Package org.jakstab.asm

Examples of org.jakstab.asm.AbsoluteAddress

141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
                ExpressionFactory.createEqual(
                    stmt.getTargetExpression(),
                    targetValue)
                );
            // set next label to jump target
            nextLabel = new Location(new AbsoluteAddress(targetValue));
          }
          assumption = assumption.evaluate(new Context());
          RTLAssume assume = new RTLAssume(assumption, stmt);
          assume.setLabel(stmt.getLabel());
          assume.setNextLabel(nextLabel);
          // Target address sanity check
          if (nextLabel.getAddress().getValue() < 10L) {
            logger.warn("Control flow from " + stmt.getLabel() + " reaches address " + nextLabel.getAddress() + "!");
          }

          results.add(new CFAEdge(assume.getLabel(), assume.getNextLabel(), assume, Kind.MAY));
        }

        // Add all edges from under-approximation

        for (Tuple<RTLNumber> pair : dcs.projection(stmt.getCondition(), stmt.getTargetExpression())) {
          RTLNumber conditionValue = pair.get(0);
          RTLNumber targetValue = pair.get(1);
          Location nextLabel;
          // Start building the assume expression: assume correct condition case
          assert conditionValue != null;
          RTLExpression assumption =
              ExpressionFactory.createEqual(stmt.getCondition(), conditionValue);
          if (conditionValue.equals(ExpressionFactory.FALSE)) {
            // assume (condition = false), and set next statement to fallthrough
            nextLabel = stmt.getNextLabel();
          } else {
            assert targetValue != null;

            // Translate real library addresses into stub addresses. Necessary because the static analysis component
            // does not know about concrete import addresses, so it uses a stub system.
            if (!isProgramAddress(targetValue)) {
              logger.debug(dcs.getLocation() + ": Jumping out of module to " + targetValue.toHexString());

              // Attempt to map this out-of-module location to a stub
              if (realToStub.containsKey(targetValue)) {
                // If we saw this concrete address before, replace it by the known stub
                logger.debug("Replacing concrete target " + targetValue.toHexString() + " with stub to " + program.getSymbolFor(new AbsoluteAddress(realToStub.get(targetValue))));
                targetValue = realToStub.get(targetValue);
              } else {

                // Check the statically produced edges for one that is not yet mapped to a concrete address.
                // If the over-approximation resolved an import to a stub, it's going to be contained.
                boolean foundStub = false;
                for (CFAEdge e : results) {
                  RTLNumber staticTarget = e.getTarget().getAddress().toNumericConstant();
                  if (!isProgramAddress(staticTarget) && !stubToReal.containsKey(staticTarget)) {
                    // Take the first one that's neither taken nor in the program
                    // TODO: This could map the wrong addresses in some (hopefully) rare cases depending on analysis order
                    stubToReal.put(staticTarget, targetValue);
                    realToStub.put(targetValue, staticTarget);
                    targetValue = staticTarget;
                    foundStub = true;
                    break;
                  }
                }

                if (!foundStub) {
                  // If we have not found anything suitable, we need to create a new stub
                  // FIXME: The new stub will likely have incorrect stack height adjustment.
                  //        We should extract that information from the trace.

                  logger.info(dcs.getLocation() + ": Creating new stub for unknown function at " + targetValue.toHexString());
                  RTLNumber stubTarget = Program.getProgram().getProcAddress("JAK_UNKNOWN", "proc" + targetValue.toHexString()).toNumericConstant();
                  stubToReal.put(stubTarget, targetValue);
                  realToStub.put(targetValue, stubTarget);
                  targetValue = stubTarget;
                }
              }

            }

            // assume (condition = true AND targetExpression = targetValue)
            assumption = ExpressionFactory.createAnd(
                assumption,
                ExpressionFactory.createEqual(
                    stmt.getTargetExpression(),
                    targetValue)
                );
            // set next label to jump target
            nextLabel = new Location(new AbsoluteAddress(targetValue));
          }
          assumption = assumption.evaluate(new Context());
          RTLAssume assume = new RTLAssume(assumption, stmt);
          assume.setLabel(stmt.getLabel());
          assume.setNextLabel(nextLabel);
View Full Code Here
294
295
296
297
298
299
300
  protected Set<CFAEdge> resolveGoto(AbstractState a, RTLGoto stmt) {
    throw new UnsupportedOperationException("Not used");
  }

  private boolean isProgramAddress(RTLNumber n) {
    return program.getModule(new AbsoluteAddress(n.longValue())) != null;
  }
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
      sink = sinks.pick();
    } else if (sinks.size() == 0) {
      throw new RuntimeException("CFA has no sink!");
    } else {
      // Generate artificial exit node
      sink = new Location(new AbsoluteAddress(0xFFFFFF01L));
      for (Location l : sinks) {
        reverseCFA.put(sink, new CFAEdge(l, sink, new RTLSkip()));
      }
    }
  }
View Full Code Here
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
    SetMultimap<AbsoluteAddress, CFAEdge> branchEdges = HashMultimap.create();
    SetMultimap<AbsoluteAddress, CFAEdge> branchEdgesRev = HashMultimap.create();
    if (!Options.noGraphs.getValue()) {
      for (CFAEdge e : program.getCFA()) {
        AbsoluteAddress sourceAddr = e.getSource().getAddress();
        AbsoluteAddress targetAddr = e.getTarget().getAddress();
        if (program.getInstruction(sourceAddr) instanceof BranchInstruction && !sourceAddr.equals(targetAddr)) {
          branchEdges.put(sourceAddr, e);
          branchEdgesRev.put(targetAddr, e);
        }
      }
    }
   
    try {
      FileWriter out = new FileWriter(filename);
      for (Map.Entry<AbsoluteAddress,Instruction> entry : program.getAssemblyMap().entrySet()) {
        AbsoluteAddress pc = entry.getKey();
        Instruction instr = entry.getValue();
        StringBuilder sb = new StringBuilder();
        SymbolFinder symFinder = program.getModule(pc).getSymbolFinder();
        if (symFinder.hasSymbolFor(pc)) {
          sb.append(Characters.NEWLINE);
          sb.append(symFinder.getSymbolFor(pc));
          sb.append(":").append(Characters.NEWLINE);
        }
        sb.append(pc).append(":\t");
        sb.append(instr.toString(pc.getValue(), symFinder));
       
        if (instr instanceof BranchInstruction) {
          Set<CFAEdge> targets = branchEdges.get(pc);
          sb.append("\t; targets: ");
          if (targets.isEmpty()) {
View Full Code Here
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
 
  public void writeAssemblyCFG(String filename) {
    Set<CFAEdge> edges = new HashSet<CFAEdge>();
    Set<Location> nodes = new HashSet<Location>();
    for (CFAEdge e : program.getCFA()) {
      AbsoluteAddress sourceAddr = e.getSource().getAddress();
      AbsoluteAddress targetAddr = e.getTarget().getAddress();
      if (!sourceAddr.equals(targetAddr)) {
        edges.add(e);
        nodes.add(e.getSource());
        nodes.add(e.getTarget());
      }
    }
   
    // Create dot file
    GraphWriter gwriter = createGraphWriter(filename);
    if (gwriter == null) return;

    logger.info("Writing assembly CFG to " + gwriter.getFilename());
    try {
      for (Location node : nodes) {
        AbsoluteAddress nodeAddr = node.getAddress();
        Instruction instr = program.getInstruction(nodeAddr);
        String nodeName = nodeAddr.toString();
        String nodeLabel = program.getSymbolFor(nodeAddr);
       
        if (instr != null) {
          String instrString = instr.toString(nodeAddr.getValue(), program.getModule(nodeAddr).getSymbolFinder());
          instrString = instrString.replace("\t", " ");
          gwriter.writeNode(nodeName, nodeLabel + "\\n" + instrString, getNodeProperties(node));
        } else {
          gwriter.writeNode(nodeName, nodeLabel, getNodeProperties(node));
        }
      }

      for (CFAEdge e : edges) {
        if (e.getKind() == null) logger.error("Null kind? " + e);
        AbsoluteAddress sourceAddr = e.getSource().getAddress();
        AbsoluteAddress targetAddr = e.getTarget().getAddress();
       
        String label = null;
        Instruction instr = program.getInstruction(sourceAddr);
       
        if (instr instanceof BranchInstruction) {
          BranchInstruction bi = (BranchInstruction)instr;
          if (bi.isConditional()) {
            // Get the original goto from the program (not the converted assume)
            RTLStatement rtlGoto = program.getStatement(e.getSource());
           
            // If this is the fall-through edge, output F, otherwise T
            label = targetAddr.equals(rtlGoto.getNextLabel().getAddress()) ? "F" : "T";
          }
        }
       
        if (label != null)
          gwriter.writeLabeledEdge(sourceAddr.toString(),
              targetAddr.toString(),
              label,
              e.getKind().equals(CFAEdge.Kind.MAY) ? Color.BLACK : Color.GREEN);
        else
          gwriter.writeEdge(sourceAddr.toString(),
              targetAddr.toString(),
              e.getKind().equals(CFAEdge.Kind.MAY) ? Color.BLACK : Color.GREEN);
      }

      gwriter.close();
    } catch (IOException e) {
View Full Code Here
225
226
227
228
229
230
231
232
233
234
235
    int callingConvention = CDECL;
    int stackIncrement = 0;
    boolean returns = true;

    impId += 0x10;
    AbsoluteAddress address = new AbsoluteAddress(STUB_BASE + impId);

    StatementSequence seq = new StatementSequence();
   
    if (library.equals(jakstab_internal)) {
     
View Full Code Here
355
356
357
358
359
360
361
362
363
364
365
    return address;
  }

  @Override
  public AbsoluteAddress resolveSymbol(String library, String symbol) {
    AbsoluteAddress functionAddress;
    if (library == null) {
      // no library means this symbol comes from an obj.
     
      // We currently allow a trick for objs to refer directly to external library variables
      // The format is: jakstab$link$library_ext$symbol
View Full Code Here
411
412
413
414
415
416
417
418
419
420
421
          else return sym;
        }
       
        @Override
        public String getSymbolFor(long address) {
          return getSymbolFor(new AbsoluteAddress(address));
        }
      };
    }
    return symFinder;
  }
View Full Code Here
47
48
49
50
51
52
53
  public RawModule(File file, Architecture architecture) throws IOException {
    logger.info("Loading image as raw binary...");
    InputStream inStream = new FileInputStream(file);
    inBuf = new BinaryFileInputBuffer(inStream);
    baseAddress = new AbsoluteAddress(0x0);
  }
View Full Code Here
75
76
77
78
79
80
81
    return va.getValue() - baseAddress.getValue();
  }

  @Override
  public AbsoluteAddress getMaxAddress() {
    return new AbsoluteAddress(baseAddress.getValue() + inBuf.getSize());
  }
View Full Code Here
TOP

Related Classes of org.jakstab.asm.AbsoluteAddress

  • org.jakstab.analysis.callstack.CallStackStateTest
  • org.jakstab.analysis.explicit.BoundedAddressTracking
  • org.jakstab.analysis.explicit.NumberValuation
  • org.jakstab.analysis.PartitionedMemory
  • org.jakstab.analysis.tracereplay.TraceReplayAnalysis
  • org.jakstab.analysis.tracereplay.TraceReplayState
  • org.jakstab.cfa.AlternatingStateTransformerFactory
  • org.jakstab.cfa.OptimisticStateTransformerFactory
  • org.jakstab.cfa.PessimisticBasicBlockFactory
  • org.jakstab.cfa.PessimisticStateTransformerFactory
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.