public void TrfPropagateStackValuesToSuccessor() { m.Label("Start"); Identifier ecx = m.Register(1); trf = CreateTrashedRegisterFinder(prog); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); trf.StackSymbolicValues[-4] = ecx; trf.StackSymbolicValues[-8] = ecx; trf.StackSymbolicValues[-12] = ecx; trf.StackSymbolicValues[-16] = m.Word32(0x1234); trf.StackSymbolicValues[-20] = m.Word32(0x5678); trf.StackSymbolicValues[-24] = m.Word32(0x9ABC); var succ = new Block(m.Procedure, "succ"); var sf = CreateBlockFlow(succ, m.Frame); flow[succ] = sf; sf.SymbolicIn.StackState[-8] = ecx; sf.SymbolicIn.StackState[-12] = Constant.Word32(1231); sf.SymbolicIn.StackState[-20] = Constant.Word32(0x5678); sf.SymbolicIn.StackState[-24] = Constant.Word32(0xCCCC); trf.PropagateToSuccessorBlock(succ); Assert.AreEqual("ecx", sf.SymbolicIn.StackState[-4].ToString(), "Didn't have a value before"); Assert.AreEqual("ecx", sf.SymbolicIn.StackState[-8].ToString(), "Same value as before"); Assert.AreEqual("<invalid>", sf.SymbolicIn.StackState[-12].ToString()); Assert.AreEqual("0x00001234", sf.SymbolicIn.StackState[-16].ToString()); Assert.AreEqual("0x00005678", sf.SymbolicIn.StackState[-20].ToString()); Assert.AreEqual("<invalid>", sf.SymbolicIn.StackState[-24].ToString()); }
public void TrfPropagateToProcedureSummary() { Procedure proc = new Procedure("proc", prog.Architecture.CreateFrame()); prog.CallGraph.AddProcedure(proc); Identifier eax = proc.Frame.EnsureRegister(Registers.eax); Identifier ebx = proc.Frame.EnsureRegister(Registers.ebx); Identifier ecx = proc.Frame.EnsureRegister(Registers.ecx); Identifier esi = proc.Frame.EnsureRegister(Registers.esi); flow[proc] = new ProcedureFlow(proc, prog.Architecture); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(proc.ExitBlock, proc.Frame); trf.StartProcessingBlock(proc.ExitBlock); trf.RegisterSymbolicValues[(RegisterStorage)eax.Storage] = eax; // preserved trf.RegisterSymbolicValues[(RegisterStorage)ebx.Storage] = ecx; // trashed trf.RegisterSymbolicValues[(RegisterStorage)esi.Storage] = Constant.Invalid; // trashed trf.PropagateToProcedureSummary(proc); ProcedureFlow pf = flow[proc]; Assert.AreEqual(" ebx esi", pf.EmitRegisters(prog.Architecture, "", pf.TrashedRegisters)); Assert.AreEqual(" eax", pf.EmitRegisters(prog.Architecture, "", pf.PreservedRegisters)); }
public void TrashFlag() { var scz = m.Frame.EnsureFlagGroup(0x7, arch.GrfToString(0x7), PrimitiveType.Byte); var stm = m.Assign(scz, m.Int32(3)); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); Assert.AreEqual(0x7, trf.TrashedFlags); }
public void TrashCompoundRegister() { Identifier ax = m.Frame.EnsureRegister(Registers.ax); var stm = m.Assign(ax, 1); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); Assert.AreEqual("(ax:0x0001)", DumpValues()); }
public void TrashRegister() { var r1 = m.Register(1); var stm = m.Assign(r1, m.Int32(0)); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); Debug.WriteLine(trf.RegisterSymbolicValues[(RegisterStorage)r1.Storage].ToString()); Assert.IsTrue(trf.IsTrashed(r1.Storage), "r1 should have been marked as trashed."); }
public void TrfCopy() { Identifier r1 = m.Register(1); Identifier r2 = m.Register(2); var ass = m.Assign(r2, r1); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); ass.Accept(trf); Assert.AreEqual(r1, trf.RegisterSymbolicValues[(RegisterStorage)r2.Storage], "r2 should now be equal to r1"); }
public void TrfCallInstruction() { var callee = new Procedure("Callee", prog.Architecture.CreateFrame()); var stm = m.Call(callee, 4); var pf = new ProcedureFlow(callee, prog.Architecture); pf.TrashedRegisters[Registers.ebx.Number] = true; flow[callee] = pf; trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Instruction.Accept(trf); Assert.AreEqual("(ebx:<invalid>)", DumpValues()); }
public void TrfPropagateFlagsToProcedureSummary() { var proc = new Procedure("proc", prog.Architecture.CreateFrame()); prog.CallGraph.AddProcedure(proc); var flags = prog.Architecture.GetFlagGroup("SZ"); var sz = m.Frame.EnsureFlagGroup(flags.FlagGroupBits, flags.Name, flags.DataType); var stm = m.Assign(sz, m.Int32(3)); flow[proc] = new ProcedureFlow(proc, prog.Architecture); trf = CreateTrashedRegisterFinder(prog); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); trf.PropagateToProcedureSummary(proc); Assert.AreEqual(" SZ", flow[proc].EmitFlagGroup(prog.Architecture, "", flow[proc].grfTrashed)); }
public void TrfCopyBack() { var esp = m.Frame.EnsureRegister(Registers.esp); var r2 = m.Register(2); var stm1 = m.Store(m.ISub(esp, 0x10), r2); var stm2 = m.Assign(r2, m.Int32(0)); var stm3 = m.Assign(r2, m.Mem32(m.ISub(esp, 0x10))); trf = CreateTrashedRegisterFinder(); var flow = CreateBlockFlow(m.Block, m.Frame); flow.SymbolicIn.SetValue((Identifier)esp, (Expression)this.m.Frame.FramePointer); trf.StartProcessingBlock(m.Block); stm1.Instruction.Accept(trf); stm2.Accept(trf); stm3.Accept(trf); Assert.AreEqual(r2, trf.RegisterSymbolicValues[(RegisterStorage)r2.Storage]); }
public void TrfPropagateToSuccessorBlocks() { Procedure proc = new Procedure("test", prog.Architecture.CreateFrame()); var frame = proc.Frame; Identifier ecx = m.Register(1); Identifier edx = m.Register(2); Identifier ebx = m.Register(3); Block b = proc.AddBlock("b"); Block t = proc.AddBlock("t"); Block e = proc.AddBlock("e"); proc.ControlGraph.AddEdge(b, e); proc.ControlGraph.AddEdge(b, t); flow[t] = new BlockFlow(t, null, new SymbolicEvaluationContext(prog.Architecture, frame)); flow[e] = new BlockFlow(e, null, new SymbolicEvaluationContext(prog.Architecture, frame)); trf = CreateTrashedRegisterFinder(prog); CreateBlockFlow(b, frame); trf.StartProcessingBlock(b); trf.RegisterSymbolicValues[(RegisterStorage)ecx.Storage] = Constant.Invalid; trf.RegisterSymbolicValues[(RegisterStorage)edx.Storage] = ebx; flow[e].SymbolicIn.RegisterState[(RegisterStorage)ecx.Storage] = edx; flow[e].SymbolicIn.RegisterState[(RegisterStorage)edx.Storage] = ebx; flow[t].SymbolicIn.RegisterState[(RegisterStorage)ecx.Storage] = Constant.Invalid; flow[t].SymbolicIn.RegisterState[(RegisterStorage)edx.Storage] = edx; trf.PropagateToSuccessorBlock(e); trf.PropagateToSuccessorBlock(t); Assert.AreEqual(2, proc.ControlGraph.Successors(b).Count); Assert.AreEqual("<invalid>", flow[e].SymbolicIn.RegisterState[(RegisterStorage)ecx.Storage].ToString(), "trash & r2 => trash"); Assert.AreEqual("ebx", flow[e].SymbolicIn.RegisterState[(RegisterStorage)edx.Storage].ToString(), "ebx & ebx => ebx"); Assert.AreEqual("<invalid>", flow[e].SymbolicIn.RegisterState[(RegisterStorage)ecx.Storage].ToString(), "trash & r2 => trash"); Assert.AreEqual("ebx", flow[e].SymbolicIn.RegisterState[(RegisterStorage)edx.Storage].ToString(), "ebx & ebx => ebx"); Assert.AreEqual("<invalid>", flow[t].SymbolicIn.RegisterState[(RegisterStorage)ecx.Storage].ToString(), "trash & trash => trash"); Assert.AreEqual("<invalid>", flow[t].SymbolicIn.RegisterState[(RegisterStorage)edx.Storage].ToString(), "r3 & r2 => trash"); }
public void TrfPropagateStackValuesToSuccessor() { m.Label("Start"); Identifier ecx = m.Register(1); trf = CreateTrashedRegisterFinder(program); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); trf.StackSymbolicValues[-4] = ecx; trf.StackSymbolicValues[-8] = ecx; trf.StackSymbolicValues[-12] = ecx; trf.StackSymbolicValues[-16] = m.Word32(0x1234); trf.StackSymbolicValues[-20] = m.Word32(0x5678); trf.StackSymbolicValues[-24] = m.Word32(0x9ABC); var succ = new Block(m.Procedure, "succ"); var sf = CreateBlockFlow(succ, m.Frame); flow[succ] = sf; sf.SymbolicIn.StackState[-8] = ecx; sf.SymbolicIn.StackState[-12] = Constant.Word32(1231); sf.SymbolicIn.StackState[-20] = Constant.Word32(0x5678); sf.SymbolicIn.StackState[-24] = Constant.Word32(0xCCCC); trf.PropagateToSuccessorBlock(succ); Assert.AreEqual("ecx", sf.SymbolicIn.StackState[-4].ToString(), "Didn't have a value before"); Assert.AreEqual("ecx", sf.SymbolicIn.StackState[-8].ToString(), "Same value as before"); Assert.AreEqual("<invalid>", sf.SymbolicIn.StackState[-12].ToString()); Assert.AreEqual("0x00001234", sf.SymbolicIn.StackState[-16].ToString()); Assert.AreEqual("0x00005678", sf.SymbolicIn.StackState[-20].ToString()); Assert.AreEqual("<invalid>", sf.SymbolicIn.StackState[-24].ToString()); }
public void TrfPropagateToSuccessorBlocks() { Procedure proc = new Procedure("test", program.Architecture.CreateFrame()); var frame = proc.Frame; Identifier ecx = m.Register(1); Identifier edx = m.Register(2); Identifier ebx = m.Register(3); Block b = proc.AddBlock("b"); Block t = proc.AddBlock("t"); Block e = proc.AddBlock("e"); proc.ControlGraph.AddEdge(b, e); proc.ControlGraph.AddEdge(b, t); flow[t] = new BlockFlow(t, null, new SymbolicEvaluationContext(program.Architecture, frame)); flow[e] = new BlockFlow(e, null, new SymbolicEvaluationContext(program.Architecture, frame)); trf = CreateTrashedRegisterFinder(program); CreateBlockFlow(b, frame); trf.StartProcessingBlock(b); trf.RegisterSymbolicValues[(RegisterStorage) ecx.Storage] = Constant.Invalid; trf.RegisterSymbolicValues[(RegisterStorage) edx.Storage] = ebx; flow[e].SymbolicIn.RegisterState[(RegisterStorage) ecx.Storage] = edx; flow[e].SymbolicIn.RegisterState[(RegisterStorage) edx.Storage] = ebx; flow[t].SymbolicIn.RegisterState[(RegisterStorage) ecx.Storage] = Constant.Invalid; flow[t].SymbolicIn.RegisterState[(RegisterStorage) edx.Storage] = edx; trf.PropagateToSuccessorBlock(e); trf.PropagateToSuccessorBlock(t); Assert.AreEqual(2, proc.ControlGraph.Successors(b).Count); Assert.AreEqual("<invalid>", flow[e].SymbolicIn.RegisterState[(RegisterStorage) ecx.Storage].ToString(), "trash & r2 => trash"); Assert.AreEqual("ebx", flow[e].SymbolicIn.RegisterState[(RegisterStorage) edx.Storage].ToString(), "ebx & ebx => ebx"); Assert.AreEqual("<invalid>", flow[e].SymbolicIn.RegisterState[(RegisterStorage) ecx.Storage].ToString(), "trash & r2 => trash"); Assert.AreEqual("ebx", flow[e].SymbolicIn.RegisterState[(RegisterStorage) edx.Storage].ToString(), "ebx & ebx => ebx"); Assert.AreEqual("<invalid>", flow[t].SymbolicIn.RegisterState[(RegisterStorage) ecx.Storage].ToString(), "trash & trash => trash"); Assert.AreEqual("<invalid>", flow[t].SymbolicIn.RegisterState[(RegisterStorage) edx.Storage].ToString(), "r3 & r2 => trash"); }
public void TrfCallInstruction() { var callee = new Procedure("Callee", program.Architecture.CreateFrame()); var stm = m.Call(callee, 4); var pf = new ProcedureFlow(callee, program.Architecture); pf.TrashedRegisters.Add(Registers.ebx); flow[callee] = pf; trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Instruction.Accept(trf); Assert.AreEqual("(ebx:<invalid>)", DumpValues()); }
public void TrfCopyBack() { var esp = m.Frame.EnsureRegister(Registers.esp); var r2 = m.Register(2); var stm1 = m.Store(m.ISub(esp, 0x10), r2); var stm2 = m.Assign(r2, m.Int32(0)); var stm3 = m.Assign(r2, m.LoadDw(m.ISub(esp, 0x10))); trf = CreateTrashedRegisterFinder(); var flow = CreateBlockFlow(m.Block, m.Frame); flow.SymbolicIn.SetValue(esp, m.Frame.FramePointer); trf.StartProcessingBlock(m.Block); stm1.Instruction.Accept(trf); stm2.Accept(trf); stm3.Accept(trf); Assert.AreEqual(r2, trf.RegisterSymbolicValues[(RegisterStorage) r2.Storage]); }
public void TrfCopy() { Identifier r1 = m.Register(1); Identifier r2 = m.Register(2); var ass = m.Assign(r2, r1); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); ass.Accept(trf); Assert.AreEqual(r1, trf.RegisterSymbolicValues[(RegisterStorage) r2.Storage], "r2 should now be equal to r1"); }
public void TrashFlag() { var flags = arch.GetFlagGroup(0x7).FlagRegister; var scz = m.Frame.EnsureFlagGroup(flags, 0x7, arch.GrfToString(0x7), PrimitiveType.Byte); var stm = m.Assign(scz, m.Int32(3)); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); Assert.AreEqual(0x7, trf.TrashedFlags); }
public void TrfPropagateToProcedureSummary() { Procedure proc = new Procedure("proc", program.Architecture.CreateFrame()); program.CallGraph.AddProcedure(proc); Identifier eax = proc.Frame.EnsureRegister(Registers.eax); Identifier ebx = proc.Frame.EnsureRegister(Registers.ebx); Identifier ecx = proc.Frame.EnsureRegister(Registers.ecx); Identifier esi = proc.Frame.EnsureRegister(Registers.esi); flow[proc] = new ProcedureFlow(proc, program.Architecture); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(proc.ExitBlock, proc.Frame); trf.StartProcessingBlock(proc.ExitBlock); trf.RegisterSymbolicValues[(RegisterStorage) eax.Storage] = eax; // preserved trf.RegisterSymbolicValues[(RegisterStorage) ebx.Storage] = ecx; // trashed trf.RegisterSymbolicValues[(RegisterStorage) esi.Storage] = Constant.Invalid; // trashed trf.PropagateToProcedureSummary(proc); ProcedureFlow pf = flow[proc]; Assert.AreEqual(" ebx esi", pf.EmitRegisters(program.Architecture, "", pf.TrashedRegisters)); Assert.AreEqual(" eax", pf.EmitRegisters(program.Architecture, "", pf.PreservedRegisters)); }
public void TrfPropagateFlagsToProcedureSummary() { var proc = new Procedure("proc", program.Architecture.CreateFrame()); program.CallGraph.AddProcedure(proc); var flags = program.Architecture.GetFlagGroup("SZ"); var sz = m.Frame.EnsureFlagGroup(flags.FlagRegister, flags.FlagGroupBits, flags.Name, flags.DataType); var stm = m.Assign(sz, m.Int32(3)); flow[proc] = new ProcedureFlow(proc, program.Architecture); trf = CreateTrashedRegisterFinder(program); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); trf.PropagateToProcedureSummary(proc); Assert.AreEqual(" SZ", flow[proc].EmitFlagGroup(program.Architecture, "", flow[proc].grfTrashed)); }
public void TrashRegister() { var r1 = m.Register(1); var stm = m.Assign(r1, m.Int32(0)); trf = CreateTrashedRegisterFinder(); CreateBlockFlow(m.Block, m.Frame); trf.StartProcessingBlock(m.Block); stm.Accept(trf); Debug.WriteLine(trf.RegisterSymbolicValues[(RegisterStorage) r1.Storage].ToString()); Assert.IsTrue(trf.IsTrashed(r1.Storage), "r1 should have been marked as trashed."); }