); exit.Characteristics.Terminates = true; progMock = new ProgramBuilder(); flow = new ProgramDataFlow(); }
private void CreateIntraProceduralJumps() { var regS = new RegisterStorage("reg", 1, PrimitiveType.Word32); prog = new ProgramBuilder(); var mainProc = prog.Add("main", (m) => { var reg = m.Frame.EnsureRegister(regS); m.Assign(reg, 0); m.Store(m.Word32(0x1234), reg); m.Return(); }); }
public void EP_TestCondition() { var p = new ProgramBuilder(); p.Add("main", (m) => { m.Label("foo"); m.BranchCc(ConditionCode.EQ, "foo"); m.Return(); }); var proc = p.BuildProgram().Procedures.Values.First(); var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep); Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString()); }
public void EP_ConditionOf() { var p = new ProgramBuilder(); var proc = p.Add("main", (m) => { var szo = m.Frame.EnsureFlagGroup(0x7, "SZO", PrimitiveType.Byte); var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 0, PrimitiveType.Word32)); var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16); m.Assign(v4, m.IAdd(m.LoadW(ebx), 1)); m.Store(ebx, v4); m.Assign(szo, m.Cond(v4)); m.Return(); }); var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep); Assert.AreEqual("SZO = cond(v4)", newInstr.ToString()); }
public void DtbSegmentedPointer() { var m = new ProgramBuilder(); m.Add(new SegmentedPointerProc()); RunTest(m.BuildProgram(), "Typing/DtbSegmentedPointer.txt"); }
public void DtbSegMem3() { ProgramBuilder mock = new ProgramBuilder(); mock.Add(new SegMem3Mock()); RunTest(mock.BuildProgram(), "Typing/DtbSegMem3.txt"); }
public void DtbFnPointerMock() { ProgramBuilder mock = new ProgramBuilder(); mock.Add(new FnPointerFragment()); RunTest(mock, "Typing/DtbFnPointerMock.txt"); }
public void DtbFramePointer() { ProgramBuilder mock = new ProgramBuilder(); mock.Add(new FramePointerFragment(factory)); RunTest(mock, "Typing/DtbFramePointer.txt"); throw new NotImplementedException(); }
public void Dfa2_FactorialReg() { pb = new ProgramBuilder(); pb.Add("fact", m => { var sp = m.Register(m.Architecture.StackRegister); var r1 = m.Register(1); var r2 = m.Register(2); var r3 = m.Register(3); var cc = m.Flags(0xF, "cc"); m.Assign(sp, m.Frame.FramePointer); m.Assign(r2, r1); m.Assign(r1, 1); m.Assign(cc, m.Cond(m.ISub(r2, r1))); m.BranchIf(m.Test(ConditionCode.LE, cc), "done"); m.Assign(sp, m.ISub(sp, 4)); m.Store(sp, r2); m.Assign(r1, m.ISub(r2, r1)); m.Call("fact", 0); m.Assign(r2, m.LoadDw(sp)); m.Assign(sp, m.IAdd(sp, 4)); m.Assign(r1, m.IMul(r1, r2)); m.Label("done"); m.Return(); }); var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener()); dfa.UntangleProcedures2(); var sExp = @"@@@"; AssertProgram(sExp, pb); }
public void DtbStructurePointerPassedToFunction() { ProgramBuilder pp = new ProgramBuilder(); pp.Add("Fn1", m => { Identifier p = m.Local32("p"); m.Store(m.IAdd(p, 4), m.Word32(0x42)); m.SideEffect(m.Fn("Fn2", p)); m.Return(); }); pp.Add("Fn2", m => { Identifier arg1 = m.Local32("arg1"); m.Procedure.Signature = new ProcedureSignature(null, new Identifier[] { arg1 }); m.Store(m.IAdd(arg1, 8), m.Int32(0x23)); m.Return(); }); RunTest(pp.BuildProgram(), "Typing/DtbStructurePointerPassedToFunction.txt"); }
public void DtbSegmentedMemoryPointer() { ProgramBuilder m = new ProgramBuilder(); m.Add(new SegmentedMemoryPointerMock()); RunTest(m.BuildProgram(), "Typing/DtbSegmentedMemoryPointer.txt"); }
public void CceShrRcrPattern() { var p = new ProgramBuilder(new FakeArchitecture()); p.Add("main", (m) => { var C = m.Flags("C"); var r1 = MockReg(m, 1); var r2 = MockReg(m, 2); m.Assign(r1, m.Shr(r1, 1)); m.Assign(C, m.Cond(r1)); m.Assign(r2, m.Fn(new PseudoProcedure(PseudoProcedure.RorC, r2.DataType, 2), r2, C)); m.Assign(C, m.Cond(r2)); m.Store(m.Word32(0x3000), r1); m.Store(m.Word32(0x3004), r2); }); RunTest(p, "Analysis/CceShrRcrPattern.txt"); }
public void CceAddAdcPattern() { var p = new ProgramBuilder(new FakeArchitecture()); p.Add("main", (m) => { var r1 = MockReg(m, 1); var r2 = MockReg(m, 2); var r3 = MockReg(m, 3); var r4 = MockReg(m, 4); var SCZ = m.Frame.EnsureFlagGroup(0x7, "SZC", PrimitiveType.Byte); var C = m.Frame.EnsureFlagGroup(0x4, "C", PrimitiveType.Byte); m.Assign(r1, m.IAdd(r1, r2)); m.Assign(SCZ, m.Cond(r1)); m.Assign(r3, m.IAdd(m.IAdd(r3, r4), C)); m.Store(m.Word32(0x0444400), r1); m.Store(m.Word32(0x0444404), r3); m.Return(); }); RunTest(p, "Analysis/CceAddAdcPattern.txt"); }
private void GivenProgram(ProgramBuilder pb) { }
public void DtbSegmentedDoubleReference() { ProgramBuilder m = new ProgramBuilder(); m.Add(new SegmentedDoubleReferenceMock()); RunTest(m, "Typing/DtbSegmentedDoubleReference.txt"); }
public void DtbTreeFind() { ProgramBuilder m = new ProgramBuilder(); m.Add(new TreeFindMock()); RunTest(m, "Typing/DtbTreeFind.txt"); }
public void DtbSequenceWithSegment() { ProcedureBuilder m = new ProcedureBuilder(); Identifier ds = m.Local16("ds"); ds.DataType = PrimitiveType.SegmentSelector; m.SegStore(ds, m.Word16(0x0100), m.Seq(ds, m.Word16(0x1234))); ProgramBuilder prog = new ProgramBuilder(); prog.Add(m); RunTest(prog.BuildProgram(), "Typing/DtbSequenceWithSegment.txt"); }
public void DtbFn1CallFn2() { ProgramBuilder pp = new ProgramBuilder(); pp.Add("Fn1", m => { Identifier loc1 = m.Local32("loc1"); Identifier loc2 = m.Local32("loc2"); m.Assign(loc2, m.Fn("Fn2", loc1)); m.Return(); }); pp.Add("Fn2", m => { Identifier arg1 = m.Local32("arg1"); Identifier ret = m.Register(1); m.Procedure.Signature = new ProcedureSignature(ret, new Identifier[] { arg1 }); m.Procedure.Signature.Parameters[0] = arg1; m.Assign(ret, m.IAdd(arg1, 1)); m.Return(ret); }); RunTest(pp.BuildProgram(), "Typing/DtbFn1CallFn2.txt"); }
public void DtbCallTable() { var pb = new ProgramBuilder(); pb.Add(new IndirectCallFragment()); RunTest(pb.BuildProgram(), "Typing/DtbCallTable.txt"); }
public void DtbSignedCompare() { ProcedureBuilder m = new ProcedureBuilder(); Identifier p = m.Local32("p"); Identifier ds = m.Local16("ds"); ds.DataType = PrimitiveType.SegmentSelector; Identifier ds2 = m.Local16("ds2"); ds.DataType = PrimitiveType.SegmentSelector; m.Assign(ds2, ds); m.Store( m.SegMem(PrimitiveType.Bool, ds, m.Word16(0x5400)), m.Lt(m.SegMemW(ds, m.Word16(0x5404)), m.Word16(20))); m.Store(m.SegMemW(ds2, m.Word16(0x5404)), m.Word16(0)); ProgramBuilder prog = new ProgramBuilder(); prog.Add(m); RunTest(prog.BuildProgram(), "Typing/DtbSignedCompare.txt"); }
public void Dfa2_CallProc() { pb = new ProgramBuilder(); pb.Add("test", m => { var sp = m.Register(m.Architecture.StackRegister); var fooProc = GivenFunction("foo", m.Architecture.GetRegister(1), 4, 8); m.Assign(sp, m.ISub(sp, 4)); m.Store(sp, 2); m.Assign(sp, m.ISub(sp, 4)); m.Store(sp, 1); m.Call(fooProc, 4); m.Assign(sp, m.IAdd(sp, 8)); m.Return(); }); var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener()); dfa.UntangleProcedures2(); var sExp = @"// test // Return size: 0 void test() test_entry: // succ: l1 l1: Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32] return // succ: test_exit test_exit: "; AssertProgram(sExp, pb); }
public void DtbArrayConstantPointers() { ProgramBuilder pp = new ProgramBuilder(); pp.Add("Fn", m => { Identifier a = m.Local32("a"); Identifier i = m.Local32("i"); m.Assign(a, 0x00123456); // array pointer m.Store(m.IAdd(a, m.IMul(i, 8)), m.Int32(42)); }); RunTest(pp.BuildProgram(), "Typing/DtbArrayConstantPointers.txt"); }
private void RunTest(ProgramBuilder p, string output) { SaveRunOutput(p.BuildProgram(), RunTest, output); }
public void DtbArrayAccess() { ProgramBuilder mock = new ProgramBuilder(); mock.Add(new ArrayAccess()); RunTest(mock, "Typing/DtbArrayAccess.txt"); }
public void DtbGlobalVariables() { ProgramBuilder mock = new ProgramBuilder(); mock.Add(new GlobalVariablesMock()); RunTest(mock, "Typing/DtbGlobalVariables.txt"); }