Dev/data refs/base

bcd/bcd_angr.py

@@ -6,6 +6,9 @@
 from bcd.data_ref_function_pair_property_calculator import DataRefFunctionPairPropertyCalulator
 from bcd.call_function_pair_property_calculator import CallFunctionPairPropertyCalulator
 from bcd.sections import Section
+
+import itertools
+
 class BCDangr:
 
     def __init__(self, bin_path):

bcd/data_ref_function_pair_property_calculator.py

@@ -38,15 +38,13 @@ def compute_function_data_references(self, func_address):
         base_address = self._proj.loader.main_object.min_addr
         #print(hex(base_address))
         instructions = []
-        cfg = self._proj.analyses.CFGEmulated(start=func_address, call_depth=0, normalize=True)
-
+        func = self._cfg.functions.function(addr=func_address)
+        func_blocks = sorted(func.blocks, key=lambda b: b.addr) # Apparrently blocks aren't sorted by default
 
-        for node in cfg.graph.nodes():
-            #print(node.addr)
-            if node.block is not None:
-                for ins in node.block.capstone.insns:
+        for block in func_blocks:
+            for ins in block.capstone.insns:
 
-                    instructions.append(ins)
+                instructions.append(ins)
 
         for instruct in instructions:
             if 'rip' in instruct.op_str and '[' in instruct.op_str :
@@ -56,7 +54,6 @@ def compute_function_data_references(self, func_address):
                     if 'rip' in part:
                         whole_address = part.split("[")[-1][:-1]
                         if '+' in whole_address:
-                            #print(whole_address)
                             if instructions.index(instruct)+1 < len(instructions):
                                 offset = whole_address.split("+")[-1].strip()
                                 rip = instructions[instructions.index(instruct)+1].address
@@ -115,4 +112,4 @@ def common_elements(self, l1, l2):
 
 
 
-
+

binaries/test_binaries/src/test001.c

@@ -35,7 +35,7 @@ void f3(void)
 void f4(void)
 {
 	gc1 = 'a';
-	
+
 }
 
 void f5(void)
@@ -57,6 +57,21 @@ void f7(void)
 	gc4 = 'e';
 }
 
+void f8(void)
+{
+	int i;
+	gc2 = 'a';
+	for (i = 0; i < 10; i++) {
+		gc2 = gc2 + i;
+	}
+}
+
+void f9(void) {
+	char tmp1 = gc1;
+	char tmp2 = gc2;
+	char tmp3 = gc3;
+}
+
 int main(void)
 {
 	f1();

tests/test_call_function_pair_property_calculator.py

@@ -1,23 +1,28 @@
 from nose.tools import *
 import os
 import angr
+from elftools.elf.elffile import ELFFile
 
 from bcd.call_function_pair_property_calculator import CallFunctionPairPropertyCalulator
+from bcd.sections import Section
 
 
 test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'binaries', 'test_binaries', 'bin')
 
 def test001():
     elf_file_path = os.path.join(test_location, 'test001')
 
+    elffile = ELFFile(open(elf_file_path, 'rb'))
     proj = angr.Project(elf_file_path, auto_load_libs=False)
     cfg = proj.analyses.CFGFast(normalize=True)
 
     func_list = sorted(cfg.functions.keys())
 
     func_name_to_index = {cfg.functions.function(addr=func_addr).name: i for i, func_addr in enumerate(func_list)}
 
-    cfpp = CallFunctionPairPropertyCalulator(proj, cfg, func_list)
+    sections = elffile.iter_sections()
+    section_offsets = [Section(sec).compute_section_offsets() for sec in sections]
+    cfpp = CallFunctionPairPropertyCalulator(proj, cfg, func_list, section_offsets)
 
     p = _func_name_get_property('f1', 'f2', func_name_to_index, cfpp)
     assert_equal(p, 1)

tests/test_data_reference_function_pair_property_calculator.py

@@ -0,0 +1,65 @@
+from nose.tools import *
+import os
+import angr
+from elftools.elf.elffile import ELFFile
+
+from bcd.data_ref_function_pair_property_calculator import DataRefFunctionPairPropertyCalulator
+from bcd.sections import Section
+
+
+test_location = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'binaries', 'test_binaries', 'bin')
+
+def test001():
+    elf_file_path = os.path.join(test_location, 'test001')
+
+    elffile = ELFFile(open(elf_file_path, 'rb'))
+    proj = angr.Project(elf_file_path, auto_load_libs=False)
+    cfg = proj.analyses.CFGFast(normalize=True)
+
+    func_list = sorted(cfg.functions.keys())
+
+    func_name_to_index = {cfg.functions.function(addr=func_addr).name: i for i, func_addr in enumerate(func_list)}
+
+    sections = elffile.iter_sections()
+    section_offsets = [Section(sec).compute_section_offsets() for sec in sections]
+    drfpp = DataRefFunctionPairPropertyCalulator(proj, cfg, func_list, section_offsets)
+
+    p = _func_name_get_property('f1', 'f2', func_name_to_index, drfpp)
+    assert_equal(p, 0)
+
+    p = _func_name_get_property('f1', 'f4', func_name_to_index, drfpp)
+    assert_equal(p, 0)
+
+    p = _func_name_get_property('f5', 'f4', func_name_to_index, drfpp)
+    assert_equal(p, 1)
+
+    p = _func_name_get_property('f4', 'f6', func_name_to_index, drfpp)
+    assert_equal(p, 1)
+
+    p = _func_name_get_property('f6', 'f4', func_name_to_index, drfpp)
+    assert_equal(p, 1)
+
+    p = _func_name_get_property('f6', 'f7', func_name_to_index, drfpp)
+    assert_equal(p, 2)
+
+    p = _func_name_get_property('f7', 'f2', func_name_to_index, drfpp)
+    assert_equal(p, 0)
+
+    p = _func_name_get_property('f4', 'f7', func_name_to_index, drfpp)
+    assert_equal(p, 0)
+
+    p = _func_name_get_property('f7', 'f8', func_name_to_index, drfpp)
+    assert_equal(p, 1)
+
+    p = _func_name_get_property('f6', 'f9', func_name_to_index, drfpp)
+    assert_equal(p, 3)
+
+
+def _func_name_get_property(func1_name, func2_name, func_name_to_index, drfpp):
+    i = func_name_to_index[func1_name]
+    j = func_name_to_index[func2_name]
+    print(drfpp.get_property(i, j))
+    p = len(drfpp.get_property(i, j))
+    return p
+
+