public void BwAdd()
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var bw = new Backwalker <Block, Instruction>(
host,
new RtlGoto(m.Mem32(m.IAdd(eax, 0x10000)), InstrClass.Transfer),
expSimp);
Assert.IsTrue(bw.BackwalkInstruction(m.Assign(eax, m.IAdd(eax, eax))));
Assert.AreSame(Registers.eax, bw.Index);
Assert.AreEqual("* 2", bw.Operations[0].ToString());
Assert.AreEqual(2, bw.Stride);
}
public void BwComparison()
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var SCZO = m.Frame.EnsureFlagGroup(Registers.eflags, (uint)(FlagM.SF | FlagM.ZF | FlagM.CF | FlagM.OF), "SCZO", PrimitiveType.Byte);
var bw = new Backwalker <Block, Instruction>(host, new RtlGoto(m.Mem32(m.IAdd(eax, 0x1000)), InstrClass.Transfer), expSimp);
bw.UsedFlagIdentifier = m.Frame.EnsureFlagGroup(Registers.eflags, (uint)FlagM.CF, "C", PrimitiveType.Byte);
Assert.IsFalse(
bw.BackwalkInstruction(
m.Assign(SCZO, new ConditionOf(m.ISub(eax, 3)))),
"Encountering this comparison should terminate the backwalk");
Assert.AreSame(Registers.eax, bw.Index);
Assert.AreEqual("cmp 3", bw.Operations[0].ToString());
}
public void BwJmp()
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var SCZO = m.Frame.EnsureFlagGroup(Registers.eflags, (uint)(FlagM.SF | FlagM.ZF | FlagM.CF | FlagM.OF), "SCZO", PrimitiveType.Byte);
var bw = new Backwalker <Block, Instruction>(host, new RtlGoto(m.Mem32(m.IAdd(eax, 0x1000)), InstrClass.Transfer), expSimp);
Assert.IsTrue(
bw.BackwalkInstruction(
m.BranchIf(
new TestCondition(ConditionCode.UGT, SCZO),
"Nizze").Instruction));
Assert.AreEqual("branch UGT", bw.Operations[0].ToString());
Assert.AreEqual("SCZO", bw.UsedFlagIdentifier.ToString());
}
public void BwLoadDirect()
{
var r1 = m.Reg32("r1", 1);
m.Assign(r1, m.Mem32(Constant.Word32(0x00123400)));
var xfer = new RtlGoto(m.Mem32(m.IAdd(Constant.Word32(0x00113300), m.IMul(r1, 8))), RtlClass.Transfer);
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
var ops = bw.BackWalk(m.Block);
Assert.IsNull(ops, "Should have reported missing guard.");
}
public void BwInc()
{
var state = arch.CreateProcessorState();
var di = new Identifier("di", Registers.di.DataType, Registers.di);
Backwalker bw = new Backwalker(host, new RtlGoto(new MemoryAccess(di, di.DataType), RtlClass.Transfer),
new ExpressionSimplifier(state));
var instrs = new StatementList(new Block(null, "foo"));
instrs.Add(0, new Assignment(di, new BinaryExpression(Operator.IAdd, di.DataType, di, Constant.Word16(1))));
var r = bw.BackwalkInstructions(Registers.di, instrs);
Assert.AreSame(Registers.di, bw.Index);
Assert.AreEqual("+ 1", bw.Operations[0].ToString());
}
public void BwInc()
{
var map = new SegmentMap(Address.Ptr32(0x10000000));
var state = arch.CreateProcessorState();
var di = new Identifier("di", Registers.di.DataType, Registers.di);
var bw = new Backwalker <Block, Instruction>(host, new RtlGoto(new MemoryAccess(di, di.DataType), InstrClass.Transfer),
new ExpressionSimplifier(map, state, new FakeDecompilerEventListener()));
var instrs = new StatementList(new Block(null, null, "foo"));
bw.BackwalkInstructions(Registers.di, new Instruction[] {
new Assignment(di, new BinaryExpression(Operator.IAdd, di.DataType, di, Constant.Word16(1)))
});
Assert.AreSame(Registers.di, bw.Index);
Assert.AreEqual("+ 1", bw.Operations[0].ToString());
}
public void BwTempRegister()
{
var v1 = m.Frame.CreateTemporary(PrimitiveType.Word32);
var edi = m.Frame.CreateTemporary(PrimitiveType.Word32);
var esi = m.Frame.EnsureRegister(Registers.esi);
var xfer = new RtlCall(m.Mem32(m.IAdd(esi, 40)), 4, InstrClass.Transfer);
m.Assign(v1, m.Mem32(edi));
m.Assign(esi, v1);
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
bool result;
result = bw.BackwalkInstruction(m.Block.Statements[1].Instruction);
result = bw.BackwalkInstruction(m.Block.Statements[0].Instruction);
Assert.IsFalse(result);
Assert.AreEqual("None", bw.Index.ToString());
}
private void RunTest(IntelArchitecture arch, RtlTransfer rtlTransfer, string outputFile)
{
using (var fut = new FileUnitTester(outputFile))
{
m.Procedure.Write(false, fut.TextWriter);
fut.TextWriter.Flush();
var ibw = new Backwalker <Block, Instruction>(host, rtlTransfer, expSimp);
var bwoList = ibw.BackWalk(m.CurrentBlock);
Assert.IsNotNull(bwoList);
foreach (BackwalkOperation bwo in bwoList)
{
fut.TextWriter.WriteLine(bwo);
}
fut.TextWriter.WriteLine("Index register: {0}", ibw.Index);
fut.AssertFilesEqual();
}
}
public void BwUnresolveableIndirect()
{
var eax = m.Reg32("eax", 0);
var esi = m.Reg32("esi", 6);
var Z = m.Frame.EnsureFlagGroup(Registers.eflags, 1, "Z", PrimitiveType.Bool);
var xfer = new RtlCall(eax, 4, InstrClass.Transfer);
m.Assign(eax, m.Mem32(esi));
m.Assign(Z, m.Cond(m.And(eax, eax)));
m.BranchIf(m.Test(ConditionCode.EQ, Z), "null_ptr");
m.Label("do_call");
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
Assert.AreEqual("eax", bw.Index.Name);
bw.BackWalk(m.Block);
Assert.AreEqual("None", bw.Index.ToString());
}
public void BwUnresolveableIndirect()
{
var eax = m.Frame.CreateTemporary("eax", PrimitiveType.Word32);
var esi = m.Frame.CreateTemporary("esi", PrimitiveType.Word32);
var Z = m.Frame.EnsureFlagGroup(1, "Z", PrimitiveType.Bool);
var xfer = new RtlCall(eax, 4, RtlClass.Transfer);
m.Assign(eax, m.LoadDw(esi));
m.Assign(Z, m.Cond(m.And(eax, eax)));
m.BranchIf(m.Test(ConditionCode.EQ, Z), "null_ptr");
m.Label("do_call");
var bw = new Backwalker(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
Assert.AreEqual("eax", bw.Index.Name);
bw.BackWalk(m.Block);
Assert.AreEqual("None", bw.Index.Name);
}
public void BwZeroExtend()
{
var rax = m.Reg64("rax", 0);
var eax = m.Reg32("eax", 0);
var al = m.Reg8("al", 0);
var ecx = m.Reg32("ecx", 1);
var CZ = m.Flags("CZ");
m.Assign(eax, m.Mem8(rax));
m.Assign(CZ, m.Cond(m.ISub(al, 0x78)));
m.BranchIf(m.Test(ConditionCode.UGT, CZ), "ldefault");
m.Assign(ecx, m.Cast(PrimitiveType.Word32, al));
var xfer = new RtlGoto(m.Mem32(m.IAdd(Constant.Word32(0x00411F40), m.IMul(ecx, 8))), InstrClass.Transfer);
var bw = new Backwalker<Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
var ops = bw.BackWalk(m.Block);
Assert.AreEqual(3, ops.Count);
Assert.AreEqual("cmp 120", ops[0].ToString());
Assert.AreEqual("branch UGT", ops[1].ToString());
Assert.AreEqual("* 8", ops[2].ToString());
}
public void BwSignExtension()
{
var CVZNX = m.Flags("CVZNS");
var CVZN = m.Flags("CVZN");
var VZN = m.Flags("VZN");
var d1 = m.Reg32("d1", 1);
var v80 = m.Temp(PrimitiveType.Word32, "v80");
var v82 = m.Temp(PrimitiveType.Word16, "v82");
m.Assign(v80, m.ISub(d1, 0x28));
m.Assign(CVZN, m.Cond(v80));
m.BranchIf(m.Test(ConditionCode.GT, VZN), "default_label");
m.Assign(d1, m.IAdd(d1, d1));
m.Assign(CVZNX, m.Cond(d1));
m.Assign(v82, m.Mem16(m.IAdd(m.Word32(0x001066A4), d1)));
m.Assign(d1, m.Dpb(d1, v82, 0));
m.Assign(CVZN, m.Cond(v82));
var block = m.CurrentBlock;
var xfer = new RtlGoto(
m.IAdd(
m.Word32(0x001066A2),
m.Cast(PrimitiveType.Int32, m.Cast(PrimitiveType.Int16, d1))),
RtlClass.Transfer);
m.Label("default_case");
m.Return();
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
var ops = bw.BackWalk(block);
Assert.AreEqual(3, ops.Count);
Assert.AreEqual("cmp 48", ops[0].ToString());
Assert.AreEqual("branch UGT", ops[1].ToString());
Assert.AreEqual("* 4", ops[2].ToString());
}
public void BwReg_00121()
{
var d0 = m.Reg32("d0", 0);
var d3 = m.Reg32("d3", 3);
var a5 = m.Reg32("a5", 5);
var v38 = m.Temp(PrimitiveType.Word16, "v38");
var v39 = m.Temp(PrimitiveType.Byte, "v39");
var v40 = m.Temp(PrimitiveType.Word16, "v40");
var VZN = m.Flags("VZN");
var ZN = m.Flags("ZN");
var C = m.Flags("C");
var V = m.Flags("V");
var CVZN = m.Flags("CVZN");
var CVZNX = m.Flags("CVZNX");
m.Assign(d0, d3);
m.Assign(CVZN, m.Cond(d0));
m.Assign(v38, m.And(m.Cast(PrimitiveType.Word16, d0), 0xF0));
m.Assign(d0, m.Dpb(d0, v38, 0));
m.Assign(ZN, m.Cond(v38));
m.Assign(C, false);
m.Assign(V, false);
m.Assign(v39, m.Shl(m.Cast(PrimitiveType.Byte, d0), 2));
m.Assign(d0, m.Dpb(d0, v39, 0));
m.Assign(CVZNX, m.Cond(v39));
m.Assign(v40, m.ISub(m.Cast(PrimitiveType.Word16, d0), 44));
m.Assign(CVZN, m.Cond(v40));
m.BranchIf(m.Test(ConditionCode.GT, VZN), "lDefault");
m.Assign(a5, m.Mem32(m.IAdd(Address.Ptr32(0x0000C046), d0)));
var xfer = new RtlCall(a5, 4, RtlClass.Transfer);
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
Assert.AreEqual("a5", bw.Index.Name);
bw.BackWalk(m.Block);
Assert.AreEqual("v40", bw.IndexExpression.ToString());
}
public void BwIndexInMemoryAddress()
{
// samples of switch statement emitted
// by the Microsoft VC compiler
var ebp = m.Frame.EnsureRegister(Registers.ebp);
var eax = m.Frame.EnsureRegister(Registers.eax);
var edx = m.Frame.EnsureRegister(Registers.edx);
var dl = m.Frame.EnsureRegister(Registers.dl);
var SCZO = m.Frame.EnsureFlagGroup((uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte);
// cmp [ebp-66],1D
m.Assign(SCZO, m.Cond(m.ISub(m.LoadDw(m.ISub(ebp, 0xC4)), 0x1D)));
var block0 = m.CurrentBlock;
m.BranchIf(new TestCondition(ConditionCode.UGT, SCZO), "default");
// mov edx,[ebp-66]
// movzx eax,byte ptr [edx + 0x10000]
// jmp [eax + 0x12000]
m.Assign(edx, m.LoadDw(m.ISub(ebp, 0xC4)));
m.Assign(eax, m.Cast(PrimitiveType.Word32, m.LoadB(m.IAdd(edx, 0x10000))));
var block1 = m.CurrentBlock;
var bw = new Backwalker(host, new RtlGoto(m.LoadDw(m.IAdd(eax, 0x12000)), RtlClass.Transfer), expSimp);
var ret = bw.BackwalkInstructions(Registers.eax, block1);
Assert.AreEqual("None", bw.Index.ToString());
Assert.AreEqual("Mem0[ebp - 0x000000C4:word32]", bw.IndexExpression.ToString());
Assert.AreEqual(4, bw.JumpSize);
Assert.IsTrue(ret);
ret = bw.BackwalkInstructions(null, block0);
}
