-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathbir.py
389 lines (308 loc) · 8.9 KB
/
bir.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
#!/usr/bin/env python
"""BIR - BAP Intermediate Representation"""
try:
from collections.abc import Sequence,Mapping
except ImportError:
from collections import Sequence,Mapping
from .adt import *
from .bil import *
from . import noeval_parser
class Project(ADT) :
"""A collection of data associated with a disassembled program"""
@property
def attrs(self) :
"""A dictionary of attributes that are global to a project.
Example:
>>> file = proj.attrs['filename']
"""
return self.arg[0]
@property
def sections(self) :
"""code and data sections of a file.
Often a binary is split into several named sections. This is
the mapping from names (that varies by particular, underlying
file format, and data, that represents the section)
Example:
>>> code = proj.sections['.text']
"""
return self.arg[1]
@property
def memmap(self) :
"""a mapping from memory regions to arbitrary attributes.
Some facts may be discovered about a particular memory region
and attributed to it.
"""
return self.arg[2]
@property
def program(self) :
"""a program in BAP Intermediate Representation (BIR)"""
return self.arg[3]
class Term(ADT) :
"""Term(id,attrs,...) a program term.
Every term has a dictionary of attributes, associated with it, and
a unique term identifier.
"""
@property
def id(self) :
"term.id() -> Tid(id,name)"
return self.arg[0]
@property
def attrs(self) : return self.arg[1]
class Program(Term) :
"""Program(id,attrs,Subs(s1,s2,..,sN))
A program is a term that contains a set of subroutines."""
@property
def subs(self) : return self.arg[2]
class Sub(Term) :
"""Sub(id,Attrs(...),name,Args(...),Blks(...))
A subroutine has a sequence of arguments and basic blocks
"""
@property
def name(self) :
"subroutine name"
return self.arg[2]
@property
def args(self) :
"a list of subroutine arguments"
return self.arg[3]
@property
def blks(self) :
"subroutine basic blocks, the first is the entry"
return self.arg[4]
class Arg(Term) :
"""Arg(id,attrs,lhs,rhs,intent=None) - a subroutine argument"""
@property
def var(self) :
"""a variable associated with the argument, e.g.,
>>> main = proj.subs.find('main')
>>> main.args[0].var.name
'main_argc'
"""
return self.arg[2]
@property
def exp(self) :
"a BIL expression associated with the argument"
return self.arg[3]
@property
def intent(self) :
"an instance of Intent class or None if unknown"
None if len(self.arg) == 4 else self.arg[4]
class Blk(Term) :
"""Blk(id,attrs,(p1,..,pL),(d1,..,dM),(j1,..,jN))
A basic block is a sequence of phi-nodes, defintions and jumps.
"""
@property
def phis(self) :
"phi-nodes"
return self.arg[2]
@property
def defs(self) :
"definitions"
return self.arg[3]
@property
def jmps(self) :
"jumps"
return self.arg[4]
class Def(Term) :
"Def(id,attrs,Var(lhs),Exp(rhs)) assign rhs to lhs"
@property
def lhs(self) :
"an assigned variable"
return self.arg[2]
@property
def rhs(self) :
"value expression"
return self.arg[3]
class Jmp(Term) :
"Jmp(id,attrs,cond,target) base class for jump terms"
@property
def cond(self) :
"guard condition"
return self.arg[2]
@property
def target(self) :
"jump target"
return self.arg[3]
class Goto(Jmp) :
"Goto(id,attrs,cond,target) control flow local to a subroutine"
pass
class Call(Jmp) :
"""Call(id,attrs,(calee,returns))
a transfer of control flow to another subroutine"""
@property
def calee(self) :
"call destination"
return self.target[0]
@property
def returns(self) :
"a basic block to which a call will return if ever"
return self.target[1] if len(self.target[1]) == 2 else None
class Ret(Jmp) :
"Ret(id,attrs,label) - return from a call"
pass
class Exn(Jmp) :
"Exn(id,attrs,(number,next)) - CPU exception"
@property
def number(self) :
"exception number"
return self.target[0]
@property
def next(self) :
"""next instruction to be executed after the
exception handler finishes"""
return self.target[1]
class Label(ADT) : pass
class Direct(Label) :
"Direct(tid) a statically known target of a jump"
pass
class Indirect(Label) :
"Indirect(exp) indirect jump that is computed at runtime"
pass
class Intent(ADT) :
"argument intention"
pass
class In(Intent) :
"input argument"
pass
class Out(Intent) :
"output argument"
pass
class Both(Intent) :
"input/output argument"
pass
class Phi(Term) :
"""Phi(id,attrs,lhs,Values(b1,..,bM))) a term whose value
depends on chosen control flow path"""
@property
def lhs(self) :
"defined variable"
return self.arg[2]
@property
def value(self) :
"""a mapping from the tid of the preceeding block to
an expression that defines a value of phi-node"""
return self.arg[3]
class Def(Term) :
"Def(id,attrs,lhs,rhs) - assignment"
@property
def lhs(self) :
"program variable to be assigned"
return self.arg[2]
@property
def rhs(self) :
"value expression"
return self.arg[3]
class Attrs(Map) :
"A mapping from attribute names to attribute values"
pass
class Attr(ADT) :
"""Attribute is a pair of attribute name and value,
both represented with str"""
@property
def name(self):
"""name of attribute"""
return self.arg[0]
@property
def value(self):
"""value of attribute"""
return self.arg[1]
class Values(Map) :
"""A set of possible values, taken by a phi-node.
It is a mapping from the tid of a preceeding block,
to an expression that denotes a value.
"""
def __init__(self, *args):
super(Map, self).__init__(args) # pylint: disable=bad-super-call
self.elements = dict(args[0])
class Tid(ADT) :
"""Tid(id,name=None) term unique identifier.
name is an optional human readable identifier, that
doesn't affect the identity.
"""
def __init__(self,*args):
super(Tid,self).__init__(*args)
noname = not isinstance(self.arg, tuple)
self.number = self.arg if noname else self.arg[0]
self.name = None if noname else self.arg[1]
def __cmp__(self, other):
return cmp(self.number, other.number)
def __hash__(self):
return hash(self.number)
class Subs(Seq) :
"a set of subroutines"
pass
class Args(Seq) :
"sequence of arguments"
pass
class Blks(Seq) :
"sequence of basic blocks"
pass
class Phis(Seq) :
"sequence of phi-nodes"
pass
class Defs(Seq) :
"sequence of definitions"
pass
class Jmps(Seq) :
"sequence of jump terms"
pass
class Memmap(Seq) :
"sequence of memory annotations "
pass
class Region(ADT) :
"Region(beg,end) a pair of addresses, that denote a memory region"
@property
def beg(self) : return self.arg[0]
@property
def end(self) : return self.arg[1]
class Section(ADT,Sequence) :
"""A contiguous piece of memory in a process image"""
@property
def name(self) :
"name associated with the section"
return self.arg[0]
@property
def beg(self) :
"starting address"
return self.arg[1]
@property
def data(self) :
"an array of bytes"
return self.arg[2]
@property
def end(self) :
"an address of last byte"
return self.beg + len(self.data)
def __getitem__(self,i) :
return self.data.__getitem__(i)
def __len__(self) :
return self.data.__len__()
class Sections(ADT,Mapping) :
" a mapping from names to sections"
def __init__(self, *args):
super(Sections, self).__init__(args)
self.elements = dict((x.name,x) for x in args[0])
def __getitem__(self,i) :
return self.elements.__getitem__(i)
def __len__(self) :
return self.elements.__len__()
def __iter__(self) :
return self.elements.__iter__()
class Annotation(ADT) :
"""Annotation(Region(beg,end), Attr(name,value))
Each annotation denotes an association between a memory region and
some arbitrary property, denoted with an attribute.
"""
@property
def region(self):
"""memory region"""
return self.arg[0]
@property
def attr(self):
"""memory region attribute"""
return self.arg[1]
def parse_addr(str):
return int(str.split(':')[0],16)
def loads(s):
"loads bir object from string"
return noeval_parser.parser(s)