├── rune ├── src │ ├── engine │ │ ├── hook.rs │ │ ├── breakpt.rs │ │ └── engine.rs │ ├── explorer │ │ ├── explorer.rs │ │ └── dfs.rs │ ├── memory │ │ ├── memory.rs │ │ └── qword_mem.rs │ ├── lib.rs │ ├── regstore │ │ └── regstore.rs │ ├── utils │ │ └── logger.rs │ └── stream │ │ └── mod.rs ├── rustfmt.toml ├── Cargo.toml ├── LICENSE-MIT ├── examples │ └── simple_example.rs └── README.md ├── esil-rs ├── fuzz │ ├── .gitignore │ ├── Cargo.toml │ └── fuzzers │ │ └── parser.rs ├── rustfmt.toml ├── Cargo.toml ├── src │ ├── lib.rs │ └── vm.rs ├── LICENSE └── README.md ├── radeco-lib ├── test_files │ ├── bin1_filesource │ │ ├── bin1_locals_4195384.json │ │ ├── bin1_locals_4195440.json │ │ ├── bin1_locals_4195456.json │ │ ├── bin1_locals_4195472.json │ │ ├── bin1_locals_4195488.json │ │ ├── bin1_locals_4195504.json │ │ ├── bin1_locals_4195552.json │ │ ├── bin1_locals_4195600.json │ │ ├── bin1_locals_4195664.json │ │ ├── bin1_locals_4195696.json │ │ ├── bin1_locals_4195888.json │ │ ├── bin1_locals_4196000.json │ │ ├── bin1_locals_4196004.json │ │ ├── bin1_libraries.json │ │ ├── bin1_entrypoint.json │ │ ├── bin1_ccinfo_4195384.json │ │ ├── bin1_ccinfo_4195440.json │ │ ├── bin1_ccinfo_4195456.json │ │ ├── bin1_ccinfo_4195472.json │ │ ├── bin1_ccinfo_4195488.json │ │ ├── bin1_ccinfo_4195504.json │ │ ├── bin1_ccinfo_4195552.json │ │ ├── bin1_ccinfo_4195600.json │ │ ├── bin1_ccinfo_4195664.json │ │ ├── bin1_ccinfo_4195696.json │ │ ├── bin1_ccinfo_4195741.json │ │ ├── bin1_ccinfo_4195888.json │ │ ├── bin1_ccinfo_4196000.json │ │ ├── bin1_ccinfo_4196004.json │ │ ├── bin1_insts_0x4006A0.json │ │ ├── bin1_insts_0x400470.json │ │ ├── bin1_insts_0x400480.json │ │ ├── bin1_insts_0x400490.json │ │ ├── bin1_insts_0x4004A0.json │ │ ├── bin1_function_sym.__libc_csu_fini.json │ │ ├── bin1_function_sym.imp.puts.json │ │ ├── bin1_function_loc.imp.__gmon_start.json │ │ ├── bin1_function_sym.imp.__isoc99_scanf.json │ │ ├── bin1_function_sym.imp.__libc_start_main.json │ │ ├── bin1_locals_4195741.json │ │ ├── bin1_imports.json │ │ ├── bin1_insts_0x4006A4.json │ │ ├── bin1_relocs.json │ │ ├── bin1_function_sym._fini.json │ │ ├── bin1_strings.json │ │ ├── bin1_insts_0x400438.json │ │ ├── bin1_function_sym._init.json │ │ ├── bin1_insts_0x400550.json │ │ ├── bin1_function_sym.__do_global_dtors_aux.json │ │ ├── bin1_insts_0x4004B0.json │ │ ├── bin1_function_entry0.json │ │ ├── bin1_insts_0x400570.json │ │ ├── bin1_function_entry1.init.json │ │ ├── bin1_insts_0x4004E0.json │ │ ├── bin1_function_sym.deregister_tm_clones.json │ │ ├── bin1_out │ │ │ └── main.c │ │ ├── bin1_insts_0x400510.json │ │ ├── bin1_function_sym.register_tm_clones.json │ │ ├── bin1_sections.json │ │ └── bin1_fn_info.json │ ├── ct1_sccp_ex │ │ ├── ct1_sccp_ex_insts_0x400420.json │ │ ├── ct1_sccp_ex_insts_0x4004C0.json │ │ ├── ct1_sccp_ex_insts_0x4005B0.json │ │ ├── ct1_sccp_ex_insts_0x4003C0.json │ │ ├── ct1_sccp_ex_insts_0x4003D0.json │ │ ├── ct1_sccp_ex_insts_0x4005B4.json │ │ ├── ct1_sccp_ex_insts_0x4003E0.json │ │ ├── ct1_sccp_ex_insts_0x400390.json │ │ ├── ct1_sccp_ex_insts_0x4004A0.json │ │ ├── ct1_sccp_ex_insts_0x4003F0.json │ │ ├── ct1_sccp_ex_insts_0x400460.json │ │ ├── ct1_sccp_ex_insts_0x4004E6.json │ │ ├── ct1_sccp_ex_fn_info.json │ │ └── ct1_sccp_ex_sections.json │ ├── file │ ├── bin_file │ │ ├── bin_file_insts_0x1F5F.json │ │ ├── bin_file_insts_0x1620.json │ │ ├── bin_file_insts_0x16A0.json │ │ ├── bin_file_insts_0x1630.json │ │ ├── bin_file_insts_0x1650.json │ │ ├── bin_file_insts_0x1680.json │ │ ├── bin_file_insts_0x16B0.json │ │ ├── bin_file_insts_0x16F0.json │ │ ├── bin_file_insts_0x1700.json │ │ ├── bin_file_insts_0x1710.json │ │ ├── bin_file_insts_0x1740.json │ │ ├── bin_file_insts_0x1770.json │ │ ├── bin_file_insts_0x1790.json │ │ ├── bin_file_insts_0x17C0.json │ │ ├── bin_file_insts_0x1820.json │ │ ├── bin_file_insts_0x1830.json │ │ ├── bin_file_insts_0x1840.json │ │ ├── bin_file_insts_0x1870.json │ │ ├── bin_file_insts_0x1610.json │ │ ├── bin_file_insts_0x1640.json │ │ ├── bin_file_insts_0x1660.json │ │ ├── bin_file_insts_0x1670.json │ │ ├── bin_file_insts_0x1690.json │ │ ├── bin_file_insts_0x16C0.json │ │ ├── bin_file_insts_0x16E0.json │ │ ├── bin_file_insts_0x1720.json │ │ ├── bin_file_insts_0x1730.json │ │ ├── bin_file_insts_0x1750.json │ │ ├── bin_file_insts_0x1760.json │ │ ├── bin_file_insts_0x17A0.json │ │ ├── bin_file_insts_0x17B0.json │ │ ├── bin_file_insts_0x17D0.json │ │ ├── bin_file_insts_0x17E0.json │ │ ├── bin_file_insts_0x17F0.json │ │ ├── bin_file_insts_0x1800.json │ │ ├── bin_file_insts_0x1810.json │ │ ├── bin_file_insts_0x1860.json │ │ ├── bin_file_insts_0x16D0.json │ │ ├── bin_file_insts_0x1780.json │ │ ├── bin_file_insts_0x1850.json │ │ ├── bin_file_insts_0x2D94.json │ │ ├── bin_file_insts_0x1880.json │ │ ├── bin_file_insts_0x15E8.json │ │ ├── bin_file_insts_0x1A5F.json │ │ ├── bin_file_insts_0x2640.json │ │ ├── bin_file_insts_0x2670.json │ │ ├── bin_file_insts_0x1890.json │ │ ├── bin_file_insts_0x1E94.json │ │ ├── bin_file_insts_0x24F5.json │ │ ├── bin_file_insts_0x1E4C.json │ │ └── bin_file_sections.json │ ├── tiny_sccp_test_instructions.json │ └── mt1_instructions.json ├── src │ ├── middle │ │ ├── ir_reader │ │ │ ├── .gitignore │ │ │ ├── parser_util.rs │ │ │ ├── mod.rs │ │ │ └── simple_ast.rs │ │ ├── mod.rs │ │ ├── ssa │ │ │ ├── utils.rs │ │ │ └── ssaquote.rs │ │ └── regfile │ │ │ └── regusage.rs │ ├── analysis │ │ ├── functions │ │ │ └── mod.rs │ │ ├── tie │ │ │ └── mod.rs │ │ ├── interproc │ │ │ ├── transfer.rs │ │ │ └── mod.rs │ │ ├── propagate │ │ │ ├── control.rs │ │ │ ├── mod.rs │ │ │ └── data.rs │ │ ├── valueset │ │ │ ├── sintmultiple.rs │ │ │ ├── uintrange.rs │ │ │ ├── math │ │ │ │ ├── test.rs │ │ │ │ └── mod.rs │ │ │ ├── sintrange.rs │ │ │ └── knownbits.rs │ │ ├── dom │ │ │ ├── mod.rs │ │ │ └── index.rs │ │ ├── vsa │ │ │ ├── abstract_set │ │ │ │ ├── bdd.rs │ │ │ │ └── polynomial.rs │ │ │ └── mod.rs │ │ ├── mod.rs │ │ ├── inst_combine │ │ │ └── combine_rules.rs │ │ └── mask2narrow.rs │ ├── backend │ │ ├── lang_c │ │ │ ├── mod.rs │ │ │ └── test.rs │ │ ├── mod.rs │ │ ├── ctrl_flow_struct │ │ │ ├── ast.rs │ │ │ └── ast_context.rs │ │ └── x86 │ │ │ └── x86_idioms.rs │ ├── frontend │ │ ├── mod.rs │ │ └── imports.rs │ └── lib.rs ├── rustfmt.toml ├── ex-bins │ ├── bin1 │ ├── key │ ├── simple │ ├── simple2 │ ├── tachikoma │ ├── constprop.o │ ├── constprop.asm │ ├── simple.c │ └── simple2.c ├── build.rs ├── analysis │ └── patterns ├── tests │ ├── test1.rs │ └── lib.rs ├── examples │ ├── constraint_solver.rs │ └── project.rs ├── Cargo.toml └── COPYING ├── .gitignore ├── radeco ├── rustfmt.toml ├── .gitignore ├── tests │ └── hello │ │ ├── hello.c │ │ └── Makefile ├── Makefile ├── plugin │ └── Makefile ├── src │ ├── highlighting.rs │ └── cli.rs ├── Cargo.toml ├── README.md ├── COPYING └── build.rs ├── arch-rs ├── src │ ├── os │ │ ├── linux.rs │ │ └── os.rs │ ├── lib.rs │ ├── arch │ │ ├── x86.rs │ │ └── arch.rs │ └── cc │ │ └── cdecl.rs ├── Cargo.toml ├── README.md └── examples │ └── x86_register_file.rs ├── scripts ├── genpng.sh ├── gensvg.sh ├── gh-pages.sh ├── bug-digger.sh └── install-dependencies.sh ├── specs └── README.md ├── Cargo.toml ├── .appveyor.yml └── README.md /rune/src/engine/hook.rs: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /rune/src/engine/breakpt.rs: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /esil-rs/fuzz/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | target 3 | corpus 4 | artifacts 5 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195384.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195440.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195456.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195472.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195488.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195504.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195552.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195600.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195664.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195696.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195888.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4196000.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4196004.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x400420.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4004C0.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /radeco-lib/src/middle/ir_reader/.gitignore: -------------------------------------------------------------------------------- 1 | parser.rs 2 | parser.report -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_libraries.json: -------------------------------------------------------------------------------- 1 | ["libc.so.6"] -------------------------------------------------------------------------------- /rune/rustfmt.toml: -------------------------------------------------------------------------------- 1 | format_strings = true 2 | reorder_imports = true 3 | -------------------------------------------------------------------------------- /radeco-lib/rustfmt.toml: -------------------------------------------------------------------------------- 1 | format_strings = true 2 | reorder_imports = true 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | Cargo.lock 3 | *.swp 4 | outputs 5 | *.dot 6 | *.orig 7 | -------------------------------------------------------------------------------- /radeco/rustfmt.toml: -------------------------------------------------------------------------------- 1 | format_strings = true 2 | reorder_imports = true 3 | max_width = 100 4 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/bin1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/bin1 -------------------------------------------------------------------------------- /radeco-lib/ex-bins/key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/key -------------------------------------------------------------------------------- /radeco-lib/src/analysis/functions/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod fix_ssa_opcalls; 2 | pub mod infer_regusage; 3 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/simple: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/simple -------------------------------------------------------------------------------- /arch-rs/src/os/linux.rs: -------------------------------------------------------------------------------- 1 | use os::os::OS; 2 | 3 | pub struct Linux { } 4 | 5 | impl OS for Linux { 6 | } 7 | -------------------------------------------------------------------------------- /esil-rs/rustfmt.toml: -------------------------------------------------------------------------------- 1 | format_strings = false 2 | reorder_imports = true 3 | take_source_hints = false 4 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/simple2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/simple2 -------------------------------------------------------------------------------- /radeco-lib/ex-bins/tachikoma: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/tachikoma -------------------------------------------------------------------------------- /radeco-lib/test_files/file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/test_files/file -------------------------------------------------------------------------------- /radeco/.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | plugin/radeco_pde.dylib 3 | plugin/radeco_pde.so 4 | plugin/radeco_pde.dll 5 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/constprop.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/radareorg/radeco/HEAD/radeco-lib/ex-bins/constprop.o -------------------------------------------------------------------------------- /scripts/genpng.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Script to generate PNGs from dot file. 4 | dot -Tpng $1 -o $1.png 5 | -------------------------------------------------------------------------------- /scripts/gensvg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Script to generate SVGs from dot file. 4 | dot -Tsvg $1 -o $1.svg 5 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/constprop.asm: -------------------------------------------------------------------------------- 1 | mov rax, 2048 2 | cmp rax, 2048 3 | je equal 4 | add rax, 1 5 | equal: 6 | mov rbx, rax 7 | ret 8 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/simple.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char **argv) { 2 | if (argc&1) { return argc*argc; } 3 | else { return argc+4; } 4 | } 5 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_entrypoint.json: -------------------------------------------------------------------------------- 1 | [{"vaddr":4195504,"paddr":1200,"baddr":4194304,"laddr":0,"haddr":24,"etype":null}] -------------------------------------------------------------------------------- /esil-rs/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "esil" 3 | version = "0.1.0" 4 | authors = ["Sushant "] 5 | edition = "2018" 6 | -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4005B0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195760,"opcode":"ret","type":"ret","size":2}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195384.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195440.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195456.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195472.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195488.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195504.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195552.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195600.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195664.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195696.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195741.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4195888.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4196000.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_ccinfo_4196004.json: -------------------------------------------------------------------------------- 1 | {"ret":"rax","args":["rdi","rsi","rdx","rcx","r8","r9"],"float_args":["xmm0","xmm1","xmm2","xmm3","xmm4"]} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x4006A0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4196000,"opcode":"ret","type":"ret","size":2,"bytes":"f3c3"}] -------------------------------------------------------------------------------- /radeco-lib/build.rs: -------------------------------------------------------------------------------- 1 | extern crate lalrpop; 2 | 3 | fn main() { 4 | lalrpop::Configuration::new().process_file("src/middle/ir_reader/parser.lalrpop").unwrap(); 5 | } 6 | -------------------------------------------------------------------------------- /radeco/tests/hello/hello.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(int argc, char **argv) { 4 | if (argc>2) { 5 | printf ("Hello World\n"); 6 | } 7 | return 0; 8 | } 9 | -------------------------------------------------------------------------------- /radeco-lib/ex-bins/simple2.c: -------------------------------------------------------------------------------- 1 | int main(int argc, char **argv) { 2 | int x; 3 | if (argc&1) { x = (((argc|5)+8)|23)+1; } 4 | else { x = (argc+4)&0x77; } 5 | return (*argv) = x << 3; 6 | } 7 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400470.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x200ba2,rip,+,[8],rip,=","offset":4195440,"opcode":"jmp qword [rip + 0x200ba2]","type":"ujmp","size":6,"bytes":"ff25a20b2000"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400480.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x200b9a,rip,+,[8],rip,=","offset":4195456,"opcode":"jmp qword [rip + 0x200b9a]","type":"ujmp","size":6,"bytes":"ff259a0b2000"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400490.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x200b92,rip,+,[8],rip,=","offset":4195472,"opcode":"jmp qword [rip + 0x200b92]","type":"ujmp","size":6,"bytes":"ff25920b2000"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x4004A0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x200b8a,rip,+,[8],rip,=","offset":4195488,"opcode":"jmp qword [rip + 0x200b8a]","type":"ujmp","size":6,"bytes":"ff258a0b2000"}] -------------------------------------------------------------------------------- /arch-rs/src/os/os.rs: -------------------------------------------------------------------------------- 1 | //! Defines the `Operating System` trait 2 | //! A structure implementing this trait will provide APIs to 3 | //! get specific information about itself. 4 | 5 | pub trait OS { 6 | } 7 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.__libc_csu_fini.json: -------------------------------------------------------------------------------- 1 | {"addr":4196000,"name":"sym.__libc_csu_fini","ops":[{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4196000,"opcode":"ret","type":"ret","size":2,"bytes":"f3c3"}],"size":2} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1F5F.json: -------------------------------------------------------------------------------- 1 | [{"esil":"1,0x28,rsp,+,=[4]","offset":8031,"opcode":"mov dword [rsp + 0x28], 1","type":"mov","size":8},{"esil":"0x1a5f,rip,=","offset":8039,"opcode":"jmp loc.00001a5f","type":"jmp","size":5}] -------------------------------------------------------------------------------- /scripts/gh-pages.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cargo doc --no-deps && \ 3 | echo "" > ./target/doc/index.html && \ 4 | ghp-import -n target/doc && \ 5 | git push -f origin gh-pages 6 | -------------------------------------------------------------------------------- /radeco-lib/src/middle/ir_reader/parser_util.rs: -------------------------------------------------------------------------------- 1 | pub fn str_to_u16(s: &str, radix: u32) -> u16 { 2 | u16::from_str_radix(s, radix).unwrap() 3 | } 4 | 5 | pub fn str_to_u64(s: &str, radix: u32) -> u64 { 6 | u64::from_str_radix(s, radix).unwrap() 7 | } 8 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.imp.puts.json: -------------------------------------------------------------------------------- 1 | {"addr":4195440,"name":"sym.imp.puts","ops":[{"esil":"0x200ba2,rip,+,[8],rip,=","offset":4195440,"opcode":"jmp qword [rip + 0x200ba2]","type":"ujmp","size":6,"bytes":"ff25a20b2000"}],"size":6} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_loc.imp.__gmon_start.json: -------------------------------------------------------------------------------- 1 | {"addr":4195472,"name":"loc.imp.__gmon_start","ops":[{"esil":"0x200b92,rip,+,[8],rip,=","offset":4195472,"opcode":"jmp qword [rip + 0x200b92]","type":"ujmp","size":6,"bytes":"ff25920b2000"}],"size":6} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.imp.__isoc99_scanf.json: -------------------------------------------------------------------------------- 1 | {"addr":4195488,"name":"sym.imp.__isoc99_scanf","ops":[{"esil":"0x200b8a,rip,+,[8],rip,=","offset":4195488,"opcode":"jmp qword [rip + 0x200b8a]","type":"ujmp","size":6,"bytes":"ff258a0b2000"}],"size":6} -------------------------------------------------------------------------------- /radeco/tests/hello/Makefile: -------------------------------------------------------------------------------- 1 | RADECO=../../target/debug/radeco 2 | STAGES=r2,esil,cfg,ssa,const,dce 3 | 4 | all: 5 | $(MAKE) clean 6 | $(CC) hello.c -o hello 7 | r2 -qc '#!pipe $(RADECO) -p $(STAGES)' hello 8 | find hello_out 9 | 10 | clean: 11 | rm -rf hello_out 12 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.imp.__libc_start_main.json: -------------------------------------------------------------------------------- 1 | {"addr":4195456,"name":"sym.imp.__libc_start_main","ops":[{"esil":"0x200b9a,rip,+,[8],rip,=","offset":4195456,"opcode":"jmp qword [rip + 0x200b9a]","type":"ujmp","size":6,"bytes":"ff259a0b2000"}],"size":6} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_locals_4195741.json: -------------------------------------------------------------------------------- 1 | [{"name":"local_ch","kind":"var","type":"int","ref":{"base":"rbp","offset":-12}},{"name":"local_8h","kind":"var","type":"int","ref":{"base":"rbp","offset":-8}},{"name":"local_4h","kind":"var","type":"int","ref":{"base":"rbp","offset":-4}}] -------------------------------------------------------------------------------- /radeco/Makefile: -------------------------------------------------------------------------------- 1 | all: 2 | make -C . uninstall 3 | make -C . install 4 | make -C plugin all 5 | 6 | run: 7 | cargo run 8 | 9 | install: 10 | cargo install --force 11 | make -C plugin 12 | 13 | uninstall: 14 | cargo uninstall 15 | make -C plugin uninstall 16 | 17 | clean: 18 | cargo clean 19 | -------------------------------------------------------------------------------- /arch-rs/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "arch" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | [dependencies] 7 | lazy_static = "1.4.0" 8 | 9 | [dependencies.r2api] 10 | git = "https://github.com/radare/radare2-r2pipe-api" 11 | 12 | [dependencies.r2pipe] 13 | git = "https://github.com/radareorg/r2pipe.rs" 14 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1620.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039fa,rip,+,[8],rip,=","offset":5664,"opcode":"jmp qword [reloc.free_32]","type":"ujmp","size":6},{"esil":"1,8,rsp,-=,rsp,=[8]","offset":5670,"opcode":"push 1","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5675,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16A0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039ba,rip,+,[8],rip,=","offset":5792,"opcode":"jmp qword [reloc.fclose_96]","type":"ujmp","size":6},{"esil":"9,8,rsp,-=,rsp,=[8]","offset":5798,"opcode":"push 9","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5803,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/tie/mod.rs: -------------------------------------------------------------------------------- 1 | //! Implements Type Inference for SSA. 2 | //! 3 | //! For more details about the algorithm and working, please read original 4 | //! paper titled "TIE: Principled Reverse Engineering of Types in Binary 5 | //! Programs" by Brumley et al. 6 | 7 | #![allow(dead_code)] 8 | 9 | pub mod structs; 10 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1630.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039f2,rip,+,[8],rip,=","offset":5680,"opcode":"jmp qword [reloc.magic_list_40]","type":"ujmp","size":6},{"esil":"2,8,rsp,-=,rsp,=[8]","offset":5686,"opcode":"push 2","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5691,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1650.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039e2,rip,+,[8],rip,=","offset":5712,"opcode":"jmp qword [reloc.strncmp_56]","type":"ujmp","size":6},{"esil":"4,8,rsp,-=,rsp,=[8]","offset":5718,"opcode":"push 4","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5723,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1680.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039ca,rip,+,[8],rip,=","offset":5760,"opcode":"jmp qword [reloc.magic_load_80]","type":"ujmp","size":6},{"esil":"7,8,rsp,-=,rsp,=[8]","offset":5766,"opcode":"push 7","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5771,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16B0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039b2,rip,+,[8],rip,=","offset":5808,"opcode":"jmp qword [reloc.strlen_104]","type":"ujmp","size":6},{"esil":"10,8,rsp,-=,rsp,=[8]","offset":5814,"opcode":"push 0xa","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5819,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16F0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203992,rip,+,[8],rip,=","offset":5872,"opcode":"jmp qword [reloc.mbrtowc_136]","type":"ujmp","size":6},{"esil":"14,8,rsp,-=,rsp,=[8]","offset":5878,"opcode":"push 0xe","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5883,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1700.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20398a,rip,+,[8],rip,=","offset":5888,"opcode":"jmp qword [reloc.strchr_144]","type":"ujmp","size":6},{"esil":"15,8,rsp,-=,rsp,=[8]","offset":5894,"opcode":"push 0xf","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5899,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1710.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203982,rip,+,[8],rip,=","offset":5904,"opcode":"jmp qword [reloc.rewind_152]","type":"ujmp","size":6},{"esil":"16,8,rsp,-=,rsp,=[8]","offset":5910,"opcode":"push 0x10","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5915,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1740.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20396a,rip,+,[8],rip,=","offset":5952,"opcode":"jmp qword [reloc.fputs_176]","type":"ujmp","size":6},{"esil":"19,8,rsp,-=,rsp,=[8]","offset":5958,"opcode":"push 0x13","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5963,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1770.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203952,rip,+,[8],rip,=","offset":6000,"opcode":"jmp qword [reloc.strcmp_200]","type":"ujmp","size":6},{"esil":"22,8,rsp,-=,rsp,=[8]","offset":6006,"opcode":"push 0x16","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6011,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1790.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203942,rip,+,[8],rip,=","offset":6032,"opcode":"jmp qword [reloc.strtol_216]","type":"ujmp","size":6},{"esil":"24,8,rsp,-=,rsp,=[8]","offset":6038,"opcode":"push 0x18","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6043,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17C0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20392a,rip,+,[8],rip,=","offset":6080,"opcode":"jmp qword [reloc.fflush_240]","type":"ujmp","size":6},{"esil":"27,8,rsp,-=,rsp,=[8]","offset":6086,"opcode":"push 0x1b","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6091,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1820.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038fa,rip,+,[8],rip,=","offset":6176,"opcode":"jmp qword [reloc.fopen_32]","type":"ujmp","size":6},{"esil":"33,8,rsp,-=,rsp,=[8]","offset":6182,"opcode":"push 0x21","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6187,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1830.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038f2,rip,+,[8],rip,=","offset":6192,"opcode":"jmp qword [reloc.exit_40]","type":"ujmp","size":6},{"esil":"34,8,rsp,-=,rsp,=[8]","offset":6198,"opcode":"push 0x22","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6203,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1840.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038ea,rip,+,[8],rip,=","offset":6208,"opcode":"jmp qword [reloc.fwrite_48]","type":"ujmp","size":6},{"esil":"35,8,rsp,-=,rsp,=[8]","offset":6214,"opcode":"push 0x23","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6219,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1870.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038d2,rip,+,[8],rip,=","offset":6256,"opcode":"jmp qword [reloc.strstr_72]","type":"ujmp","size":6},{"esil":"38,8,rsp,-=,rsp,=[8]","offset":6262,"opcode":"push 0x26","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6267,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1610.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203912,rip,+,[8],rip,=","offset":6128,"opcode":"jmp qword [reloc.setlocale_8]","type":"ujmp","size":6},{"esil":"30,8,rsp,-=,rsp,=[8]","offset":6134,"opcode":"push 0x1e","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6139,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1640.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039ea,rip,+,[8],rip,=","offset":5696,"opcode":"jmp qword [reloc.__errno_location_48]","type":"ujmp","size":6},{"esil":"3,8,rsp,-=,rsp,=[8]","offset":5702,"opcode":"push 3","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5707,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1660.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039da,rip,+,[8],rip,=","offset":5728,"opcode":"jmp qword [reloc.secure_getenv_64]","type":"ujmp","size":6},{"esil":"5,8,rsp,-=,rsp,=[8]","offset":5734,"opcode":"push 5","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5739,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1670.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039d2,rip,+,[8],rip,=","offset":5744,"opcode":"jmp qword [reloc.magic_compile_72]","type":"ujmp","size":6},{"esil":"6,8,rsp,-=,rsp,=[8]","offset":5750,"opcode":"push 6","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5755,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1690.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039c2,rip,+,[8],rip,=","offset":5776,"opcode":"jmp qword [reloc.magic_setparam_88]","type":"ujmp","size":6},{"esil":"8,8,rsp,-=,rsp,=[8]","offset":5782,"opcode":"push 8","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5787,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16C0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039aa,rip,+,[8],rip,=","offset":5824,"opcode":"jmp qword [reloc.magic_file_112]","type":"ujmp","size":6},{"esil":"11,8,rsp,-=,rsp,=[8]","offset":5830,"opcode":"push 0xb","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5835,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16E0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20399a,rip,+,[8],rip,=","offset":5856,"opcode":"jmp qword [reloc.getopt_long_128]","type":"ujmp","size":6},{"esil":"13,8,rsp,-=,rsp,=[8]","offset":5862,"opcode":"push 0xd","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5867,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1720.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20397a,rip,+,[8],rip,=","offset":5920,"opcode":"jmp qword [reloc._IO_putc_160]","type":"ujmp","size":6},{"esil":"17,8,rsp,-=,rsp,=[8]","offset":5926,"opcode":"push 0x11","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5931,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1730.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203972,rip,+,[8],rip,=","offset":5936,"opcode":"jmp qword [reloc.strrchr_168]","type":"ujmp","size":6},{"esil":"18,8,rsp,-=,rsp,=[8]","offset":5942,"opcode":"push 0x12","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5947,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1750.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203962,rip,+,[8],rip,=","offset":5968,"opcode":"jmp qword [reloc.magic_error_184]","type":"ujmp","size":6},{"esil":"20,8,rsp,-=,rsp,=[8]","offset":5974,"opcode":"push 0x14","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5979,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1760.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20395a,rip,+,[8],rip,=","offset":5984,"opcode":"jmp qword [reloc.__getdelim_192]","type":"ujmp","size":6},{"esil":"21,8,rsp,-=,rsp,=[8]","offset":5990,"opcode":"push 0x15","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5995,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17A0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20393a,rip,+,[8],rip,=","offset":6048,"opcode":"jmp qword [reloc.magic_check_224]","type":"ujmp","size":6},{"esil":"25,8,rsp,-=,rsp,=[8]","offset":6054,"opcode":"push 0x19","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6059,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17B0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203932,rip,+,[8],rip,=","offset":6064,"opcode":"jmp qword [reloc.wcwidth_232]","type":"ujmp","size":6},{"esil":"26,8,rsp,-=,rsp,=[8]","offset":6070,"opcode":"push 0x1a","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6075,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17D0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203922,rip,+,[8],rip,=","offset":6096,"opcode":"jmp qword [reloc.magic_close_248]","type":"ujmp","size":6},{"esil":"28,8,rsp,-=,rsp,=[8]","offset":6102,"opcode":"push 0x1c","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6107,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17E0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20391a,rip,+,[8],rip,=","offset":6112,"opcode":"jmp qword [reloc.magic_getpath_0]","type":"ujmp","size":6},{"esil":"29,8,rsp,-=,rsp,=[8]","offset":6118,"opcode":"push 0x1d","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6123,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x17F0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203912,rip,+,[8],rip,=","offset":6128,"opcode":"jmp qword [reloc.setlocale_8]","type":"ujmp","size":6},{"esil":"30,8,rsp,-=,rsp,=[8]","offset":6134,"opcode":"push 0x1e","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6139,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1800.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20390a,rip,+,[8],rip,=","offset":6144,"opcode":"jmp qword [reloc.__printf_chk_16]","type":"ujmp","size":6},{"esil":"31,8,rsp,-=,rsp,=[8]","offset":6150,"opcode":"push 0x1f","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6155,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1810.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x203902,rip,+,[8],rip,=","offset":6160,"opcode":"jmp qword [reloc.magic_open_24]","type":"ujmp","size":6},{"esil":"32,8,rsp,-=,rsp,=[8]","offset":6166,"opcode":"push 0x20","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6171,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1860.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038da,rip,+,[8],rip,=","offset":6240,"opcode":"jmp qword [reloc.strerror_64]","type":"ujmp","size":6},{"esil":"37,8,rsp,-=,rsp,=[8]","offset":6246,"opcode":"push 0x25","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6251,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x16D0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2039a2,rip,+,[8],rip,=","offset":5840,"opcode":"jmp qword [reloc.__stack_chk_fail_120]","type":"ujmp","size":6},{"esil":"12,8,rsp,-=,rsp,=[8]","offset":5846,"opcode":"push 0xc","type":"push","size":5},{"esil":"0x1600,rip,=","offset":5851,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1780.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20394a,rip,+,[8],rip,=","offset":6016,"opcode":"jmp qword [reloc.magic_version_208]","type":"ujmp","size":6},{"esil":"23,8,rsp,-=,rsp,=[8]","offset":6022,"opcode":"push 0x17","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6027,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1850.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2038e2,rip,+,[8],rip,=","offset":6224,"opcode":"jmp qword [reloc.__fprintf_chk_56]","type":"ujmp","size":6},{"esil":"36,8,rsp,-=,rsp,=[8]","offset":6230,"opcode":"push 0x24","type":"push","size":5},{"esil":"0x1600,rip,=","offset":6235,"opcode":"jmp 0x1600","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4003C0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20053a,rip,+,[8],rip,=","offset":4195264,"opcode":"jmp qword [0x00600900]","type":"ujmp","size":6},{"esil":"0,8,rsp,-=,rsp,=[8]","offset":4195270,"opcode":"push 0","type":"push","size":5},{"esil":"0x4003b0,rip,=","offset":4195275,"opcode":"jmp 0x4003b0","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4003D0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x200532,rip,+,[8],rip,=","offset":4195280,"opcode":"jmp qword [0x00600908]","type":"ujmp","size":6},{"esil":"1,8,rsp,-=,rsp,=[8]","offset":4195286,"opcode":"push 1","type":"push","size":5},{"esil":"0x4003b0,rip,=","offset":4195291,"opcode":"jmp 0x4003b0","type":"jmp","size":5}] -------------------------------------------------------------------------------- /specs/README.md: -------------------------------------------------------------------------------- 1 | # Specs 2 | 3 | This folder contains official documentation about the various components of 4 | radeco-lib. Note that these are not source-level documentation and present a 5 | higher level abstraction of the system to 6 | explain the design and soundness of the same. All algorithms presented must be 7 | language or implementation independent. 8 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_imports.json: -------------------------------------------------------------------------------- 1 | [{"bind":"GLOBAL","name":"puts","ordinal":1,"plt":4195440,"type":"FUNC"},{"bind":"GLOBAL","name":"__libc_start_main","ordinal":2,"plt":4195456,"type":"FUNC"},{"bind":"WEAK","name":"__gmon_start__","ordinal":3,"plt":4195472,"type":"NOTYPE"},{"bind":"GLOBAL","name":"__isoc99_scanf","ordinal":4,"plt":4195488,"type":"FUNC"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x2D94.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":11668,"opcode":"sub rsp, 8","type":"sub","size":4},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":11672,"opcode":"add rsp, 8","type":"add","size":4},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":11676,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/interproc/transfer.rs: -------------------------------------------------------------------------------- 1 | //! Defines transfer and propagate traits used for interprocess analysis. 2 | 3 | use crate::frontend::radeco_containers::RadecoModule; 4 | 5 | pub trait InterProcAnalysis { 6 | fn new() -> Self; 7 | fn transfer(&mut self, _: &mut RadecoModule, _: u64); 8 | fn propagate(&mut self, _: &mut RadecoModule, _: u64); 9 | } 10 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/propagate/control.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/sintmultiple.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4005B4.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195764,"opcode":"sub rsp, 8","type":"sub","size":4},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195768,"opcode":"add rsp, 8","type":"add","size":4},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195772,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/propagate/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | pub mod data; 9 | -------------------------------------------------------------------------------- /arch-rs/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(non_camel_case_types)] 2 | #![recursion_limit="256"] 3 | 4 | extern crate r2api; 5 | 6 | #[macro_use] pub mod utils; 7 | 8 | pub mod arch { 9 | pub mod arch; 10 | pub mod x86; 11 | } 12 | 13 | pub mod cc { 14 | pub mod calling_convention; 15 | pub mod cdecl; 16 | } 17 | 18 | pub mod regfile { 19 | pub mod regfile; 20 | pub mod x86regfile; 21 | } 22 | -------------------------------------------------------------------------------- /esil-rs/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | pub mod lexer; 9 | pub mod parser; 10 | //pub mod memory; 11 | -------------------------------------------------------------------------------- /scripts/bug-digger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Script used to trigger a potential bug 4 | # Usage: ./bug-digger.sh "YOURCOMMAND" 5 | # Example: ./bug-digger.sh "cargo test analysis::valueset::fixcall::test::fix_test -- --nocapture" 6 | 7 | num=0 8 | echo "Begin" 9 | while [ $? -eq 0 ] 10 | do 11 | echo $num 12 | num=`expr $num + 1` 13 | $1 > /tmp/out 14 | done 15 | 16 | # Output err 17 | cat /tmp/out 18 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x4006A4.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4196004,"opcode":"sub rsp, 8","type":"sub","size":4,"bytes":"4883ec08"},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4196008,"opcode":"add rsp, 8","type":"add","size":4,"bytes":"4883c408"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4196012,"opcode":"ret","type":"ret","size":1,"bytes":"c3"}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/propagate/data.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | pub trait DataOperator { 9 | fn join(inputs: &[T]) -> T; 10 | } 11 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_relocs.json: -------------------------------------------------------------------------------- 1 | [{"is_ifunc":false,"name":"__gmon_start__","paddr":4088,"type":"SET_64","vaddr":6295544},{"is_ifunc":false,"name":"puts","paddr":4120,"type":"SET_64","vaddr":6295576},{"is_ifunc":false,"name":"__libc_start_main","paddr":4128,"type":"SET_64","vaddr":6295584},{"is_ifunc":false,"name":"__gmon_start__","paddr":4136,"type":"SET_64","vaddr":6295592},{"is_ifunc":false,"name":"__isoc99_scanf","paddr":4144,"type":"SET_64","vaddr":6295600}] -------------------------------------------------------------------------------- /radeco-lib/src/backend/lang_c/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | pub mod c_ast; 9 | pub mod c_cfg; 10 | pub mod c_cfg_builder; 11 | 12 | #[cfg(test)] 13 | mod test; 14 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym._fini.json: -------------------------------------------------------------------------------- 1 | {"addr":4196004,"name":"sym._fini","ops":[{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4196004,"opcode":"sub rsp, 8","type":"sub","size":4,"bytes":"4883ec08"},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4196008,"opcode":"add rsp, 8","type":"add","size":4,"bytes":"4883c408"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4196012,"opcode":"ret","type":"ret","size":1,"bytes":"c3"}],"size":9} -------------------------------------------------------------------------------- /radeco-lib/analysis/patterns: -------------------------------------------------------------------------------- 1 | (OpNarrow1 (OpXor #x1, (OpSub %1, %2))) => (OpEq %1, %2)) 2 | (OpNot (OpOr (OpEq %1, %2), (OpMov (OpLt %1, (OpSub %1, %2))))) => (OpGt %1, %2)) 3 | (OpNot (OpMov (OpLt %1, (OpSub %1, %2)))) => (OpOr (OpGt %1, %2), (OpEq %1, %2))) 4 | (OpMov (OpLt %1, (OpSub %1, %2))) => (OpLt %1, %2)) 5 | (OpOr (OpEq %1, %2), (OpLt %1, %2)) => (OpOr (OpLt %1, %2), (OpEq %1, %2))) 6 | (OpXor %1, %1) => (OpConst #x0)) 7 | (OpMul %1, #x0) => (OpConst #x0) 8 | (OpMul %1, #x1) => (OpConst %1) 9 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/interproc/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | mod digstack; 9 | pub mod fixcall; 10 | pub mod interproc; 11 | pub mod summary; 12 | pub mod transfer; 13 | -------------------------------------------------------------------------------- /esil-rs/fuzz/Cargo.toml: -------------------------------------------------------------------------------- 1 | 2 | [package] 3 | name = "esil-fuzz" 4 | version = "0.0.1" 5 | authors = ["Radeco Developers"] 6 | publish = false 7 | 8 | [package.metadata] 9 | cargo-fuzz = true 10 | 11 | [dependencies.esil] 12 | path = ".." 13 | [dependencies.libfuzzer-sys] 14 | git = "https://github.com/rust-fuzz/libfuzzer-sys.git" 15 | 16 | # Prevent this from interfering with workspaces 17 | [workspace] 18 | members = ["."] 19 | 20 | [[bin]] 21 | name = "parser" 22 | path = "fuzzers/parser.rs" 23 | -------------------------------------------------------------------------------- /scripts/install-dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # This is because Travis CI uses very old GCC version 4 | # which still not have C99 as a default. 5 | # .travis.yml has installation instructions for gcc-7 6 | # Thus we enable it as a default compiler for dependencies 7 | export CC=gcc-7 8 | export CXX=g++-7 9 | 10 | echo "[*] Getting radare2" 11 | git clone https://github.com/radare/radare2 || exit 1 12 | cd radare2 || exit 1 13 | ./sys/install.sh || exit 1 14 | echo "[*] radare2 install success" 15 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_strings.json: -------------------------------------------------------------------------------- 1 | [{"length":8,"ordinal":0,"paddr":1716,"section":".rodata","size":9,"string":"JWQgJWQgJWQ=","vaddr":4196020,"type":"ascii"},{"length":5,"ordinal":1,"paddr":1725,"section":".rodata","size":6,"string":"Tm9wZS4=","vaddr":4196029,"type":"ascii"},{"length":7,"ordinal":2,"paddr":1731,"section":".rodata","size":8,"string":"U3VjY2Vzcw==","vaddr":4196035,"type":"ascii"},{"length":5,"ordinal":3,"paddr":1739,"section":".rodata","size":6,"string":"RmFpbCE=","vaddr":4196043,"type":"ascii"}] -------------------------------------------------------------------------------- /arch-rs/README.md: -------------------------------------------------------------------------------- 1 | ### arch-rs 2 | 3 | arch-rs is a reusable, modular library aimed for radare-rust users for importing 4 | architecture and operating system specific information for their projects. 5 | 6 | ### Examples 7 | 8 | Usage examples are available in the [examples](https://github.com/radare/arch-rs/tree/master/examples) tab. 9 | 10 | ### Docs 11 | 12 | Docs can be generated using `cargo doc`. 13 | 14 | ### Contributing 15 | 16 | Please take a look at the issues tab to contribute patches and help the project ! 17 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/dom/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | pub mod domtree; 9 | /// Module for computing dominance and post-dominance information 10 | mod index; 11 | 12 | pub use self::domtree::DomTree; 13 | -------------------------------------------------------------------------------- /rune/src/engine/engine.rs: -------------------------------------------------------------------------------- 1 | //! Defines traits and structs that perform the actual symbolic emulation. 2 | 3 | #[derive(Clone, Copy, Debug)] 4 | pub enum EngineError { 5 | Undefined, 6 | InCorrectOperand, 7 | } 8 | 9 | pub type EngineResult = Result; 10 | 11 | pub trait Engine: Sized { 12 | fn run(&mut self) -> EngineResult<()>; 13 | } 14 | 15 | pub trait Configure { 16 | type For: Engine; 17 | fn configure(_: &mut Self::For) -> EngineResult<()> { 18 | Ok(()) 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /radeco-lib/src/backend/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Components converting SSA to more high level representations. 9 | 10 | pub mod lang_c; 11 | pub mod x86 { 12 | pub mod x86_idioms; 13 | } 14 | pub mod ctrl_flow_struct; 15 | -------------------------------------------------------------------------------- /radeco-lib/src/frontend/mod.rs: -------------------------------------------------------------------------------- 1 | //! Implements methods and structs required to go from binary to SSA 2 | //! 3 | //! Also acts a gateway for users to use the library. Check containers 4 | //! submodule for more information. 5 | 6 | pub mod ssaconstructor; 7 | 8 | // Old/deprecated 9 | pub mod containers; 10 | pub mod source; 11 | /*********************/ 12 | 13 | // New replacements 14 | pub mod radeco_containers; 15 | pub mod radeco_source; 16 | 17 | pub mod bindings; 18 | // pub mod instruction_analyzer; 19 | pub mod imports; 20 | pub mod llanalyzer; 21 | -------------------------------------------------------------------------------- /rune/src/explorer/explorer.rs: -------------------------------------------------------------------------------- 1 | //! Defines traits that guides the symbolic emulator 2 | 3 | use crate::context::context::Context; 4 | use std::fmt::Debug; 5 | 6 | use crate::context::context::RegisterRead; 7 | 8 | pub trait PathExplorer { 9 | type C: Clone + Debug; 10 | type Ctx: Context; 11 | 12 | fn new() -> Self; 13 | fn next(&mut self, _: &mut Self::Ctx) -> Self::C; 14 | fn next_job(&mut self, _: &mut Self::Ctx) -> Option; 15 | 16 | fn register_branch(&mut self, _: &mut Self::Ctx, _: ::VarRef) -> Self::C; 17 | } 18 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | members = [ 3 | "arch-rs", 4 | "esil-rs", 5 | "radeco-lib", 6 | "radeco", 7 | "rune" 8 | ] 9 | exclude = [ 10 | "ex-bins", 11 | "examples", 12 | "scripts", 13 | "specs", 14 | "test_files", 15 | "tests" 16 | ] 17 | 18 | [profile.release] 19 | lto = true 20 | opt-level = 2 21 | codegen-units = 4 22 | 23 | [profile.dev] 24 | lto = false 25 | opt-level = 0 26 | codegen-units = 4 27 | 28 | # https://github.com/sfackler/rust-openssl/issues/994 29 | #[replace] 30 | #"openssl:0.9.24" = { git = "https://github.com/ishitatsuyuki/rust-openssl", branch = "0.9.x" } 31 | -------------------------------------------------------------------------------- /radeco/plugin/Makefile: -------------------------------------------------------------------------------- 1 | CFLAGS=$(shell pkg-config --cflags r_core) 2 | LDFLAGS=$(shell pkg-config --libs r_core) 3 | PLUGDIR=$(shell r2 -H R2_USER_PLUGINS) 4 | LIBEXT=$(shell r2 -H LIBEXT) 5 | PLUGNAME=radeco_pde 6 | TARGET=$(PLUGNAME).$(LIBEXT) 7 | 8 | all: 9 | $(MAKE) build 10 | $(MAKE) install 11 | 12 | build: 13 | $(CC) $(CFLAGS) $(LDFLAGS) -shared -fPIC $(PLUGNAME).c -o $(TARGET) 14 | 15 | install: 16 | mkdir -p $(PLUGDIR) 17 | rm -rf $(PLUGDIR)/$(TARGET) 18 | cp -rf $(TARGET) $(PLUGDIR)/ 19 | 20 | uninstall: 21 | rm -rf $(PLUGDIR)/$(TARGET) 22 | 23 | clean: 24 | rm -rf $(TARGET) 25 | -------------------------------------------------------------------------------- /arch-rs/examples/x86_register_file.rs: -------------------------------------------------------------------------------- 1 | extern crate arch; 2 | extern crate r2pipe; 3 | extern crate r2api; 4 | 5 | use r2pipe::r2::R2; 6 | use r2api::api_trait::R2Api; 7 | 8 | use arch::regfile::x86regfile::*; 9 | 10 | fn main() { 11 | let path = "/bin/ls"; 12 | // Open a new r2 session 13 | let mut r2 = R2::new(Some(path)).expect("Failed to spawn r2"); 14 | r2.init(); 15 | 16 | // Get register information 17 | let reg_info = r2.reg_info().unwrap(); 18 | 19 | // Create new X86RegisterFile with obtained LRegInfo 20 | let x86_reg_file = X86RegisterFile::new(®_info); 21 | println!("{:#?}", x86_reg_file); 22 | } 23 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/vsa/abstract_set/bdd.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Module that implements math operation on the BDD. 9 | //! 10 | //! More information are available from "BDD-based Value Analysis for X86 Executables". 11 | //! Please refer here: 12 | //! * https://tubdok.tub.tuhh.de/bitstream/11420/1510/1/dis.pdf 13 | //! 14 | 15 | // TODO 16 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/vsa/abstract_set/polynomial.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Module that implements math operation on the multivariate polynomial. 9 | //! 10 | //! A polynomial abstract set goes like: 11 | //! base + [a1]x1 + [a2]x2 + ... + [an]xn 12 | //! which means: 13 | //! {base + k1 * x1 + k2 * x2 + ... + kn * xn | 0 <= ki <= ai} 14 | 15 | // TODO 16 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1880.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x20375a,rip,+,[8],rip,=","offset":6272,"opcode":"jmp qword [reloc.__cxa_finalize_224]","type":"ujmp","size":6},{"esil":",","offset":6278,"opcode":"nop","type":"nop","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":6280,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":6282,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":6284,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":6286,"opcode":"add byte [rax], al","type":"add","size":2}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4003E0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x2004fa,rip,+,[8],rip,=","offset":4195296,"opcode":"jmp qword [0x006008e0]","type":"ujmp","size":6},{"esil":",","offset":4195302,"opcode":"nop","type":"nop","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":4195304,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":4195306,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":4195308,"opcode":"add byte [rax], al","type":"add","size":2},{"esil":"al,rax,+=[1],$o,of,=,$s,sf,=,$z,zf,=,$c7,cf,=,$p,pf,=","offset":4195310,"opcode":"add byte [rax], al","type":"add","size":2}] -------------------------------------------------------------------------------- /radeco-lib/src/frontend/imports.rs: -------------------------------------------------------------------------------- 1 | //! Defines structs and methods to deal with imports and dynamic linking 2 | 3 | use crate::frontend::radeco_containers::RadecoFunction; 4 | use std::borrow::Cow; 5 | use std::cell::RefCell; 6 | 7 | use std::sync::Arc; 8 | 9 | #[derive(Debug)] 10 | pub struct ImportInfo { 11 | pub plt: u64, 12 | pub name: Cow<'static, str>, 13 | pub rfn: Arc>, 14 | } 15 | 16 | impl ImportInfo { 17 | pub fn new_stub(plt: u64, name: Cow<'static, str>) -> ImportInfo { 18 | let mut rfn = RadecoFunction::default(); 19 | rfn.name = name.clone(); 20 | ImportInfo { 21 | plt: plt, 22 | name: name, 23 | rfn: Arc::new(RefCell::new(rfn)), 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/vsa/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Module that implements value set analysis on radeco IR. 9 | //! More information are available from Gogul Balakrishnan's Ph.D. Thesis. 10 | //! Please refer here: 11 | //! * https://research.cs.wisc.edu/wpis/papers/balakrishnan_thesis.pdf 12 | 13 | pub mod abstract_set { 14 | pub mod abstract_set; 15 | pub mod bdd; 16 | pub mod polynomial; 17 | pub mod strided_interval; 18 | } 19 | -------------------------------------------------------------------------------- /radeco-lib/tests/test1.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //#[test] 9 | //fn test1() { 10 | //let pipeline = vec![Pipeline::ReadFromR2, Pipeline::ParseEsil, 11 | //Pipeline::CFG, Pipeline::SSA]; 12 | 13 | //let test_name = "test1".to_string(); 14 | //let bin_name = Some("./ex-bins/simple2".to_string()); 15 | //let addr = Some("sym.main".to_string()); 16 | //let mut test = Test::new(test_name, bin_name, addr, false, pipeline); 17 | //test.run(); 18 | //test.dump(); 19 | //} 20 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x15E8.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":5608,"opcode":"sub rsp, 8","type":"sub","size":4},{"esil":"0x2039dd,rip,+,[8],rax,=","offset":5612,"opcode":"mov rax, qword [reloc.__gmon_start___208]","type":"mov","size":7},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":5619,"opcode":"test rax, rax","type":"acmp","size":3},{"esil":"zf,?{,5626,rip,=,}","offset":5622,"opcode":"je 0x15fa","type":"cjmp","size":2},{"esil":"rip,8,rsp,-=,rsp,=[],rax,rip,=","offset":5624,"opcode":"call rax","type":"ucall","size":2},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":5626,"opcode":"add rsp, 8","type":"add","size":4},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":5630,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /arch-rs/src/arch/x86.rs: -------------------------------------------------------------------------------- 1 | use r2api::structs::Endian; 2 | 3 | use crate::arch::arch::*; 4 | use crate::cc::calling_convention::*; 5 | use crate::regfile::regfile::*; 6 | 7 | /******************** 8 | * x86 architecture * 9 | * ******************/ 10 | 11 | declare_architecture!(pub struct X86 { 12 | }); 13 | 14 | register_architecture!(X86); 15 | 16 | // Barebones architecture default for x86 17 | impl Default for X86 { 18 | fn default() -> X86 { 19 | X86 { 20 | name: String::from("x86"), 21 | endian: Endian::Little, 22 | bits: 32, 23 | int_size: 32, 24 | long_size: 32, 25 | calling_convention: None, 26 | regfile: None 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /radeco-lib/src/backend/ctrl_flow_struct/ast.rs: -------------------------------------------------------------------------------- 1 | // B: basic block 2 | // C: condition 3 | // V: variable 4 | #[derive(Debug, Eq, PartialEq)] 5 | pub enum AstNode { 6 | BasicBlock(B), 7 | Seq(Vec>), 8 | Cond(C, Box>, Option>>), 9 | Loop(LoopType, Box>), 10 | Break, 11 | Switch(V, Vec<(ValueSet, AstNode)>, Box>), 12 | } 13 | 14 | #[derive(Debug, Eq, PartialEq)] 15 | pub enum LoopType { 16 | PreChecked(C), 17 | PostChecked(C), 18 | Endless, 19 | } 20 | 21 | pub type ValueSet = (); // XXX 22 | 23 | impl Default for AstNode { 24 | /// Creates a no-op node. 25 | fn default() -> Self { 26 | AstNode::Seq(Vec::new()) 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x400390.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195216,"opcode":"sub rsp, 8","type":"sub","size":4},{"esil":"0x200545,rip,+,[8],rax,=","offset":4195220,"opcode":"mov rax, qword [0x006008e0]","type":"mov","size":7},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195227,"opcode":"test rax, rax","type":"acmp","size":3},{"esil":"zf,?{,4195237,rip,=,}","offset":4195230,"opcode":"je 0x4003a5","type":"cjmp","size":2},{"esil":"rip,8,rsp,-=,rsp,=[],4195296,rip,=","offset":4195232,"opcode":"call 0x4003e0","type":"call","size":5},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195237,"opcode":"add rsp, 8","type":"add","size":4},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195241,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4004A0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0,0x200479,rip,+,[1],==,$z,zf,=,$b8,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195488,"opcode":"cmp byte [0x00600920], 0","type":"cmp","size":7},{"esil":"zf,!,?{,4195514,rip,=,}","offset":4195495,"opcode":"jne 0x4004ba","type":"cjmp","size":2},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195497,"opcode":"push rbp","type":"upush","size":1},{"esil":"rsp,rbp,=","offset":4195498,"opcode":"mov rbp, rsp","type":"mov","size":3},{"esil":"rip,8,rsp,-=,rsp,=[],4195360,rip,=","offset":4195501,"opcode":"call 0x400420","type":"call","size":5},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195506,"opcode":"pop rbp","type":"pop","size":1},{"esil":"1,0x200466,rip,+,=[1]","offset":4195507,"opcode":"mov byte [0x00600920], 1","type":"mov","size":7},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195514,"opcode":"ret","type":"ret","size":2}] -------------------------------------------------------------------------------- /radeco/src/highlighting.rs: -------------------------------------------------------------------------------- 1 | use syntect::easy::HighlightLines; 2 | use syntect::highlighting::{Style, ThemeSet}; 3 | use syntect::parsing::SyntaxSet; 4 | use syntect::util::{as_24_bit_terminal_escaped, LinesWithEndings}; 5 | 6 | lazy_static! { 7 | static ref SYNTAX_SET: SyntaxSet = { SyntaxSet::load_defaults_newlines() }; 8 | static ref THEME_SET: ThemeSet = { ThemeSet::load_defaults() }; 9 | } 10 | 11 | pub fn print_highlighted(code: &str) { 12 | let syntax = SYNTAX_SET.find_syntax_by_extension("rs").unwrap(); 13 | let mut h = HighlightLines::new(syntax, &THEME_SET.themes["base16-ocean.dark"]); 14 | for line in LinesWithEndings::from(code) { 15 | let ranges: Vec<(Style, &str)> = h.highlight(line, &SYNTAX_SET); 16 | let escaped = as_24_bit_terminal_escaped(&ranges[..], true); 17 | print!("{}", escaped); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /rune/src/memory/memory.rs: -------------------------------------------------------------------------------- 1 | 2 | use libsmt::backends::smtlib2::{SMTLib2}; 3 | use libsmt::logics::qf_abv; 4 | use r2api::structs::Endian; 5 | 6 | use std::fmt::Debug; 7 | 8 | 9 | pub trait Memory: Clone + Debug { 10 | type VarRef; 11 | 12 | /// Create a new memory instance 13 | fn new(addr_width: usize, endian: Endian) -> Self; 14 | 15 | /// Initialize memory to be a new variable with the solver 16 | fn init_memory(&mut self, solver: &mut SMTLib2); 17 | 18 | /// Read x bytes of memory at a certain location 19 | fn read(&mut self, addr: Self::VarRef, read_size: usize, solver: &mut SMTLib2) -> Self::VarRef; 20 | 21 | /// Write x bytes of memory at a certain location 22 | fn write(&mut self, addr: Self::VarRef, data: Self::VarRef, write_size: usize, solver: &mut SMTLib2); 23 | } 24 | 25 | -------------------------------------------------------------------------------- /radeco/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "radeco" 3 | version = "0.1.0" 4 | authors = [ 5 | "pancake ", 6 | "Sushant " 7 | ] 8 | edition = "2018" 9 | build = "build.rs" 10 | 11 | [build-dependencies] 12 | toml = "*" 13 | 14 | [features] 15 | default = [] 16 | trace_log = ["radeco-lib/trace_log", "log", "env_logger"] 17 | 18 | [dependencies] 19 | rustc-serialize = "*" 20 | base64 = "0.12" 21 | rustyline = "6.0" 22 | lazy_static = "1.4" 23 | clap = "2.33" 24 | syntect = "4.1" 25 | 26 | log = { version = "0.4", optional = true } 27 | env_logger = { version = "0.7", optional = true } 28 | 29 | [dependencies.r2pipe] 30 | # path = "../r2pipe.rs" 31 | git = "https://github.com/radareorg/r2pipe.rs" 32 | 33 | [dependencies.r2api] 34 | git = "https://github.com/radare/radare2-r2pipe-api" 35 | 36 | [dependencies.radeco-lib] 37 | path = "../radeco-lib" 38 | -------------------------------------------------------------------------------- /radeco-lib/src/middle/ir_reader/mod.rs: -------------------------------------------------------------------------------- 1 | //! Parses textual IL as emitted by [`ir_writer`](::middle::ir_writer). 2 | 3 | mod lowering; 4 | mod parser; 5 | mod parser_util; 6 | mod simple_ast; 7 | #[cfg(test)] 8 | mod test; 9 | 10 | use crate::middle::regfile::SubRegisterFile; 11 | use crate::middle::ssa::ssastorage::SSAStorage; 12 | 13 | use std::sync::Arc; 14 | 15 | /// Parses textual IL as emitted by [`ir_writer`](::middle::ir_writer). 16 | /// The returned SSA is empty if an error occurred. 17 | pub fn parse_il(il: &str, regfile: Arc) -> SSAStorage { 18 | let mut ret = SSAStorage::new(); 19 | ret.regfile = regfile; 20 | match parser::FunctionParser::new().parse(il) { 21 | Ok(sast) => lowering::lower_simpleast(&mut ret, sast) 22 | .unwrap_or_else(|_e| radeco_err!("Error lowering IL to SSA: {:?}", _e)), 23 | Err(_s) => radeco_err!("Error parsing IL: {}", _s), 24 | } 25 | ret 26 | } 27 | -------------------------------------------------------------------------------- /rune/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rune" 3 | version = "0.1.0" 4 | authors = ["Sushant "] 5 | edition = "2018" 6 | 7 | [features] 8 | default=[] 9 | 10 | [[bin]] 11 | name = "runec" 12 | path = "runec/main.rs" 13 | 14 | [dependencies] 15 | petgraph = "*" 16 | rustc-serialize = "*" 17 | clippy = {version = "*", optional = true} 18 | regex = "*" 19 | docopt = "*" 20 | rustyline = "*" 21 | serde = "*" 22 | serde_derive = "*" 23 | serde_json = "*" 24 | 25 | [dependencies.libsmt] 26 | git = "https://github.com/sushant94/libsmt.rs" 27 | 28 | [dependencies.radeco-lib] 29 | #git = "https://github.com/radare/radeco-lib" 30 | path = "../radeco-lib" 31 | 32 | [dependencies.esil] 33 | #git = "https://github.com/radare/esil-rs" 34 | path = "../esil-rs" 35 | 36 | [dependencies.r2pipe] 37 | git = "https://github.com/radareorg/r2pipe.rs" 38 | 39 | [dependencies.r2api] 40 | git = "https://github.com/radare/radare2-r2pipe-api" 41 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400438.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195384,"opcode":"sub rsp, 8","type":"sub","size":4,"bytes":"4883ec08"},{"esil":"0x200bb5,rip,+,[8],rax,=","offset":4195388,"opcode":"mov rax, qword [rip + 0x200bb5]","type":"mov","size":7,"bytes":"488b05b50b2000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195395,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195405,rip,=,}","offset":4195398,"opcode":"je 0x40044d","type":"cjmp","size":2,"bytes":"7405"},{"esil":"4195472,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195400,"opcode":"call 0x400490","type":"call","size":5,"bytes":"e843000000"},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195405,"opcode":"add rsp, 8","type":"add","size":4,"bytes":"4883c408"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195409,"opcode":"ret","type":"ret","size":1,"bytes":"c3"}] -------------------------------------------------------------------------------- /radeco-lib/src/middle/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Components processing data in SSA form. 9 | 10 | #[macro_use] 11 | pub mod ssa { 12 | pub mod cfg_traits; 13 | pub mod graph_traits; 14 | #[macro_use] 15 | pub mod ssa_traits; 16 | pub mod error; 17 | pub mod memoryssa; 18 | pub mod ssadot; 19 | pub mod ssastorage; 20 | pub mod utils; 21 | #[allow(non_snake_case)] 22 | pub mod verifier; 23 | } 24 | 25 | #[macro_use] 26 | pub mod dot; 27 | pub mod ir; 28 | pub mod ir_reader; 29 | #[macro_use] 30 | pub mod ir_writer; 31 | #[allow(non_snake_case)] 32 | pub mod phiplacement; 33 | pub mod regfile; 34 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym._init.json: -------------------------------------------------------------------------------- 1 | {"addr":4195384,"name":"sym._init","ops":[{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195384,"opcode":"sub rsp, 8","type":"sub","size":4,"bytes":"4883ec08"},{"esil":"0x200bb5,rip,+,[8],rax,=","offset":4195388,"opcode":"mov rax, qword [rip + 0x200bb5]","type":"mov","size":7,"bytes":"488b05b50b2000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195395,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195405,rip,=,}","offset":4195398,"opcode":"je 0x40044d","type":"cjmp","size":2,"bytes":"7405"},{"esil":"4195472,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195400,"opcode":"call 0x400490","type":"call","size":5,"bytes":"e843000000"},{"esil":"8,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195405,"opcode":"add rsp, 8","type":"add","size":4,"bytes":"4883c408"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195409,"opcode":"ret","type":"ret","size":1,"bytes":"c3"}],"size":26} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400550.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0,0x200af1,rip,+,[1],==,$z,zf,=,$b8,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195664,"opcode":"cmp byte [rip + 0x200af1], 0","type":"cmp","size":7,"bytes":"803df10a200000"},{"esil":"zf,!,?{,4195690,rip,=,}","offset":4195671,"opcode":"jne 0x40056a","type":"cjmp","size":2,"bytes":"7511"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195673,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"rsp,rbp,=","offset":4195674,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"4195552,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195677,"opcode":"call 0x4004e0","type":"call","size":5,"bytes":"e87effffff"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195682,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"1,0x200ade,rip,+,=[1]","offset":4195683,"opcode":"mov byte [rip + 0x200ade], 1","type":"mov","size":7,"bytes":"c605de0a200001"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195690,"opcode":"ret","type":"ret","size":2,"bytes":"f3c3"}] -------------------------------------------------------------------------------- /esil-rs/src/vm.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | /// Design decisions for Parser and VM. 9 | /// 10 | /// Idea1: 11 | /// ``` 12 | /// evaluator = Evaluator::new(); 13 | /// p = Parser::init(&evaluator); 14 | /// p.parse("eax, ebx, +="); 15 | /// p.parse("ecx, eax, ="); 16 | /// p.results(); 17 | /// ``` 18 | /// 19 | /// Idea2: 20 | /// ``` 21 | /// p = Parser::new(); 22 | /// evaluator = Evaluator::init(&p); 23 | /// evaluator.run() 24 | /// 25 | /// impl Evaluator { 26 | /// fn run() { 27 | /// self.p.parse(&self, insts); 28 | /// // "a,b,+=,$z,zf,=" 29 | /// } 30 | /// } 31 | /// ``` 32 | /// 33 | /// 34 | /// 35 | /// 36 | /// ----------- 37 | /// | Evaluator| <-> | Parser | 38 | /// ____________ 39 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Module that implements analysis and optimizations on radeco IR. 9 | 10 | pub mod analyzer; 11 | pub mod engine; 12 | 13 | #[allow(dead_code)] 14 | // pub mod valueset; 15 | // pub mod propagate; 16 | pub mod dce; 17 | pub mod dom; 18 | pub mod sccp; 19 | pub mod cse { 20 | pub mod cse; 21 | pub mod ssasort; 22 | } 23 | 24 | #[macro_use] 25 | pub mod matcher { 26 | #[macro_use] 27 | pub mod gmatch; 28 | } 29 | 30 | pub mod arithmetic; 31 | pub mod constraint_set; 32 | pub mod copy_propagation; 33 | pub mod functions; 34 | pub mod inst_combine; 35 | pub mod interproc; 36 | pub mod mask2narrow; 37 | pub mod reference_marking; 38 | pub mod tie; 39 | pub mod vsa; 40 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.__do_global_dtors_aux.json: -------------------------------------------------------------------------------- 1 | {"addr":4195664,"name":"sym.__do_global_dtors_aux","ops":[{"esil":"0,0x200af1,rip,+,[1],==,$z,zf,=,$b8,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195664,"opcode":"cmp byte [rip + 0x200af1], 0","type":"cmp","size":7,"bytes":"803df10a200000"},{"esil":"zf,!,?{,4195690,rip,=,}","offset":4195671,"opcode":"jne 0x40056a","type":"cjmp","size":2,"bytes":"7511"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195673,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"rsp,rbp,=","offset":4195674,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"4195552,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195677,"opcode":"call 0x4004e0","type":"call","size":5,"bytes":"e87effffff"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195682,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"1,0x200ade,rip,+,=[1]","offset":4195683,"opcode":"mov byte [rip + 0x200ade], 1","type":"mov","size":7,"bytes":"c605de0a200001"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195690,"opcode":"ret","type":"ret","size":2,"bytes":"f3c3"}],"size":28} -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4003F0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"ebp,ebp,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rbp,&=","offset":4195312,"opcode":"xor ebp, ebp","type":"xor","size":2},{"esil":"rdx,r9,=","offset":4195314,"opcode":"mov r9, rdx","type":"mov","size":3},{"esil":"rsp,[8],rsi,=,8,rsp,+=","offset":4195317,"opcode":"pop rsi","type":"pop","size":1},{"esil":"rsp,rdx,=","offset":4195318,"opcode":"mov rdx, rsp","type":"mov","size":3},{"esil":"-16,rsp,&=,$0,of,=,$0,cf,=,$z,zf,=,$s,sf,=,$o,pf,=","offset":4195321,"opcode":"and rsp, 0xfffffffffffffff0","type":"and","size":4},{"esil":"rax,8,rsp,-=,rsp,=[8]","offset":4195325,"opcode":"push rax","type":"upush","size":1},{"esil":"rsp,8,rsp,-=,rsp,=[8]","offset":4195326,"opcode":"push rsp","type":"upush","size":1},{"esil":"4195760,r8,=","offset":4195327,"opcode":"mov r8, 0x4005b0","type":"mov","size":7},{"esil":"4195648,rcx,=","offset":4195334,"opcode":"mov rcx, 0x400540","type":"mov","size":7},{"esil":"4195558,rdi,=","offset":4195341,"opcode":"mov rdi, 0x4004e6","type":"mov","size":7},{"esil":"rip,8,rsp,-=,rsp,=[],4195280,rip,=","offset":4195348,"opcode":"call 0x4003d0","type":"call","size":5}] -------------------------------------------------------------------------------- /radeco-lib/examples/constraint_solver.rs: -------------------------------------------------------------------------------- 1 | // Examples to illustrate project loading 2 | 3 | extern crate radeco_lib; 4 | 5 | use radeco_lib::analysis::constraint_set::{Constraint, ConstraintSet}; 6 | use radeco_lib::middle::ssa::ssa_traits::ValueType; 7 | 8 | fn main() { 9 | { 10 | let mut cs = ConstraintSet::::default(); 11 | //cs.bind(&[0, 1, 2, 3, 4, 5, 6, 7, 8]); 12 | 13 | cs.add_constraint(Constraint::Equality( 14 | 4, 15 | Box::new(Constraint::Value(ValueType::Reference)), 16 | )); 17 | cs.add_constraint(Constraint::Equality( 18 | 0, 19 | Box::new(Constraint::Value(ValueType::Reference)), 20 | )); 21 | 22 | cs.add_constraint(Constraint::Equality(7, Box::new(Constraint::Union(4, 8)))); 23 | cs.add_constraint(Constraint::Equality(0, Box::new(Constraint::Union(1, 2)))); 24 | cs.add_constraint(Constraint::Equality(1, Box::new(Constraint::Union(3, 4)))); 25 | cs.add_constraint(Constraint::Equality(2, Box::new(Constraint::Union(5, 6)))); 26 | 27 | cs.solve(); 28 | println!("{:?}", cs); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /radeco-lib/test_files/tiny_sccp_test_instructions.json: -------------------------------------------------------------------------------- 1 | {"name":"entry0","size":28,"addr":384,"ops":[{"offset":384,"fcn_addr":384,"fcn_last":402,"size":10,"opcode":"movabs rax, 0x800","esil":"2048,rax,=","bytes":"48b80008000000000000","family":"cpu","type":"mov","type_num":9,"type2_num":0,"flags":["entry0"]},{"offset":394,"fcn_addr":384,"fcn_last":406,"size":6,"opcode":"cmp rax, 0x800","esil":"2048,rax,==,$z,zf,=","bytes":"483d00080000","family":"cpu","type":"cmp","type_num":15,"type2_num":0},{"offset":400,"fcn_addr":384,"fcn_last":410,"size":2,"opcode":"je 0x198","esil":"zf,?{,408,rip,=,}","bytes":"7406","family":"cpu","type":"cjmp","type_num":2147483649,"type2_num":0,"jump":408,"fail":402},{"offset":402,"fcn_addr":384,"fcn_last":406,"size":6,"opcode":"add rax, 1","esil":"1,rax,+,rax,=","bytes":"480501000000","family":"cpu","type":"add","type_num":17,"type2_num":0},{"offset":408,"fcn_addr":384,"fcn_last":409,"size":3,"opcode":"mov rbx, rax","esil":"rax,rbx,=","bytes":"4889c3","family":"cpu","type":"mov","type_num":9,"type2_num":0},{"offset":411,"fcn_addr":384,"fcn_last":411,"size":1,"opcode":"ret","esil":"1,rbx,+=","bytes":"c3","family":"cpu","type":"ret","type_num":5,"type2_num":0}]} 2 | -------------------------------------------------------------------------------- /rune/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Sushant Dinesh 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1A5F.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x68,rsp,+,[8],rcx,=","offset":6751,"opcode":"mov rcx, qword [rsp + 0x68]","type":"mov","size":5},{"esil":"0x28,[8],rcx,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":6756,"opcode":"xor rcx, qword fs:[0x28]","type":"xor","size":9},{"esil":"0x28,rsp,+,[4],rax,=","offset":6765,"opcode":"mov eax, dword [rsp + 0x28]","type":"mov","size":4},{"esil":"zf,!,?{,9782,rip,=,}","offset":6769,"opcode":"jne 0x2636","type":"cjmp","size":6},{"esil":"120,rsp,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":6775,"opcode":"add rsp, 0x78","type":"add","size":4},{"esil":"rsp,[8],rbx,=,8,rsp,+=","offset":6779,"opcode":"pop rbx","type":"pop","size":1},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":6780,"opcode":"pop rbp","type":"pop","size":1},{"esil":"rsp,[8],r12,=,8,rsp,+=","offset":6781,"opcode":"pop r12","type":"pop","size":2},{"esil":"rsp,[8],r13,=,8,rsp,+=","offset":6783,"opcode":"pop r13","type":"pop","size":2},{"esil":"rsp,[8],r14,=,8,rsp,+=","offset":6785,"opcode":"pop r14","type":"pop","size":2},{"esil":"rsp,[8],r15,=,8,rsp,+=","offset":6787,"opcode":"pop r15","type":"pop","size":2},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":6789,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /radeco-lib/test_files/mt1_instructions.json: -------------------------------------------------------------------------------- 1 | {"name":"fcn.00000000","size":17,"addr":0,"ops":[{"offset":0,"fcn_addr":0,"fcn_last":14,"size":3,"opcode":"cmp rax, rbx","esil":"rbx,rax,==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=","bytes":"4839d8","family":"cpu","type":"cmp","type_num":15,"type2_num":0,"flags":["fcn.00000000"]},{"offset":3,"fcn_addr":0,"fcn_last":15,"size":2,"opcode":"je 9","esil":"zf,?{,9,rip,=,}","bytes":"7404","family":"cpu","type":"cjmp","type_num":2147483649,"type2_num":0,"jump":9,"fail":5},{"offset":5,"fcn_addr":0,"fcn_last":13,"size":4,"opcode":"add rax, 1","esil":"1,rax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","bytes":"4883c001","family":"cpu","type":"add","type_num":17,"type2_num":0},{"offset":9,"fcn_addr":0,"fcn_last":13,"size":4,"opcode":"add rax, 1","esil":"1,rax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","bytes":"4883c001","family":"cpu","type":"add","type_num":17,"type2_num":0},{"offset":13,"fcn_addr":0,"fcn_last":14,"size":3,"opcode":"mov rbx, rax","esil":"rax,rbx,=","bytes":"4889c3","family":"cpu","type":"mov","type_num":9,"type2_num":0},{"offset":16,"fcn_addr":0,"fcn_last":16,"size":1,"opcode":"ret","esil":"rsp,[8],rip,=,8,rsp,+=","bytes":"c3","family":"cpu","type":"ret","type_num":5,"type2_num":0}]} 2 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x2640.json: -------------------------------------------------------------------------------- 1 | [{"esil":"ebp,ebp,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rbp,&=","offset":9792,"opcode":"xor ebp, ebp","type":"xor","size":2},{"esil":"rdx,r9,=","offset":9794,"opcode":"mov r9, rdx","type":"mov","size":3},{"esil":"rsp,[8],rsi,=,8,rsp,+=","offset":9797,"opcode":"pop rsi","type":"pop","size":1},{"esil":"rsp,rdx,=","offset":9798,"opcode":"mov rdx, rsp","type":"mov","size":3},{"esil":"-16,rsp,&=,$0,of,=,$0,cf,=,$z,zf,=,$s,sf,=,$o,pf,=","offset":9801,"opcode":"and rsp, 0xfffffffffffffff0","type":"and","size":4},{"esil":"rax,8,rsp,-=,rsp,=[8]","offset":9805,"opcode":"push rax","type":"upush","size":1},{"esil":"rsp,8,rsp,-=,rsp,=[8]","offset":9806,"opcode":"push rsp","type":"upush","size":1},{"esil":"0x73a,rip,+,r8,=","offset":9807,"opcode":"lea r8, 0x00002d90","type":"lea","size":7},{"esil":"0x6c3,rip,+,rcx,=","offset":9814,"opcode":"lea rcx, 0x00002d20","type":"lea","size":7},{"esil":"0xd94,rip,-,rdi,=","offset":9821,"opcode":"lea rdi, main","type":"lea","size":7},{"esil":"rip,8,rsp,-=,rsp,=[],0x20295e,rip,+,[8],rip,=","offset":9828,"opcode":"call qword [reloc.__libc_start_main_200]","type":"ucall","size":6},{"esil":"","offset":9834,"opcode":"hlt","type":"trap","size":1}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x2670.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0x202bb9,rip,+,rdi,=","offset":9840,"opcode":"lea rdi, loc._edata","type":"lea","size":7},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":9847,"opcode":"push rbp","type":"upush","size":1},{"esil":"0x202bb1,rip,+,rax,=","offset":9848,"opcode":"lea rax, loc._edata","type":"lea","size":7},{"esil":"rdi,rax,==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":9855,"opcode":"cmp rax, rdi","type":"cmp","size":3},{"esil":"rsp,rbp,=","offset":9858,"opcode":"mov rbp, rsp","type":"mov","size":3},{"esil":"zf,?{,9888,rip,=,}","offset":9861,"opcode":"je 0x26a0","type":"cjmp","size":2},{"esil":"0x202932,rip,+,[8],rax,=","offset":9863,"opcode":"mov rax, qword [reloc._ITM_deregisterTMCloneTable_192]","type":"mov","size":7},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":9870,"opcode":"test rax, rax","type":"acmp","size":3},{"esil":"zf,?{,9888,rip,=,}","offset":9873,"opcode":"je 0x26a0","type":"cjmp","size":2},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":9875,"opcode":"pop rbp","type":"pop","size":1},{"esil":"rax,rip,=","offset":9876,"opcode":"jmp rax","type":"ujmp","size":2},{"esil":null,"offset":9878,"opcode":null,"type":"invalid","size":1},{"esil":null,"offset":9879,"opcode":null,"type":"invalid","size":1}] -------------------------------------------------------------------------------- /rune/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! The Rune Symbolic Emulator Project. 2 | //! 3 | //! Radare2 Symbolic Emulator for all! 4 | //! TODO: Add project notes, descriptions and notes. 5 | 6 | // Support additional lints using clippy 7 | #![cfg_attr(feature="clippy", feature(plugin))] 8 | #![cfg_attr(feature="clippy", plugin(clippy))] 9 | 10 | extern crate petgraph; 11 | extern crate esil; 12 | extern crate r2pipe; 13 | extern crate r2api; 14 | extern crate rustc_serialize; 15 | extern crate regex; 16 | extern crate libsmt; 17 | #[macro_use] extern crate serde_derive; 18 | extern crate serde; 19 | extern crate serde_json; 20 | 21 | pub mod context { 22 | pub mod context; 23 | pub mod rune_ctx; 24 | } 25 | 26 | pub mod utils { 27 | pub mod utils; 28 | pub mod state; 29 | } 30 | 31 | pub mod memory { 32 | pub mod memory; 33 | pub mod qword_mem; 34 | pub mod seg_mem; 35 | } 36 | 37 | pub mod regstore { 38 | pub mod regstore; 39 | pub mod regfile; 40 | } 41 | 42 | pub mod explorer { 43 | pub mod explorer; 44 | pub mod dfs; 45 | pub mod bfs; 46 | pub mod interactive; 47 | pub mod directed; 48 | } 49 | 50 | pub mod engine { 51 | pub mod engine; 52 | pub mod rune; 53 | pub mod hook; 54 | pub mod breakpt; 55 | } 56 | 57 | pub mod stream; 58 | -------------------------------------------------------------------------------- /radeco-lib/examples/project.rs: -------------------------------------------------------------------------------- 1 | // Examples to illustrate project loading 2 | 3 | extern crate r2api; 4 | extern crate r2pipe; 5 | extern crate radeco_lib; 6 | 7 | use r2api::api_trait::R2Api; 8 | use r2pipe::R2; 9 | use radeco_lib::frontend::radeco_containers::{FunctionLoader, ModuleLoader, ProjectLoader}; 10 | use radeco_lib::frontend::radeco_source::Source; 11 | 12 | use std::cell::RefCell; 13 | use std::rc::Rc; 14 | 15 | fn main() { 16 | { 17 | let mut r2 = R2::new(Some("/bin/ls")).expect("Failed to load r2"); 18 | r2.analyze(); 19 | let src: Rc = Rc::new(Rc::new(RefCell::new(r2))); 20 | let p = ProjectLoader::default() 21 | .path("/bin/ls") 22 | .source(Rc::clone(&src)) 23 | .module_loader( 24 | ModuleLoader::default() 25 | .parallel() 26 | .build_ssa() 27 | .build_callgraph() 28 | .load_datarefs() 29 | .function_loader(FunctionLoader::default().include_defaults()), 30 | ) 31 | .load(); 32 | 33 | for m in p.iter() { 34 | for rfn in m.module.iter() { 35 | println!("{:#X}", rfn.function.0); 36 | } 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /arch-rs/src/cc/cdecl.rs: -------------------------------------------------------------------------------- 1 | use crate::utils::*; 2 | use crate::cc::calling_convention::*; 3 | 4 | /**************************** 5 | * cdecl calling convention * 6 | * *************************/ 7 | 8 | declare_cc!(pub struct Cdecl { 9 | }); 10 | 11 | register_cc!(Cdecl); 12 | 13 | impl Cdecl { 14 | pub fn new(absregmap: AbsRegMap) -> Result { 15 | if let Some(&absreg) = absregmap.get(&String::from("eax")) { 16 | let mut cdecl: Cdecl = Default::default(); 17 | cdecl.set_absregmap(absregmap); 18 | cdecl.set_return_val(VType::Register(absreg, 32)); 19 | Ok(cdecl) 20 | } else { 21 | Err(String::from("AbstractRegister for return value was not allocated")) 22 | } 23 | } 24 | } 25 | 26 | impl Default for Cdecl { 27 | fn default() -> Cdecl { 28 | Cdecl { 29 | name: String::from("cdecl"), 30 | arg_placement: ArgPlacement::CallStack(ArgPushType::RTL), 31 | fp_arg_placement: ArgPlacement::CallStack(ArgPushType::PseudoStack), 32 | stack_sp_diff: 32, 33 | return_val: VType::Register(AbstractRegister::WILDCARD, 32), 34 | return_addr: VType::StackVal(0, 32), 35 | callee_cleanup: false, 36 | absregmap: None, 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /esil-rs/fuzz/fuzzers/parser.rs: -------------------------------------------------------------------------------- 1 | #![no_main] 2 | #[macro_use] extern crate libfuzzer_sys; 3 | extern crate esil; 4 | 5 | use std::collections::HashMap; 6 | use std::str; 7 | 8 | use esil::parser::{Parse, Parser}; 9 | use esil::lexer::{Token, Tokenizer}; 10 | 11 | fuzz_target!(|data: &[u8]| { 12 | if let Ok(esil) = str::from_utf8(data) { 13 | let regset: HashMap = { 14 | let mut regset = HashMap::new(); 15 | regset.insert("rax".to_owned(), 64); 16 | regset.insert("rbx".to_owned(), 64); 17 | regset.insert("rcx".to_owned(), 64); 18 | regset.insert("eax".to_owned(), 32); 19 | regset.insert("ebx".to_owned(), 32); 20 | regset.insert("ecx".to_owned(), 32); 21 | regset.insert("zf".to_owned(), 1); 22 | regset.insert("pf".to_owned(), 1); 23 | regset.insert("cf".to_owned(), 1); 24 | regset.insert("of".to_owned(), 1); 25 | regset.insert("sf".to_owned(), 1); 26 | regset 27 | }; 28 | let mut parser = Parser::init(Some(regset), Some(64)); 29 | parser.lastsz = Some(Token::EConstant(64)); 30 | while let Ok(Some(ref token)) = parser.parse::<_, Tokenizer>(esil) { 31 | let _ = parser.fetch_operands(token); 32 | } 33 | } 34 | }); 35 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x4004B0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"ebp,ebp,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rbp,&=","offset":4195504,"opcode":"xor ebp, ebp","type":"xor","size":2,"bytes":"31ed"},{"esil":"rdx,r9,=","offset":4195506,"opcode":"mov r9, rdx","type":"mov","size":3,"bytes":"4989d1"},{"esil":"rsp,[8],rsi,=,8,rsp,+=","offset":4195509,"opcode":"pop rsi","type":"pop","size":1,"bytes":"5e"},{"esil":"rsp,rdx,=","offset":4195510,"opcode":"mov rdx, rsp","type":"mov","size":3,"bytes":"4889e2"},{"esil":"-16,rsp,&=,$0,of,=,$0,cf,=,$z,zf,=,$s,sf,=,$o,pf,=","offset":4195513,"opcode":"and rsp, 0xfffffffffffffff0","type":"and","size":4,"bytes":"4883e4f0"},{"esil":"rax,8,rsp,-=,rsp,=[8]","offset":4195517,"opcode":"push rax","type":"upush","size":1,"bytes":"50"},{"esil":"rsp,8,rsp,-=,rsp,=[8]","offset":4195518,"opcode":"push rsp","type":"upush","size":1,"bytes":"54"},{"esil":"4196000,r8,=","offset":4195519,"opcode":"mov r8, 0x4006a0","type":"mov","size":7,"bytes":"49c7c0a0064000"},{"esil":"4195888,rcx,=","offset":4195526,"opcode":"mov rcx, 0x400630","type":"mov","size":7,"bytes":"48c7c130064000"},{"esil":"4195741,rdi,=","offset":4195533,"opcode":"mov rdi, 0x40059d","type":"mov","size":7,"bytes":"48c7c79d054000"},{"esil":"4195456,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195540,"opcode":"call 0x400480","type":"call","size":5,"bytes":"e8a7ffffff"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1890.json: -------------------------------------------------------------------------------- 1 | [{"esil":"8,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":6288,"opcode":"sub rsp, 8","type":"sub","size":4},{"esil":"0x2039fd,rip,+,[8],rcx,=","offset":6292,"opcode":"mov rcx, qword [0x00205298]","type":"mov","size":7},{"esil":"0x2039de,rip,+,[8],rdi,=","offset":6299,"opcode":"mov rdi, qword [obj.stderr]","type":"mov","size":7},{"esil":"0x14ff,rip,+,rdx,=","offset":6306,"opcode":"lea rdx, str.Usage:__s___bcEhikLlNnprsvzZ0_____apple_____extension_____mime_encoding_____mime_type__n______________e_testname____F_separator____f_namefile____m_magicfiles__file_..._n________s__C___m_magicfiles__n________s____help__n","type":"lea","size":7},{"esil":"1,rsi,=","offset":6313,"opcode":"mov esi, 1","type":"mov","size":5},{"esil":"rax,eax,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rax,&=","offset":6318,"opcode":"xor eax, eax","type":"xor","size":2},{"esil":"rcx,r9,=","offset":6320,"opcode":"mov r9, rcx","type":"mov","size":3},{"esil":"rcx,r8,=","offset":6323,"opcode":"mov r8, rcx","type":"mov","size":3},{"esil":"rip,8,rsp,-=,rsp,=[],6224,rip,=","offset":6326,"opcode":"call sym.imp.__fprintf_chk","type":"call","size":5},{"esil":"1,rdi,=","offset":6331,"opcode":"mov edi, 1","type":"mov","size":5},{"esil":"rip,8,rsp,-=,rsp,=[],6192,rip,=","offset":6336,"opcode":"call sym.imp.exit","type":"call","size":5}] -------------------------------------------------------------------------------- /radeco-lib/src/backend/lang_c/test.rs: -------------------------------------------------------------------------------- 1 | use super::c_ast::CAST; 2 | use super::c_cfg; 3 | use super::c_cfg_builder; 4 | use crate::frontend::radeco_containers::RadecoFunction; 5 | use crate::middle::ir_reader; 6 | use crate::middle::regfile::SubRegisterFile; 7 | use serde_json; 8 | use std::collections::HashMap; 9 | use std::fs; 10 | use std::path::Path; 11 | use std::sync::Arc; 12 | 13 | const REGISTER_PROFILE: &'static str = "test_files/x86_register_profile.json"; 14 | 15 | lazy_static! { 16 | static ref REGISTER_FILE: Arc = { 17 | let s = fs::read_to_string(REGISTER_PROFILE).unwrap(); 18 | let reg_profile = serde_json::from_str(&*s).unwrap(); 19 | Arc::new(SubRegisterFile::new(®_profile)) 20 | }; 21 | } 22 | 23 | fn run_ssa_file>(file: P) -> Result { 24 | let mut rfn = RadecoFunction::default(); 25 | *rfn.ssa_mut() = ir_reader::parse_il(&fs::read_to_string(file).unwrap(), REGISTER_FILE.clone()); 26 | let ccfg = c_cfg_builder::recover_c_cfg(&rfn, &HashMap::new(), &HashMap::new()); 27 | 28 | c_cfg::ctrl_flow_struct::structure_and_convert(ccfg) 29 | } 30 | 31 | #[test] 32 | fn bin1_is_ok() { 33 | assert!(run_ssa_file("test_files/bin1_main_ssa").is_ok()); 34 | } 35 | 36 | #[test] 37 | fn loopy_is_ok() { 38 | assert!(run_ssa_file("test_files/loopy_main_ssa").is_ok()); 39 | } 40 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_entry0.json: -------------------------------------------------------------------------------- 1 | {"addr":4195504,"name":"entry0","ops":[{"esil":"ebp,ebp,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rbp,&=","offset":4195504,"opcode":"xor ebp, ebp","type":"xor","size":2,"bytes":"31ed"},{"esil":"rdx,r9,=","offset":4195506,"opcode":"mov r9, rdx","type":"mov","size":3,"bytes":"4989d1"},{"esil":"rsp,[8],rsi,=,8,rsp,+=","offset":4195509,"opcode":"pop rsi","type":"pop","size":1,"bytes":"5e"},{"esil":"rsp,rdx,=","offset":4195510,"opcode":"mov rdx, rsp","type":"mov","size":3,"bytes":"4889e2"},{"esil":"-16,rsp,&=,$0,of,=,$0,cf,=,$z,zf,=,$s,sf,=,$o,pf,=","offset":4195513,"opcode":"and rsp, 0xfffffffffffffff0","type":"and","size":4,"bytes":"4883e4f0"},{"esil":"rax,8,rsp,-=,rsp,=[8]","offset":4195517,"opcode":"push rax","type":"upush","size":1,"bytes":"50"},{"esil":"rsp,8,rsp,-=,rsp,=[8]","offset":4195518,"opcode":"push rsp","type":"upush","size":1,"bytes":"54"},{"esil":"4196000,r8,=","offset":4195519,"opcode":"mov r8, 0x4006a0","type":"mov","size":7,"bytes":"49c7c0a0064000"},{"esil":"4195888,rcx,=","offset":4195526,"opcode":"mov rcx, 0x400630","type":"mov","size":7,"bytes":"48c7c130064000"},{"esil":"4195741,rdi,=","offset":4195533,"opcode":"mov rdi, 0x40059d","type":"mov","size":7,"bytes":"48c7c79d054000"},{"esil":"4195456,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195540,"opcode":"call 0x400480","type":"call","size":5,"bytes":"e8a7ffffff"}],"size":41} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1E94.json: -------------------------------------------------------------------------------- 1 | [{"esil":"1,eax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c31,cf,=,$p,pf,=","offset":9461,"opcode":"add eax, 1","type":"add","size":3},{"esil":"zf,!,?{,7828,rip,=,}","offset":9464,"opcode":"jne sub.magic_close_e94","type":"cjmp","size":6},{"esil":"0x8,rsp,+,[8],rdi,=","offset":9470,"opcode":"mov rdi, qword [rsp + 8]","type":"mov","size":5},{"esil":"rip,8,rsp,-=,rsp,=[],5968,rip,=","offset":9475,"opcode":"call sym.imp.magic_error","type":"call","size":5},{"esil":"0x202d89,rip,+,[8],rcx,=","offset":9480,"opcode":"mov rcx, qword [rip + 0x202d89]","type":"mov","size":7},{"esil":"0x202d6a,rip,+,[8],rdi,=","offset":9487,"opcode":"mov rdi, qword [rip + 0x202d6a]","type":"mov","size":7},{"esil":"0x1243,rip,+,rdx,=","offset":9494,"opcode":"lea rdx, [rip + 0x1243]","type":"lea","size":7},{"esil":"rax,r8,=","offset":9501,"opcode":"mov r8, rax","type":"mov","size":3},{"esil":"1,rsi,=","offset":9504,"opcode":"mov esi, 1","type":"mov","size":5},{"esil":"rax,eax,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rax,&=","offset":9509,"opcode":"xor eax, eax","type":"xor","size":2},{"esil":"rip,8,rsp,-=,rsp,=[],6224,rip,=","offset":9511,"opcode":"call sym.imp.__fprintf_chk","type":"call","size":5},{"esil":"1,0x28,rsp,+,=[4]","offset":9516,"opcode":"mov dword [rsp + 0x28], 1","type":"mov","size":8},{"esil":"0x1e94,rip,=","offset":9524,"opcode":"jmp sub.magic_close_e94","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x24F5.json: -------------------------------------------------------------------------------- 1 | [{"esil":"1,eax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c31,cf,=,$p,pf,=","offset":9461,"opcode":"add eax, 1","type":"add","size":3},{"esil":"zf,!,?{,7828,rip,=,}","offset":9464,"opcode":"jne sub.magic_close_e94","type":"cjmp","size":6},{"esil":"0x8,rsp,+,[8],rdi,=","offset":9470,"opcode":"mov rdi, qword [rsp + 8]","type":"mov","size":5},{"esil":"rip,8,rsp,-=,rsp,=[],5968,rip,=","offset":9475,"opcode":"call sym.imp.magic_error","type":"call","size":5},{"esil":"0x202d89,rip,+,[8],rcx,=","offset":9480,"opcode":"mov rcx, qword [rip + 0x202d89]","type":"mov","size":7},{"esil":"0x202d6a,rip,+,[8],rdi,=","offset":9487,"opcode":"mov rdi, qword [rip + 0x202d6a]","type":"mov","size":7},{"esil":"0x1243,rip,+,rdx,=","offset":9494,"opcode":"lea rdx, [rip + 0x1243]","type":"lea","size":7},{"esil":"rax,r8,=","offset":9501,"opcode":"mov r8, rax","type":"mov","size":3},{"esil":"1,rsi,=","offset":9504,"opcode":"mov esi, 1","type":"mov","size":5},{"esil":"rax,eax,^=,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=,0xffffffff,rax,&=","offset":9509,"opcode":"xor eax, eax","type":"xor","size":2},{"esil":"rip,8,rsp,-=,rsp,=[],6224,rip,=","offset":9511,"opcode":"call sym.imp.__fprintf_chk","type":"call","size":5},{"esil":"1,0x28,rsp,+,=[4]","offset":9516,"opcode":"mov dword [rsp + 0x28], 1","type":"mov","size":8},{"esil":"0x1e94,rip,=","offset":9524,"opcode":"jmp sub.magic_close_e94","type":"jmp","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400570.json: -------------------------------------------------------------------------------- 1 | [{"esil":"0,0x2008a8,rip,+,[8],==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195696,"opcode":"cmp qword [rip + 0x2008a8], 0","type":"cmp","size":8,"bytes":"48833da808200000"},{"esil":"zf,?{,4195736,rip,=,}","offset":4195704,"opcode":"je 0x400598","type":"cjmp","size":2,"bytes":"741e"},{"esil":"0,eax,=,0xffffffff,rax,&=","offset":4195706,"opcode":"mov eax, 0","type":"mov","size":5,"bytes":"b800000000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195711,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195736,rip,=,}","offset":4195714,"opcode":"je 0x400598","type":"cjmp","size":2,"bytes":"7414"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195716,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295072,edi,=,0xffffffff,rdi,&=","offset":4195717,"opcode":"mov edi, 0x600e20","type":"mov","size":5,"bytes":"bf200e6000"},{"esil":"rsp,rbp,=","offset":4195722,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"rax,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195725,"opcode":"call rax","type":"ucall","size":2,"bytes":"ffd0"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195727,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"0x400510,rip,=","offset":4195728,"opcode":"jmp 0x400510","type":"jmp","size":5,"bytes":"e97bffffff"},{"esil":"0x400510,rip,=","offset":4195736,"opcode":"jmp 0x400510","type":"jmp","size":5,"bytes":"e973ffffff"}] -------------------------------------------------------------------------------- /radeco/README.md: -------------------------------------------------------------------------------- 1 | # radeco 2 | 3 | Radeco is the radare decompiler tool using the [radeco-lib](https://github.com/radareorg/radeco-lib) rust crate. 4 | 5 | [![Build Status](https://travis-ci.org/radareorg/radeco.svg)](https://travis-ci.org/radareorg/radeco) 6 | 7 | ## Usage 8 | 9 | ```shell 10 | $ echo '#include\nint main() {printf("Hello, world.\\n"); return 0;}' | gcc -xc - 11 | $ cargo run 12 | >> load a.out 13 | Cannot find function here 14 | [*] Fixing Callee Information 15 | >> fn_list 16 | sym._init 17 | sym.imp.puts 18 | entry0 19 | sym.deregister_tm_clones 20 | sym.register_tm_clones 21 | sym.__do_global_dtors_aux 22 | entry1.init 23 | sym.main 24 | sym.__libc_csu_init 25 | sym.__libc_csu_fini 26 | sym._fini 27 | >> analyze sym.main 28 | [+] Analyzing: sym.main @ 0x1139 29 | [*] Eliminating Dead Code 30 | [*] Propagating Constants 31 | [*] Eliminating More DeadCode 32 | [*] Eliminating Common SubExpressions 33 | [*] Verifying SSA's Validity 34 | >> decompile sym.main 35 | fn sym.main () { 36 | unsigned int tmp; 37 | *((rsp - 8)) = rbp 38 | tmp = sym.imp.puts("Hello, world.", rsi, rdx, rcx, r8, r9) 39 | } 40 | >> 41 | ``` 42 | 43 | ## Installation 44 | 45 | Note: Nightly Rust is required. You can install it using [rustup](https://rustup.rs/). 46 | 47 | ```shell 48 | make install 49 | ``` 50 | 51 | ## License 52 | Licensed under The BSD 3-Clause License. Please check [COPYING](https://github.com/radare/radeco/blob/master/COPYING) file for 53 | complete license. 54 | -------------------------------------------------------------------------------- /radeco-lib/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "radeco-lib" 3 | version = "0.1.0-dev" 4 | authors = [ 5 | "David Kreuter ", 6 | "Sushant Dinesh ", 7 | "Shohei Kuroiwa " 8 | ] 9 | build = "build.rs" 10 | edition = "2018" 11 | 12 | [lib] 13 | path = "src/lib.rs" 14 | 15 | [features] 16 | default = [] 17 | trace_log = ["log", "env_logger"] 18 | 19 | [dev-dependencies] 20 | quickcheck = "0.9.2" 21 | quickcheck_macros = "0.9.1" 22 | 23 | [build-dependencies] 24 | lalrpop = { version = "0.19", features = ["lexer"] } 25 | regex = "1.3" 26 | 27 | [dependencies] 28 | regex = "1.3" 29 | petgraph = { version = "0.5.0", features = ["quickcheck"] } 30 | serde_json = "1.0" 31 | lazy_static = "1.4" 32 | docopt = "1.1" 33 | rayon = "1.2" 34 | lalrpop-util = "0.19" 35 | fixedbitset = "0.3" 36 | either = "1.5" 37 | vec_map = "0.8" 38 | typed-arena = "2.0" 39 | bit-set = "0.5" 40 | num = "0.2" 41 | linear-map = "1.2.0" 42 | base64 = "0.12" 43 | 44 | log = { version = "0.4", optional = true } 45 | env_logger = { version = "0.7", optional = true } 46 | 47 | [dependencies.r2pipe] 48 | git = "https://github.com/radareorg/r2pipe.rs" 49 | 50 | [dependencies.r2api] 51 | git = "https://github.com/radare/radare2-r2pipe-api" 52 | #path = "../radare2-r2pipe-api/rust/" 53 | 54 | [dependencies.esil] 55 | #git = "https://github.com/radareorg/esil-rs" 56 | path = "../esil-rs" 57 | 58 | # [dependencies.capstone_rust] 59 | # git = "https://github.com/sushant94/capstone-rust" 60 | -------------------------------------------------------------------------------- /radeco-lib/src/backend/ctrl_flow_struct/ast_context.rs: -------------------------------------------------------------------------------- 1 | pub trait AstContext { 2 | type Block; 3 | type Variable; 4 | type BoolVariable; 5 | type Condition: 'static; 6 | } 7 | 8 | pub trait AstContextMut: AstContext { 9 | /// Returns a new unused `Variable`. It must be initialized to some value, 10 | /// but it doesn't matter what. 11 | fn mk_fresh_var(&mut self) -> Self::Variable; 12 | 13 | /// Returns a new unused `Variable` that is initialized with zero. 14 | fn mk_fresh_var_zeroed(&mut self) -> Self::Variable; 15 | 16 | /// Returns a new unused `BoolVariable`. It must be initialized to some 17 | /// value, but it doesn't matter what. 18 | fn mk_fresh_bool_var(&mut self) -> Self::BoolVariable; 19 | 20 | /// Returns a `Condition` that represents `var` being equal to `val`. 21 | fn mk_cond_equals(&mut self, var: &Self::Variable, val: u64) -> Self::Condition; 22 | 23 | /// Returns a `Condition` that represents the value of `var`. 24 | fn mk_cond_from_bool_var(&mut self, var: &Self::BoolVariable) -> Self::Condition; 25 | 26 | /// Returns a new `Block` whose only effect is to assign `val` to `var`. 27 | fn mk_var_assign(&mut self, var: &Self::Variable, val: u64) -> Self::Block; 28 | 29 | /// Returns a new `Block` whose only effect is to assign the value of `cond` 30 | /// to `var`. 31 | fn mk_bool_var_assign( 32 | &mut self, 33 | var: &Self::BoolVariable, 34 | cond: &Self::Condition, 35 | ) -> Self::Block; 36 | } 37 | -------------------------------------------------------------------------------- /rune/src/regstore/regstore.rs: -------------------------------------------------------------------------------- 1 | 2 | use libsmt::backends::smtlib2::{SMTLib2}; 3 | use libsmt::logics::qf_abv; 4 | use r2api::structs::LRegInfo; 5 | 6 | use std::fmt::Debug; 7 | 8 | 9 | #[derive(Clone, Debug, Default)] 10 | pub struct RegEntry { 11 | pub name: String, 12 | pub idx: usize, 13 | // 0 indexed 14 | pub start_bit: usize, 15 | pub end_bit: usize, 16 | pub is_whole: bool, 17 | pub alias: Option, 18 | } 19 | 20 | impl RegEntry { 21 | pub fn new(name: String, 22 | idx: usize, 23 | sbit: usize, 24 | ebit: usize, 25 | is_whole: bool, 26 | alias: Option) 27 | -> RegEntry { 28 | RegEntry { 29 | name: name, 30 | idx: idx, 31 | start_bit: sbit, 32 | end_bit: ebit, 33 | is_whole: is_whole, 34 | alias: alias, 35 | } 36 | } 37 | } 38 | 39 | pub trait RegStore: Clone + Debug { 40 | type VarRef; 41 | 42 | fn new(_: &mut LRegInfo) -> Self; 43 | 44 | fn get_reg_entry(&self, _: &str) -> RegEntry; 45 | 46 | fn get_reg_ref(&self, _: &str) -> Option; 47 | 48 | fn set_reg(&mut self, _: &str, _: Self::VarRef); 49 | 50 | fn read(&mut self, _: &str, _: &mut SMTLib2) -> Self::VarRef; 51 | 52 | fn write(&mut self, _: &str, _: Self::VarRef) -> Option; 53 | } 54 | 55 | pub trait RegStoreAPI: RegStore { 56 | fn get_regs(&self) -> Vec>; 57 | } 58 | 59 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_entry1.init.json: -------------------------------------------------------------------------------- 1 | {"addr":4195696,"name":"entry1.init","ops":[{"esil":"0,0x2008a8,rip,+,[8],==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195696,"opcode":"cmp qword [rip + 0x2008a8], 0","type":"cmp","size":8,"bytes":"48833da808200000"},{"esil":"zf,?{,4195736,rip,=,}","offset":4195704,"opcode":"je 0x400598","type":"cjmp","size":2,"bytes":"741e"},{"esil":"0,eax,=,0xffffffff,rax,&=","offset":4195706,"opcode":"mov eax, 0","type":"mov","size":5,"bytes":"b800000000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195711,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195736,rip,=,}","offset":4195714,"opcode":"je 0x400598","type":"cjmp","size":2,"bytes":"7414"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195716,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295072,edi,=,0xffffffff,rdi,&=","offset":4195717,"opcode":"mov edi, 0x600e20","type":"mov","size":5,"bytes":"bf200e6000"},{"esil":"rsp,rbp,=","offset":4195722,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"rax,rip,8,rsp,-=,rsp,=[],rip,=","offset":4195725,"opcode":"call rax","type":"ucall","size":2,"bytes":"ffd0"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195727,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"0x400510,rip,=","offset":4195728,"opcode":"jmp 0x400510","type":"jmp","size":5,"bytes":"e97bffffff"},{"esil":"0x400510,rip,=","offset":4195736,"opcode":"jmp 0x400510","type":"jmp","size":5,"bytes":"e973ffffff"}],"size":45} -------------------------------------------------------------------------------- /rune/src/utils/logger.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019, The Radare Project. All rights reserved. 2 | use std::fmt::Debug; 3 | 4 | // TODO: Implement proper events for debugging 5 | 6 | #[macro_export] 7 | macro_rules! rune_trace { 8 | ($t: expr) => ({ 9 | if cfg!(feature = "trace_log") { 10 | #[cfg(feature="trace_log")] 11 | debug!("{}", $t.to_string()); 12 | } 13 | }); 14 | ($fmt:expr, $($arg:tt)*) => ({ 15 | if cfg!(feature = "trace_log") { 16 | #[cfg(feature="trace_log")] 17 | debug!("{}", format_args!($fmt, $($arg)*)); 18 | } 19 | }); 20 | } 21 | 22 | #[macro_export] 23 | macro_rules! rune_warn { 24 | ($t: expr) => ({ 25 | if cfg!(feature = "trace_log") { 26 | #[cfg(feature="trace_log")] 27 | warn!("{}", $t.to_string()); 28 | } 29 | }); 30 | ($fmt:expr, $($arg:tt)*) => ({ 31 | if cfg!(feature = "trace_log") { 32 | #[cfg(feature="trace_log")] 33 | warn!("{}", format_args!($fmt, $($arg)*)); 34 | } 35 | }); 36 | } 37 | 38 | #[macro_export] 39 | macro_rules! rune_err { 40 | ($t: expr) => ({ 41 | if cfg!(feature = "trace_log") { 42 | #[cfg(feature="trace_log")] 43 | warn!("{}", $t.to_string()); 44 | } 45 | }); 46 | ($fmt:expr, $($arg:tt)*) => ({ 47 | if cfg!(feature = "trace_log") { 48 | #[cfg(feature="trace_log")] 49 | error!("{}", format_args!($fmt, $($arg)*)); 50 | } 51 | }); 52 | } 53 | -------------------------------------------------------------------------------- /rune/examples/simple_example.rs: -------------------------------------------------------------------------------- 1 | extern crate rune; 2 | extern crate libsmt; 3 | extern crate r2pipe; 4 | extern crate r2api; 5 | 6 | use std::collections::HashMap; 7 | 8 | use r2pipe::r2::R2; 9 | 10 | use r2api::api_trait::R2Api; 11 | 12 | use rune::explorer::directed::DirectedExplorer; 13 | use rune::explorer::explorer::PathExplorer; 14 | 15 | 16 | 17 | 18 | use rune::memory::memory::Memory; 19 | 20 | 21 | use rune::regstore::regstore::RegStore; 22 | 23 | 24 | use rune::engine::engine::Engine; 25 | use rune::engine::rune::Rune; 26 | 27 | use rune::utils::utils::{new_rune_ctx, Key}; 28 | 29 | 30 | 31 | fn main() { 32 | // Stream 33 | let mut stream = R2::new(Some("bins/a.out")).expect("Could not open the file."); 34 | stream.init(); 35 | 36 | let bp = 0x5000; 37 | let ip = 0x004004fa; 38 | let break_addr = 0x00400515; 39 | let branch = 0x00400513; 40 | 41 | let mut syms = HashMap::new(); 42 | syms.insert(Key::Mem(bp-0x8), 8); 43 | 44 | let mut consts = HashMap::new(); 45 | consts.insert(Key::Reg(String::from("rbp")), (bp as u64, 64 as u64)); 46 | 47 | // Context 48 | let ctx = new_rune_ctx(Some(ip), Some(syms), Some(consts), &mut stream); 49 | 50 | // Explorer 51 | let mut explorer = DirectedExplorer::new(); 52 | let mut decision_list: Vec<(u64, char)> = Vec::new(); 53 | decision_list.push((branch, 'F')); 54 | explorer.set_decisions(decision_list); 55 | explorer.break_addr = break_addr; 56 | 57 | // Engine 58 | let mut rune = Rune::new(ctx, explorer, stream); 59 | rune.run().expect("not yet implemented"); 60 | } 61 | -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x400460.json: -------------------------------------------------------------------------------- 1 | [{"esil":"6293792,rsi,=","offset":4195424,"opcode":"mov esi, 0x600920","type":"mov","size":5},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195429,"opcode":"push rbp","type":"upush","size":1},{"esil":"6293792,rsi,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195430,"opcode":"sub rsi, 0x600920","type":"sub","size":7},{"esil":"3,rsi,>>=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195437,"opcode":"sar rsi, 3","type":"sar","size":4},{"esil":"rsp,rbp,=","offset":4195441,"opcode":"mov rbp, rsp","type":"mov","size":3},{"esil":"rsi,rax,=","offset":4195444,"opcode":"mov rax, rsi","type":"mov","size":3},{"esil":"0,cf,=,1,63,-,1,<<,rax,&,?{,1,cf,=,},63,rax,>>,rax,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195447,"opcode":"shr rax, 0x3f","type":"shr","size":4},{"esil":"rax,rsi,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195451,"opcode":"add rsi, rax","type":"add","size":3},{"esil":"1,rsi,>>=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195454,"opcode":"sar rsi, 1","type":"sar","size":3},{"esil":"zf,?{,4195480,rip,=,}","offset":4195457,"opcode":"je 0x400498","type":"cjmp","size":2},{"esil":"0,rax,=","offset":4195459,"opcode":"mov eax, 0","type":"mov","size":5},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195464,"opcode":"test rax, rax","type":"acmp","size":3},{"esil":"zf,?{,4195480,rip,=,}","offset":4195467,"opcode":"je 0x400498","type":"cjmp","size":2},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195469,"opcode":"pop rbp","type":"pop","size":1},{"esil":"6293792,rdi,=","offset":4195470,"opcode":"mov edi, 0x600920","type":"mov","size":5},{"esil":"rax,rip,=","offset":4195475,"opcode":"jmp rax","type":"ujmp","size":2}] -------------------------------------------------------------------------------- /esil-rs/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, The Radare Project 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or 5 | without modification, are permitted provided that the following 6 | conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above 12 | copyright notice, this list of conditions and the following 13 | disclaimer in the documentation and / or other materials provided 14 | with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived 18 | from this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 28 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 30 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 | POSSIBILITY OF SUCH DAMAGE. 32 | -------------------------------------------------------------------------------- /radeco/COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, The Radare Project 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or 5 | without modification, are permitted provided that the following 6 | conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above 12 | copyright notice, this list of conditions and the following 13 | disclaimer in the documentation and / or other materials provided 14 | with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived 18 | from this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 28 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 30 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 | POSSIBILITY OF SUCH DAMAGE. 32 | -------------------------------------------------------------------------------- /radeco-lib/COPYING: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, The Radare Project 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or 5 | without modification, are permitted provided that the following 6 | conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above 12 | copyright notice, this list of conditions and the following 13 | disclaimer in the documentation and / or other materials provided 14 | with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived 18 | from this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 28 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 30 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 | POSSIBILITY OF SUCH DAMAGE. 32 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x4004E0.json: -------------------------------------------------------------------------------- 1 | [{"esil":"6295631,eax,=,0xffffffff,rax,&=","offset":4195552,"opcode":"mov eax, 0x60104f","type":"mov","size":5,"bytes":"b84f106000"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195557,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295624,rax,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195558,"opcode":"sub rax, 0x601048","type":"sub","size":6,"bytes":"482d48106000"},{"esil":"14,rax,==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195564,"opcode":"cmp rax, 0xe","type":"cmp","size":4,"bytes":"4883f80e"},{"esil":"rsp,rbp,=","offset":4195568,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"cf,zf,|,!,?{,4195575,rip,=,}","offset":4195571,"opcode":"ja 0x4004f7","type":"cjmp","size":2,"bytes":"7702"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195573,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195574,"opcode":"ret","type":"ret","size":1,"bytes":"c3"},{"esil":"0,eax,=,0xffffffff,rax,&=","offset":4195575,"opcode":"mov eax, 0","type":"mov","size":5,"bytes":"b800000000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195580,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195573,rip,=,}","offset":4195583,"opcode":"je 0x4004f5","type":"cjmp","size":2,"bytes":"74f4"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195585,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"6295624,edi,=,0xffffffff,rdi,&=","offset":4195586,"opcode":"mov edi, 0x601048","type":"mov","size":5,"bytes":"bf48106000"},{"esil":"rax,rip,=","offset":4195591,"opcode":"jmp rax","type":"ujmp","size":2,"bytes":"ffe0"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.deregister_tm_clones.json: -------------------------------------------------------------------------------- 1 | {"addr":4195552,"name":"sym.deregister_tm_clones","ops":[{"esil":"6295631,eax,=,0xffffffff,rax,&=","offset":4195552,"opcode":"mov eax, 0x60104f","type":"mov","size":5,"bytes":"b84f106000"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195557,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295624,rax,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195558,"opcode":"sub rax, 0x601048","type":"sub","size":6,"bytes":"482d48106000"},{"esil":"14,rax,==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195564,"opcode":"cmp rax, 0xe","type":"cmp","size":4,"bytes":"4883f80e"},{"esil":"rsp,rbp,=","offset":4195568,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"cf,zf,|,!,?{,4195575,rip,=,}","offset":4195571,"opcode":"ja 0x4004f7","type":"cjmp","size":2,"bytes":"7702"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195573,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195574,"opcode":"ret","type":"ret","size":1,"bytes":"c3"},{"esil":"0,eax,=,0xffffffff,rax,&=","offset":4195575,"opcode":"mov eax, 0","type":"mov","size":5,"bytes":"b800000000"},{"esil":"0,rax,rax,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195580,"opcode":"test rax, rax","type":"acmp","size":3,"bytes":"4885c0"},{"esil":"zf,?{,4195573,rip,=,}","offset":4195583,"opcode":"je 0x4004f5","type":"cjmp","size":2,"bytes":"74f4"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195585,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"6295624,edi,=,0xffffffff,rdi,&=","offset":4195586,"opcode":"mov edi, 0x601048","type":"mov","size":5,"bytes":"bf48106000"},{"esil":"rax,rip,=","offset":4195591,"opcode":"jmp rax","type":"ujmp","size":2,"bytes":"ffe0"}],"size":41} -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/uintrange.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | use super::{KnownBits, SIntRange, UIntMultiple, UIntRange, ValueSet}; 9 | use std::cmp::{max, min}; 10 | use std::ops::{BitAnd, BitOr}; 11 | 12 | impl ValueSet for UIntRange { 13 | fn contains(&self, value: u64) -> bool { 14 | (self.min <= value) && (value <= self.max) 15 | } 16 | } 17 | 18 | /// A value set that includes all u64 values between a minimum and a maximum 19 | impl UIntRange { 20 | // TODO 21 | fn as_knownbits(&self) -> KnownBits { 22 | KnownBits { 23 | zerobits: 0, 24 | onebits: 0, 25 | } 26 | } 27 | fn as_umultiple(&self) -> UIntMultiple { 28 | UIntMultiple { 29 | modulus: 0, 30 | residue: 0, 31 | } 32 | } 33 | fn as_srange(&self) -> SIntRange { 34 | SIntRange { min: 0, max: 0 } 35 | } 36 | } 37 | 38 | impl<'a, 'b> BitAnd<&'a UIntRange> for &'b UIntRange { 39 | type Output = UIntRange; 40 | 41 | fn bitand(self, rhs: &UIntRange) -> UIntRange { 42 | UIntRange { 43 | min: max(self.min, rhs.min), 44 | max: min(self.max, rhs.max), 45 | } 46 | } 47 | } 48 | 49 | impl<'a, 'b> BitOr<&'a UIntRange> for &'b UIntRange { 50 | type Output = UIntRange; 51 | 52 | fn bitor(self, rhs: &UIntRange) -> UIntRange { 53 | UIntRange { 54 | min: min(self.min, rhs.min), 55 | max: max(self.max, rhs.max), 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /radeco/build.rs: -------------------------------------------------------------------------------- 1 | // build.rs 2 | // This build script is used to recognize radeco-lib version at 3 | // compile from the Cargo.lock file and save it in the 4 | // VERSION_STR environment variable to be retrieved at runtime. 5 | extern crate toml; 6 | 7 | use std::fs::read_to_string; 8 | use std::path::Path; 9 | 10 | // Refer: https://docs.rs/built/0.3.0/src/built/lib.rs.html#264 11 | fn parse_dependencies(lock_toml_buf: &str) -> Vec<(String, String)> { 12 | let lock_toml: toml::Value = lock_toml_buf.parse().unwrap(); 13 | let mut deps = Vec::new(); 14 | 15 | // Get the table of [[package]]s. This is the deep list of dependencies and 16 | // dependencies of dependencies. 17 | for package in lock_toml["package"].as_array().unwrap() { 18 | let package = package.as_table().unwrap(); 19 | deps.push(( 20 | package.get("name").unwrap().as_str().unwrap().to_owned(), 21 | package.get("version").unwrap().as_str().unwrap().to_owned(), 22 | )); 23 | } 24 | deps.sort(); 25 | deps 26 | } 27 | 28 | fn main() { 29 | let radeco_version = env!("CARGO_PKG_VERSION").to_string(); 30 | let mut version_str = format!("radeco - v{}", radeco_version); 31 | 32 | let manifest_dir_path = env!("CARGO_MANIFEST_DIR").to_string(); 33 | let cargo_lock_path = Path::new(&manifest_dir_path).join("Cargo.lock"); 34 | 35 | if cargo_lock_path.exists() { 36 | let lock_buf = read_to_string(cargo_lock_path).ok().unwrap(); 37 | let deps = parse_dependencies(&lock_buf); 38 | for &(ref crate_name, ref crate_version) in deps.iter() { 39 | if crate_name == "radeco-lib" { 40 | version_str = format!("{}, radeco-lib - v{}", version_str, crate_version); 41 | } 42 | } 43 | } 44 | println!("cargo:rustc-env=VERSION_STR={}", version_str); 45 | } 46 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_insts_0x1E4C.json: -------------------------------------------------------------------------------- 1 | [{"esil":"r13,r12,==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":7756,"opcode":"cmp r12, r13","type":"cmp","size":3},{"esil":"cf,zf,|,!,?{,7735,rip,=,}","offset":7759,"opcode":"ja 0x1e37","type":"cjmp","size":2},{"esil":"2,0x203454,rip,+,[4],==,$z,zf,=,$b32,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":7761,"opcode":"cmp dword [rip + 0x203454], 2","type":"cmp","size":7},{"esil":"zf,?{,8065,rip,=,}","offset":7768,"opcode":"je 0x1f81","type":"cjmp","size":6},{"esil":"0x8,rsp,+,[8],r13,=","offset":7774,"opcode":"mov r13, qword [rsp + 8]","type":"mov","size":5},{"esil":"0x28,rsp,+,[4],r12d,=,0xffffffff,r12,&=","offset":7779,"opcode":"mov r12d, dword [rsp + 0x28]","type":"mov","size":5},{"esil":"0x1e83,rip,=","offset":7784,"opcode":"jmp 0x1e83","type":"jmp","size":2},{"esil":"rax,8,*,rbp,+,[8],rsi,=","offset":7786,"opcode":"mov rsi, qword [rbp + rax*8]","type":"mov","size":5},{"esil":"rbx,rdx,=","offset":7791,"opcode":"mov edx, ebx","type":"mov","size":2},{"esil":"r13,rdi,=","offset":7793,"opcode":"mov rdi, r13","type":"mov","size":3},{"esil":"rip,8,rsp,-=,rsp,=[],11136,rip,=","offset":7796,"opcode":"call sub.magic_file_b80","type":"call","size":5},{"esil":"1,0x2033d8,rip,+,+=[4],$o,of,=,$s,sf,=,$z,zf,=,$c31,cf,=,$p,pf,=","offset":7801,"opcode":"add dword [rip + 0x2033d8], 1","type":"add","size":7},{"esil":"rax,r12d,|=,$s,sf,=,$z,zf,=,$p,pf,=,$0,of,=,$0,cf,=","offset":7808,"opcode":"or r12d, eax","type":"or","size":3},{"esil":"0x2033ce,rip,+,[4],rax,=","offset":7811,"opcode":"movsxd rax, dword [rip + 0x2033ce]","type":"mov","size":7},{"esil":"r15d,rax,==,$z,zf,=,$b32,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":7818,"opcode":"cmp eax, r15d","type":"cmp","size":3},{"esil":"of,sf,^,?{,7786,rip,=,}","offset":7821,"opcode":"jl 0x1e6a","type":"cjmp","size":2},{"esil":"r12d,0x28,rsp,+,=[4]","offset":7823,"opcode":"mov dword [rsp + 0x28], r12d","type":"mov","size":5}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_insts_0x4004E6.json: -------------------------------------------------------------------------------- 1 | [{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195558,"opcode":"push rbp","type":"upush","size":1},{"esil":"rsp,rbp,=","offset":4195559,"opcode":"mov rbp, rsp","type":"mov","size":3},{"esil":"16,rsp,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195562,"opcode":"sub rsp, 0x10","type":"sub","size":4},{"esil":"-1,0x8,rbp,-,=[8]","offset":4195566,"opcode":"mov qword [rbp - local_8h], -1","type":"mov","size":8},{"esil":"0,0xc,rbp,-,=[4]","offset":4195574,"opcode":"mov dword [rbp - local_ch], 0","type":"mov","size":7},{"esil":"4294967295,rax,=","offset":4195581,"opcode":"mov eax, 0xffffffff","type":"mov","size":5},{"esil":"rax,0x8,rbp,-,^=[8],$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195586,"opcode":"xor qword [rbp - local_8h], rax","type":"xor","size":4},{"esil":"10,0x8,rbp,-,[8],==,$z,zf,=,$b64,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195590,"opcode":"cmp qword [rbp - local_8h], 0xa","type":"cmp","size":5},{"esil":"of,sf,^,zf,|,?{,4195622,rip,=,}","offset":4195595,"opcode":"jle 0x400526","type":"cjmp","size":2},{"esil":"0,0xc,rbp,-,=[4]","offset":4195597,"opcode":"mov dword [rbp - local_ch], 0","type":"mov","size":7},{"esil":"0x400520,rip,=","offset":4195604,"opcode":"jmp 0x400520","type":"jmp","size":2},{"esil":"4195780,rdi,=","offset":4195606,"opcode":"mov edi, 0x4005c4","type":"mov","size":5},{"esil":"rip,8,rsp,-=,rsp,=[],4195264,rip,=","offset":4195611,"opcode":"call 0x4003c0","type":"call","size":5},{"esil":"24,0xc,rbp,-,[4],==,$z,zf,=,$b32,cf,=,$p,pf,=,$s,sf,=,$o,of,=","offset":4195616,"opcode":"cmp dword [rbp - local_ch], 0x18","type":"cmp","size":4},{"esil":"of,sf,^,zf,|,?{,4195606,rip,=,}","offset":4195620,"opcode":"jle 0x400516","type":"cjmp","size":2},{"esil":"4195782,rdi,=","offset":4195622,"opcode":"mov edi, 0x4005c6","type":"mov","size":5},{"esil":"rip,8,rsp,-=,rsp,=[],4195264,rip,=","offset":4195627,"opcode":"call 0x4003c0","type":"call","size":5},{"esil":"0,rax,=","offset":4195632,"opcode":"mov eax, 0","type":"mov","size":5},{"esil":"rbp,rsp,=,rsp,[8],rbp,=,8,rsp,+=","offset":4195637,"opcode":"leave","type":"pop","size":1},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195638,"opcode":"ret","type":"ret","size":1}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/dom/index.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! Implements `InternalIndex` used for `DomTree`. 9 | 10 | use petgraph::graph::NodeIndex; 11 | use std::cmp::{Eq, Ord, Ordering, PartialEq, PartialOrd}; 12 | use std::hash::{Hash, Hasher}; 13 | use std::ops::Index; 14 | 15 | #[derive(Clone, Copy, Debug)] 16 | pub struct InternalIndex { 17 | index: usize, 18 | external: NodeIndex, 19 | } 20 | 21 | impl InternalIndex { 22 | pub fn new(index: usize, n: NodeIndex) -> InternalIndex { 23 | InternalIndex { 24 | index: index, 25 | external: n, 26 | } 27 | } 28 | 29 | pub fn external(&self) -> NodeIndex { 30 | self.external 31 | } 32 | 33 | pub fn index(&self) -> usize { 34 | self.index 35 | } 36 | } 37 | 38 | /////////////////////////////////////////////////////////////////////////////// 39 | //// Trait implementations to ensure InternalIndex 40 | //// behaves like InternalIndex::index (usize) 41 | /////////////////////////////////////////////////////////////////////////////// 42 | 43 | impl PartialEq for InternalIndex { 44 | fn eq(&self, other: &Self) -> bool { 45 | self.index == other.index 46 | } 47 | } 48 | 49 | impl Hash for InternalIndex { 50 | fn hash(&self, state: &mut H) { 51 | self.index.hash(state); 52 | } 53 | } 54 | 55 | impl Eq for InternalIndex {} 56 | 57 | impl Index for Vec { 58 | type Output = InternalIndex; 59 | fn index(&self, index: InternalIndex) -> &InternalIndex { 60 | &self[index.index] 61 | } 62 | } 63 | 64 | impl PartialOrd for InternalIndex { 65 | fn partial_cmp(&self, other: &Self) -> Option { 66 | self.index.partial_cmp(&other.index) 67 | } 68 | } 69 | 70 | impl Ord for InternalIndex { 71 | fn cmp(&self, other: &Self) -> Ordering { 72 | self.index.cmp(&other.index) 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_out/main.c: -------------------------------------------------------------------------------- 1 | fn main () { 2 | int local_ch; 3 | unsigned int tmp; 4 | int local_8h; 5 | int local_4h; 6 | *((rsp - 8)) = rbp 7 | tmp = sym.imp.__isoc99_scanf(unknown, unknown, unknown, unknown, r8, r9) 8 | tmp = sym.imp.puts(unknown, unknown, unknown, unknown, unknown, unknown) 9 | if ((1 ^ ((((((local_ch as 64) | local_8h) & 4294967295) as 32) - 4) & 4294967295)) as 1) { 10 | goto addr_0x4005DB.0000 11 | } 12 | tmp = sym.imp.puts(unknown, unknown, unknown, unknown, unknown, unknown) 13 | if (!((1 ^ ((((((*((rsp - 12)) as 64) | local_4h) & 4294967295) as 32) - 4) & 4294967295)) as 1)) { 14 | goto addr_0x4005EC.0000 15 | } 16 | addr_0x4005EC.0000: 17 | if (!((1 ^ (((((((*((rsp - 16)) as 64) | (18446744069414584320 & unknown)) & 0) | ((((((((*((rsp - 16)) as 64) | local_8h) & 4294967295) as 32) * ((((*((rsp - 16)) as 64) | (18446744069414584320 & unknown)) & 4294967295) as 32)) as 64) | (((*((rsp - 16)) as 64) | local_8h) & 0)) + (((((((*((rsp - 20)) as 64) | local_ch) & 4294967295) as 32) * ((((*((rsp - 20)) as 64) | (18446744069414584320 & unknown)) & 4294967295) as 32)) as 64) | (((*((rsp - 20)) as 64) | (18446744069414584320 & unknown)) & 0)))) as 32) - ((((((((*((rsp - 12)) as 64) | ((((((((*((rsp - 16)) as 64) | local_8h) & 4294967295) as 32) * ((((*((rsp - 16)) as 64) | (18446744069414584320 & unknown)) & 4294967295) as 32)) as 64) | (((*((rsp - 16)) as 64) | local_8h) & 0)) & 18446744069414584320)) & 4294967295) as 32) * ((((*((rsp - 12)) as 64) | ((((((((*((rsp - 20)) as 64) | local_ch) & 4294967295) as 32) * ((((*((rsp - 20)) as 64) | (18446744069414584320 & unknown)) & 4294967295) as 32)) as 64) | (((*((rsp - 20)) as 64) | (18446744069414584320 & unknown)) & 0)) & 18446744069414584320)) & 4294967295) as 32)) as 64) | local_4h) as 32)) & 4294967295)) as 1)) { 18 | goto addr_0x40061F.0000 19 | } 20 | goto addr_0x40062E.0000 21 | addr_0x40061F.0000: 22 | tmp = sym.imp.puts(unknown, unknown, unknown, unknown, unknown, unknown) 23 | goto addr_0x40062E.0000 24 | tmp = sym.imp.puts(unknown, unknown, unknown, unknown, unknown, unknown) 25 | addr_0x40062E.0000: 26 | goto addr_0x40062E.0000 27 | addr_0x4005DB.0000: 28 | tmp = sym.imp.puts(unknown, unknown, unknown, unknown, unknown, unknown) 29 | } 30 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_insts_0x400510.json: -------------------------------------------------------------------------------- 1 | [{"esil":"6295624,eax,=,0xffffffff,rax,&=","offset":4195600,"opcode":"mov eax, 0x601048","type":"mov","size":5,"bytes":"b848106000"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195605,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295624,rax,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195606,"opcode":"sub rax, 0x601048","type":"sub","size":6,"bytes":"482d48106000"},{"esil":"0,cf,=,1,3,-,1,<<,rax,&,?{,1,cf,=,},3,rax,>>>>,rax,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195612,"opcode":"sar rax, 3","type":"sar","size":4,"bytes":"48c1f803"},{"esil":"rsp,rbp,=","offset":4195616,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"rax,rdx,=","offset":4195619,"opcode":"mov rdx, rax","type":"mov","size":3,"bytes":"4889c2"},{"esil":"0,cf,=,1,63,-,1,<<,rdx,&,?{,1,cf,=,},63,rdx,>>,rdx,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195622,"opcode":"shr rdx, 0x3f","type":"shr","size":4,"bytes":"48c1ea3f"},{"esil":"rdx,rax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195626,"opcode":"add rax, rdx","type":"add","size":3,"bytes":"4801d0"},{"esil":"0,cf,=,1,1,-,1,<<,rax,&,?{,1,cf,=,},1,rax,>>>>,rax,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195629,"opcode":"sar rax, 1","type":"sar","size":3,"bytes":"48d1f8"},{"esil":"zf,!,?{,4195636,rip,=,}","offset":4195632,"opcode":"jne 0x400534","type":"cjmp","size":2,"bytes":"7502"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195634,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195635,"opcode":"ret","type":"ret","size":1,"bytes":"c3"},{"esil":"0,edx,=,0xffffffff,rdx,&=","offset":4195636,"opcode":"mov edx, 0","type":"mov","size":5,"bytes":"ba00000000"},{"esil":"0,rdx,rdx,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195641,"opcode":"test rdx, rdx","type":"acmp","size":3,"bytes":"4885d2"},{"esil":"zf,?{,4195634,rip,=,}","offset":4195644,"opcode":"je 0x400532","type":"cjmp","size":2,"bytes":"74f4"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195646,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rax,rsi,=","offset":4195647,"opcode":"mov rsi, rax","type":"mov","size":3,"bytes":"4889c6"},{"esil":"6295624,edi,=,0xffffffff,rdi,&=","offset":4195650,"opcode":"mov edi, 0x601048","type":"mov","size":5,"bytes":"bf48106000"},{"esil":"rdx,rip,=","offset":4195655,"opcode":"jmp rdx","type":"ujmp","size":2,"bytes":"ffe2"}] -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/math/test.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | use super::{blcic, multiplicative_inverse, tzmsk}; 9 | 10 | fn confirm_multiplicative_inverse(a: u64, n: u64) { 11 | let x = multiplicative_inverse(a, n).unwrap(); 12 | assert!((a * x) % n == 1); 13 | } 14 | 15 | #[test] 16 | fn test_blcic() { 17 | assert_eq!(blcic(0x0000000000000000), 0x0000000000000001); 18 | assert_eq!(blcic(0x0000ffff0000ffff), 0x0000000000010000); 19 | assert_eq!(blcic(0x00000000ffff0000), 0x0000000000000001); 20 | assert_eq!(blcic(0xffffffffffffffff), 0x0000000000000000); 21 | } 22 | 23 | #[test] 24 | fn test_tzmsk() { 25 | assert_eq!(tzmsk(0x0000000000000000), 0xffffffffffffffff); 26 | assert_eq!(tzmsk(0x0000ffff0000ffff), 0x0000000000000000); 27 | assert_eq!(tzmsk(0x00000000ffff0000), 0x000000000000ffff); 28 | assert_eq!(tzmsk(0xffffffffffffffff), 0x0000000000000000); 29 | } 30 | 31 | fn test_multiplicative_inverse_recursively(depth: usize, m: u64, n: u64) { 32 | if n != 1 { 33 | confirm_multiplicative_inverse(m, n); 34 | confirm_multiplicative_inverse(n, m); 35 | } 36 | if depth > 0 { 37 | // See http://en.wikipedia. 38 | // org/wiki/Coprime_integers#Generating_all_coprime_pairs 39 | test_multiplicative_inverse_recursively(depth - 1, 2 * m - n, m); 40 | test_multiplicative_inverse_recursively(depth - 1, 2 * m + n, m); 41 | test_multiplicative_inverse_recursively(depth - 1, m + 2 * n, n); 42 | } 43 | } 44 | 45 | #[test] 46 | fn test_multiplicative_inverse() { 47 | test_multiplicative_inverse_recursively(3, 2, 1); 48 | test_multiplicative_inverse_recursively(3, 3, 1); 49 | } 50 | 51 | #[test] 52 | fn test_blcic_tzmsk_equiv() { 53 | for &i in &[0x0000000000000000, 54 | 0x00000000ffff0000, 55 | 0x0000ffff0000ffff, 56 | 0x0000ffffffffffff, 57 | 0xffff000000000000, 58 | 0xffff0000ffff0000, 59 | 0xffffffff0000ffff, 60 | 0xffffffffffffffff] { 61 | assert_eq!(blcic(!i), tzmsk(i).wrapping_add(1)); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_function_sym.register_tm_clones.json: -------------------------------------------------------------------------------- 1 | {"addr":4195600,"name":"sym.register_tm_clones","ops":[{"esil":"6295624,eax,=,0xffffffff,rax,&=","offset":4195600,"opcode":"mov eax, 0x601048","type":"mov","size":5,"bytes":"b848106000"},{"esil":"rbp,8,rsp,-=,rsp,=[8]","offset":4195605,"opcode":"push rbp","type":"upush","size":1,"bytes":"55"},{"esil":"6295624,rax,-=,$o,of,=,$s,sf,=,$z,zf,=,$p,pf,=,$b8,cf,=","offset":4195606,"opcode":"sub rax, 0x601048","type":"sub","size":6,"bytes":"482d48106000"},{"esil":"0,cf,=,1,3,-,1,<<,rax,&,?{,1,cf,=,},3,rax,>>>>,rax,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195612,"opcode":"sar rax, 3","type":"sar","size":4,"bytes":"48c1f803"},{"esil":"rsp,rbp,=","offset":4195616,"opcode":"mov rbp, rsp","type":"mov","size":3,"bytes":"4889e5"},{"esil":"rax,rdx,=","offset":4195619,"opcode":"mov rdx, rax","type":"mov","size":3,"bytes":"4889c2"},{"esil":"0,cf,=,1,63,-,1,<<,rdx,&,?{,1,cf,=,},63,rdx,>>,rdx,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195622,"opcode":"shr rdx, 0x3f","type":"shr","size":4,"bytes":"48c1ea3f"},{"esil":"rdx,rax,+=,$o,of,=,$s,sf,=,$z,zf,=,$c63,cf,=,$p,pf,=","offset":4195626,"opcode":"add rax, rdx","type":"add","size":3,"bytes":"4801d0"},{"esil":"0,cf,=,1,1,-,1,<<,rax,&,?{,1,cf,=,},1,rax,>>>>,rax,=,$z,zf,=,$p,pf,=,$s,sf,=","offset":4195629,"opcode":"sar rax, 1","type":"sar","size":3,"bytes":"48d1f8"},{"esil":"zf,!,?{,4195636,rip,=,}","offset":4195632,"opcode":"jne 0x400534","type":"cjmp","size":2,"bytes":"7502"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195634,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rsp,[8],rip,=,8,rsp,+=","offset":4195635,"opcode":"ret","type":"ret","size":1,"bytes":"c3"},{"esil":"0,edx,=,0xffffffff,rdx,&=","offset":4195636,"opcode":"mov edx, 0","type":"mov","size":5,"bytes":"ba00000000"},{"esil":"0,rdx,rdx,&,==,$z,zf,=,$p,pf,=,$s,sf,=,$0,cf,=,$0,of,=","offset":4195641,"opcode":"test rdx, rdx","type":"acmp","size":3,"bytes":"4885d2"},{"esil":"zf,?{,4195634,rip,=,}","offset":4195644,"opcode":"je 0x400532","type":"cjmp","size":2,"bytes":"74f4"},{"esil":"rsp,[8],rbp,=,8,rsp,+=","offset":4195646,"opcode":"pop rbp","type":"pop","size":1,"bytes":"5d"},{"esil":"rax,rsi,=","offset":4195647,"opcode":"mov rsi, rax","type":"mov","size":3,"bytes":"4889c6"},{"esil":"6295624,edi,=,0xffffffff,rdi,&=","offset":4195650,"opcode":"mov edi, 0x601048","type":"mov","size":5,"bytes":"bf48106000"},{"esil":"rdx,rip,=","offset":4195655,"opcode":"jmp rdx","type":"ujmp","size":2,"bytes":"ffe2"}],"size":57} -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_sections.json: -------------------------------------------------------------------------------- 1 | [{"flags":"----","name":"","paddr":0,"size":0,"vaddr":0,"vsize":0},{"flags":"-r--","name":".interp","paddr":568,"size":28,"vaddr":4194872,"vsize":28},{"flags":"-r--","name":".note.ABI_tag","paddr":596,"size":32,"vaddr":4194900,"vsize":32},{"flags":"-r--","name":".note.gnu.build_id","paddr":628,"size":36,"vaddr":4194932,"vsize":36},{"flags":"-r--","name":".gnu.hash","paddr":664,"size":28,"vaddr":4194968,"vsize":28},{"flags":"-r--","name":".dynsym","paddr":696,"size":120,"vaddr":4195000,"vsize":120},{"flags":"-r--","name":".dynstr","paddr":816,"size":86,"vaddr":4195120,"vsize":86},{"flags":"-r--","name":".gnu.version","paddr":902,"size":10,"vaddr":4195206,"vsize":10},{"flags":"-r--","name":".gnu.version_r","paddr":912,"size":48,"vaddr":4195216,"vsize":48},{"flags":"-r--","name":".rela.dyn","paddr":960,"size":24,"vaddr":4195264,"vsize":24},{"flags":"-r--","name":".rela.plt","paddr":984,"size":96,"vaddr":4195288,"vsize":96},{"flags":"-r-x","name":".init","paddr":1080,"size":26,"vaddr":4195384,"vsize":26},{"flags":"-r-x","name":".plt","paddr":1120,"size":80,"vaddr":4195424,"vsize":80},{"flags":"-r-x","name":".text","paddr":1200,"size":498,"vaddr":4195504,"vsize":498},{"flags":"-r-x","name":".fini","paddr":1700,"size":9,"vaddr":4196004,"vsize":9},{"flags":"-r--","name":".rodata","paddr":1712,"size":33,"vaddr":4196016,"vsize":33},{"flags":"-r--","name":".eh_frame_hdr","paddr":1748,"size":52,"vaddr":4196052,"vsize":52},{"flags":"-r--","name":".eh_frame","paddr":1800,"size":244,"vaddr":4196104,"vsize":244},{"flags":"-rw-","name":".init_array","paddr":3600,"size":8,"vaddr":6295056,"vsize":8},{"flags":"-rw-","name":".fini_array","paddr":3608,"size":8,"vaddr":6295064,"vsize":8},{"flags":"-rw-","name":".jcr","paddr":3616,"size":8,"vaddr":6295072,"vsize":8},{"flags":"-rw-","name":".dynamic","paddr":3624,"size":464,"vaddr":6295080,"vsize":464},{"flags":"-rw-","name":".got","paddr":4088,"size":8,"vaddr":6295544,"vsize":8},{"flags":"-rw-","name":".got.plt","paddr":4096,"size":56,"vaddr":6295552,"vsize":56},{"flags":"-rw-","name":".data","paddr":4152,"size":16,"vaddr":6295608,"vsize":16},{"flags":"-rw-","name":".bss","paddr":4168,"size":0,"vaddr":6295624,"vsize":8},{"flags":"----","name":".comment","paddr":4168,"size":36,"vaddr":0,"vsize":36},{"flags":"----","name":".shstrtab","paddr":4204,"size":264,"vaddr":0,"vsize":264},{"flags":"----","name":".symtab","paddr":6392,"size":1584,"vaddr":0,"vsize":1584},{"flags":"----","name":".strtab","paddr":7976,"size":591,"vaddr":0,"vsize":591}] -------------------------------------------------------------------------------- /radeco-lib/src/backend/x86/x86_idioms.rs: -------------------------------------------------------------------------------- 1 | //! This module contains common x86_64 idioms as grep and replace patterns 2 | //! which maybe used for further reduction of the SSA form. 3 | //! 4 | //! NOTE: This module is not stable. 5 | 6 | use crate::analysis::matcher::gmatch; 7 | use crate::middle::ssa::ssa_traits::{SSAMod, SSAWalk, SSA}; 8 | 9 | #[allow(dead_code)] 10 | mod patterns { 11 | pub const OF: &'static str = "(OpNarrow1 (OpEq (OpAnd (OpLsr (OpAnd (OpXor (OpNot %2), %3), \ 12 | (OpXor %1, %2)), #x3f), #x1), #x1))"; 13 | pub const PF: &'static str = "(OpNarrow1 (OpAnd (OpMod (OpAnd (OpMul (OpAnd %1, #xff), \ 14 | #x101010101010101), #x8040201008040201), #x1ff), #x1))"; 15 | pub const SF: &'static str = "(OpNarrow1 (OpLsr (OpSub %2, %3), (OpSub #x40, #x1)))"; 16 | pub const SF_32: &'static str = "(OpNarrow1 (OpLsr (OpSub %2, %3), (OpSub #x20, #x1)))"; 17 | pub const CF: &'static str = "(OpNarrow1 (OpGt %2, %1))"; 18 | pub const ZF: &'static str = 19 | "(OpNarrow1 (OpXor #x1, (OpAnd (OpSub %2, %3), #xffffffffffffffff)))"; 20 | pub const ZF_32: &'static str = "(OpNarrow1 (OpXor #x1, (OpAnd (OpSub %2, %3), #xffffffff)))"; 21 | pub const BF: &'static str = "(OpNarrow1 (OpLt %2, %1))"; 22 | 23 | pub const PATTERNS: &'static [(&'static str, &'static str)] = &[ 24 | ("(OpXor %1, %1)", "#x0"), 25 | ("(OpXor %1, #x0)", "%1"), 26 | ("(OpAnd %1, #x1)", "%1"), 27 | ("(OpAnd %1, #x0)", "#x0"), 28 | ("(OpOr %1, #x0)", "%1"), 29 | ("(OpOr %1, #x1)", "#x1"), 30 | ("(OpSub %1, %1)", "#x0"), 31 | ]; 32 | 33 | lazy_static! { 34 | pub static ref COMPARE_PATTERNS: Vec<(String, &'static str)> = { 35 | let mut v = Vec::new(); 36 | // LE - of,sf,^,zf,| 37 | v.push((format!("(OpOr {}, (OpXor {}, (OpNarrow1 #x0)))", ZF, SF), "(OpLt %2, %3)")); 38 | v.push((format!("(OpOr {}, (OpXor {}, #x0))", ZF_32, SF_32), "(OpLt %2, %3)")); 39 | v.push((format!("{}", ZF), "(OpEq %2, %3)")); 40 | v 41 | }; 42 | } 43 | } 44 | 45 | pub fn replace(ssa: &mut S) 46 | where 47 | I: Iterator, 48 | S: SSA + SSAMod + SSAWalk, 49 | { 50 | for pat in patterns::PATTERNS { 51 | grep_and_replace!(ssa, pat.0 => pat.1) 52 | } 53 | for &(ref find, replace) in patterns::COMPARE_PATTERNS.iter() { 54 | grep_and_replace!(ssa, find => replace) 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /rune/src/stream/mod.rs: -------------------------------------------------------------------------------- 1 | //! Defines traits that need to be implemented for a source to be considered as 2 | //! an `InstructionStream`. 3 | 4 | use std::fmt::Debug; 5 | use std::path; 6 | use std::collections::HashMap; 7 | use std::hash::Hash; 8 | use std::io::prelude::*; 9 | use std::fs::File; 10 | 11 | use rustc_serialize::{Decodable}; 12 | use rustc_serialize::json; 13 | 14 | use r2pipe::r2::R2; 15 | use r2api::structs::LOpInfo; 16 | use r2api::api_trait::R2Api; 17 | 18 | pub trait InstructionStream { 19 | type Output: Debug + Clone; 20 | type Index: Debug + Clone; 21 | 22 | fn new() -> Self; 23 | fn at(&mut self, _: Self::Index) -> Option; 24 | } 25 | 26 | 27 | impl InstructionStream for R2 { 28 | type Output = LOpInfo; 29 | type Index = u64; 30 | 31 | fn new() -> R2 { 32 | R2::new::<&str>(None).expect("Unable to open R2") 33 | } 34 | 35 | fn at(&mut self, addr: u64) -> Option { 36 | let addr_ = format!("{}", addr); 37 | Some(self.insts(Some(1), Some(&addr_)).unwrap()[0].clone()) 38 | } 39 | } 40 | 41 | // InstructionStream that reads and provides instructions from files. 42 | // This is useful for tests, debug and other smaller applications. 43 | // Maintains a HashMap from address to LOpInfo that it should provide 44 | // when asked for that address. 45 | #[derive(Clone, Debug, RustcDecodable, Default)] 46 | pub struct FileStream 47 | where I: Debug + Clone + Decodable + Hash + PartialEq + Eq, 48 | Op: Debug + Clone + Decodable 49 | { 50 | insts: HashMap, 51 | } 52 | 53 | 54 | impl FileStream 55 | where I: Debug + Clone + Decodable + Hash + PartialEq + Eq, 56 | Op: Debug + Clone + Decodable 57 | { 58 | pub fn load>(&mut self, fname: T) { 59 | let mut f = File::open(fname).expect("Failed to open file"); 60 | let mut s = String::new(); 61 | f.read_to_string(&mut s).expect("Failed to read from file"); 62 | self.insts = json::decode(&s).expect("Failed to decode json"); 63 | } 64 | } 65 | 66 | impl InstructionStream for FileStream 67 | where I: Debug + Clone + Decodable + Hash + PartialEq + Eq, 68 | Op: Debug + Clone + Decodable { 69 | type Output = Op; 70 | type Index = I; 71 | 72 | fn new() -> FileStream { 73 | FileStream { insts: HashMap::new() } 74 | } 75 | 76 | fn at(&mut self, addr: I) -> Option { 77 | self.insts.get(&addr).cloned() 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /arch-rs/src/arch/arch.rs: -------------------------------------------------------------------------------- 1 | //! Defines `Architecture` trait. 2 | 3 | use r2api::structs::Endian; 4 | 5 | use crate::cc::calling_convention::*; 6 | use crate::regfile::regfile::*; 7 | 8 | /// Defines a generic trait which all architectures have to implement, 9 | /// over and above their own specifics 10 | pub trait Architecture { 11 | /// Calling Convention to be used for this Architecture 12 | type CC: CallingConvention + Clone; 13 | type RF: RegisterFile + Clone; 14 | 15 | ///////////////// 16 | //// Getters //// 17 | ///////////////// 18 | 19 | /// Get architecture name 20 | fn name(&self) -> Option<&String>; 21 | 22 | /// Get memory Endianness of the architecture. 23 | /// Option is Endian::Big or Endian::Little 24 | fn endianness(&self) -> Option; 25 | 26 | /// Get word length for instructions in number of bits 27 | fn word_length(&self) -> Option; 28 | 29 | /// Get size of an integer variable on the processor architecture 30 | fn int_size(&self) -> Option; 31 | 32 | /// Get size of long variable on the processor architectire 33 | fn long_size(&self) -> Option; 34 | 35 | /// Return instance of calling convention used for the implementation 36 | fn calling_convention(&self) -> Option; 37 | 38 | /// Return instance of register file used for this implementation 39 | fn register_file(&self) -> Option; 40 | 41 | ///////////////// 42 | //// Setters //// 43 | ///////////////// 44 | 45 | /// Get architecture name 46 | fn set_name(&mut self, _: String); 47 | 48 | /// Set memory Endianness of the architecture 49 | fn set_endianness(&mut self, _: Endian); 50 | 51 | /// Get word length for instructions in number of bits 52 | fn set_word_length(&mut self, _: u32); 53 | 54 | /// Get size of an integer variable on the processor architecture 55 | fn set_int_size(&mut self, _: u32); 56 | 57 | /// Get size of long variable on the processor architectire 58 | fn set_long_size(&mut self, _: u32); 59 | 60 | /// Return instance of calling convention used for the implementation 61 | fn set_calling_convention(&mut self, _: Self::CC); 62 | 63 | /// Return instance of register file used for this implementation 64 | fn set_register_file(&mut self, _: Self::RF); 65 | 66 | /* TODO: Possible additions(as taken from various sources): 67 | * Function prologues 68 | * Function epilogues 69 | * Ret instruction 70 | * Nop instruction 71 | */ 72 | } 73 | -------------------------------------------------------------------------------- /radeco-lib/src/middle/ssa/utils.rs: -------------------------------------------------------------------------------- 1 | //! A few utility functions for working with an [`SSAStorage`]. 2 | 3 | use crate::middle::regfile::{RegisterId, RegisterMap}; 4 | use crate::middle::ssa::ssa_traits::ValueInfo; 5 | use crate::middle::ssa::ssastorage::{EdgeData, SSAStorage}; 6 | 7 | use petgraph::prelude::*; 8 | 9 | /// Structured information about a call. 10 | pub struct CallInfo { 11 | /// Call target. 12 | pub target: NodeIndex, 13 | /// Value of every register that is passed as an argument. 14 | pub register_args: RegisterMap, 15 | } 16 | 17 | /// Extracts the call target and the value of all argument registers. 18 | /// Returns `None` if the call doesn't have a target operand. 19 | pub fn call_info(call_node: NodeIndex, ssa: &SSAStorage) -> Option { 20 | let mut tgt_opt = None; 21 | let mut register_args = ssa.regfile.new_register_map(); 22 | 23 | for edge_ref in ssa.g.edges_directed(call_node, Outgoing) { 24 | if let &EdgeData::Data(op_idx) = edge_ref.weight() { 25 | if op_idx == 0 { 26 | tgt_opt = Some(edge_ref.target()); 27 | } else { 28 | register_args.insert(RegisterId::from_u8(op_idx - 1), edge_ref.target()); 29 | } 30 | } 31 | } 32 | tgt_opt.map(|target| CallInfo { 33 | target, 34 | register_args, 35 | }) 36 | } 37 | 38 | /// Extracts the values of all registers modified by a call. 39 | pub fn call_rets(call_node: NodeIndex, ssa: &SSAStorage) -> RegisterMap<(NodeIndex, ValueInfo)> { 40 | let mut ret = ssa.regfile.new_register_map(); 41 | for edge_ref in ssa.g.edges_directed(call_node, Incoming) { 42 | if let (&EdgeData::Data(idx), Some(&vt)) = 43 | (edge_ref.weight(), ssa.g[edge_ref.source()].valueinfo()) 44 | { 45 | ret.insert(RegisterId::from_u8(idx), (edge_ref.source(), vt)); 46 | } 47 | } 48 | ret 49 | } 50 | 51 | /// Extracts the value of all registers at a `RegisterState` SSA node. 52 | pub fn register_state_info( 53 | regstate_node: NodeIndex, 54 | ssa: &SSAStorage, 55 | ) -> RegisterMap<(NodeIndex, ValueInfo)> { 56 | let mut ret = ssa.regfile.new_register_map(); 57 | for edge_ref in ssa.g.edges_directed(regstate_node, Outgoing) { 58 | if let (&EdgeData::Data(op_idx), Some(&vt)) = 59 | (edge_ref.weight(), ssa.g[edge_ref.target()].valueinfo()) 60 | { 61 | ret.insert(RegisterId::from_u8(op_idx), (edge_ref.target(), vt)); 62 | } 63 | } 64 | ret 65 | } 66 | -------------------------------------------------------------------------------- /esil-rs/README.md: -------------------------------------------------------------------------------- 1 | # esil.rs 2 | [![Build Status](https://travis-ci.org/radareorg/esil-rs.svg)](https://travis-ci.org/radareorg/esil-rs) 3 | [![Build status](https://ci.appveyor.com/api/projects/status/7mawhhr97nhb17vs?svg=true)](https://ci.appveyor.com/project/radare/esil-rs) 4 | [![Coverage Status](https://coveralls.io/repos/github/radare/esil-rs/badge.svg?branch=master)](https://coveralls.io/github/radare/esil-rs?branch=master) 5 | 6 | An ESIL Toolchain written in rust. For more information on ESIL, its usage and 7 | semantics, please check [documentation](https://github.com/radare/radare2book/blob/master/disassembling/esil.md). 8 | 9 | ## Design 10 | 11 | This repository is mainly divided into three modules. With very specific 12 | function for each. The ideal end-goal is to be able to use ESIL for a specific 13 | purpose by implementing only a particular component and reuse every other. 14 | Below is the outline for the same. 15 | 16 | - lexer.rs: Used to break up input ESIL string into `Tokens`. If ESIL is the 17 | `Input` Language of your choice, then this lexer can be reused. A new lexer 18 | has to be written only if the input language is something other than ESIL. 19 | 20 | - parser.rs: Used to parse the `Tokens` generated by the lexer. The `InType` 21 | of `Parse` should match the `Token` type for `Tokenize`. As long as your 22 | lexer outputs `Tokens` (as defined in lexer.rs), this component can be 23 | reused to process the tokens that your lexer produces. The parser does not 24 | work as a standalone as a standalone and is to be embeded into an 25 | `Evaluator`. The parser does most of the heavy work in translating ESIL, 26 | leaving the `Evaluator` to only evaluate the Tokens that it returns to it. 27 | 28 | - evaluator: The evaluator is the most interesting part of all. The evaluator 29 | can be anything from an ESIL-VM, to a ESIL to REIL converter, Symbolic 30 | Execution engine etc. It is upto the evaluator to decide what to do with the 31 | tokens that are returned by the parser. The implementation of the evaluator 32 | depends on the use case. Usually, this is the only component that is to be 33 | implemented when using ESIL for any analysis. 34 | 35 | (TODO) To see a sample usage of an evaluator, check vm.rs or radeco-lib 36 | 37 | 38 | ## Todo 39 | 40 | * Default Evaluator (ESIL-VM) implementation 41 | * More usage examples and auto-documentation 42 | 43 | ## License 44 | 45 | The code in this repository is licensed under the 3-clause BSD. Check 46 | [LICENSE](https://github.com/sushant94/esil-rs/blob/master/LICENSE) for a copy of the same. 47 | -------------------------------------------------------------------------------- /radeco/src/cli.rs: -------------------------------------------------------------------------------- 1 | use clap::{App, Arg}; 2 | use std::process; 3 | 4 | use super::MAX_ITERATIONS; 5 | 6 | pub fn parse_args() -> (Option, Option, bool, bool, bool, u32) { 7 | let vs = env!("VERSION_STR"); 8 | let matches = App::new("radeco") 9 | .version(vs) 10 | .arg(Arg::with_name("BIN").help("Binary to load").required(false)) 11 | .arg( 12 | Arg::with_name("command") 13 | .help("Run a custom command in batch mode") 14 | .short("c") 15 | .long("command") 16 | .required(false) 17 | .takes_value(true), 18 | ) 19 | .arg( 20 | Arg::with_name("max-iterations") 21 | .help("Max number of iterations of the engine") 22 | .short("i") 23 | .long("max-iterations") 24 | .required(false) 25 | .takes_value(true), 26 | ) 27 | .arg(Arg::from_usage( 28 | "-a --append 'Append separator to the end of every output.'", 29 | )) 30 | .arg(Arg::from_usage("-b --batch 'Decompile the whole binary'")) 31 | .arg(Arg::from_usage( 32 | "-l --no-highlight 'Disable syntax highlight on output'", 33 | )) 34 | .get_matches(); 35 | let is_append = matches.is_present("append"); 36 | let is_batch = matches.is_present("batch"); 37 | let no_highlight = matches.is_present("no-highlight"); 38 | let bin = matches.value_of("BIN").map(|s| s.to_string()); 39 | let command = matches.value_of("command").map(|s| s.to_string()); 40 | 41 | if is_batch && bin.is_none() { 42 | eprintln!("Pass a binary for batch mode"); 43 | process::exit(0); 44 | } 45 | if command.is_some() && !is_batch { 46 | eprintln!("Passed a command in interactive mode"); 47 | process::exit(0); 48 | } 49 | let max_it = match matches.value_of("max-iterations") { 50 | Some(s) => { 51 | // TODO -> Implement error management. 52 | match u32::from_str_radix(s.trim(), 10) { 53 | Ok(max_it) => max_it, 54 | Err(_) => { 55 | eprintln!("max-iterations must be a deciamal number"); 56 | process::exit(0); 57 | } 58 | } 59 | } 60 | None => MAX_ITERATIONS, 61 | }; 62 | 63 | if max_it == 0 { 64 | eprintln!("max-iterations can't be zero"); 65 | process::exit(0); 66 | } 67 | 68 | (bin, command, is_append, is_batch, no_highlight, max_it) 69 | } 70 | -------------------------------------------------------------------------------- /.appveyor.yml: -------------------------------------------------------------------------------- 1 | clone_depth: 1 2 | 3 | branches: 4 | only: 5 | - master 6 | 7 | environment: 8 | LLVM_VERSION: 9.0.1 9 | PLATFORM: x64 10 | matrix: 11 | # Allow failure for stable channel because 12 | # some used Rust features are not available yet 13 | #allow_failures: 14 | # - channel: stable 15 | # target: i686-pc-windows-msvc 16 | # - channel: stable 17 | # target: x86_64-pc-windows-msvc 18 | # - channel: stable 19 | # target: i686-pc-windows-gnu 20 | # - channel: stable 21 | # target: x86_64-pc-windows-gnu 22 | #- channel: beta 23 | # target: i686-pc-windows-msvc 24 | #- channel: beta 25 | # target: x86_64-pc-windows-msvc 26 | - channel: nightly 27 | target: i686-pc-windows-msvc 28 | type: msvc 29 | - channel: nightly 30 | target: x86_64-pc-windows-msvc 31 | type: msvc 32 | 33 | #- channel: beta 34 | # target: i686-pc-windows-gnu 35 | #- channel: beta 36 | # target: x86_64-pc-windows-gnu 37 | - channel: nightly 38 | target: i686-pc-windows-gnu 39 | type: gnu 40 | - channel: nightly 41 | target: x86_64-pc-windows-gnu 42 | type: gnu 43 | 44 | install: 45 | - if %PLATFORM% == x86 (set RUST_PLATFORM=i686&set MINGW_BITS=32) else (set RUST_PLATFORM=x86_64&set MINGW_BITS=64) 46 | - ps: >- 47 | If ($env:target -eq 'x86_64-pc-windows-gnu') { 48 | $env:PATH += ';C:\msys64\mingw64\bin' 49 | } ElseIf ($env:target -eq 'i686-pc-windows-gnu') { 50 | $env:PATH += ';C:\msys64\mingw32\bin' 51 | } 52 | - appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe 53 | - rustup-init -yv --default-toolchain %channel% --default-host %target% 54 | - set PATH=%PATH%;%USERPROFILE%\.cargo\bin 55 | - rustc -vV 56 | - cargo -vV 57 | # Install LLVM for GNU 58 | - if %type%==gnu set PATH=C:\msys64\mingw%MINGW_BITS%\bin;C:\msys64\usr\bin;%PATH% 59 | - if %type%==gnu set "MINGW_URL=http://repo.msys2.org/mingw/%RUST_PLATFORM%/mingw-w64-%RUST_PLATFORM%" 60 | - if %type%==gnu set "URL_VER=%LLVM_VERSION%-1-any.pkg.tar.xz" 61 | - if %type%==gnu bash -lc "pacman -U --noconfirm $MINGW_URL-clang-$URL_VER $MINGW_URL-llvm-$URL_VER" 62 | - if %type%==gnu bash -lc "clang --version" 63 | # Use preinstalled LLVM for MSVC 64 | - if %type%==msvc set PATH=%PATH%;C:\Program Files\LLVM\bin 65 | - if %type%==msvc where clang 66 | - if %type%==msvc clang --version 67 | 68 | build_script: 69 | - cargo build -vv 70 | test_script: 71 | - cargo test -vv 72 | deploy: off 73 | -------------------------------------------------------------------------------- /rune/src/memory/qword_mem.rs: -------------------------------------------------------------------------------- 1 | use petgraph::graph::NodeIndex; 2 | 3 | use libsmt::backends::smtlib2::{SMTLib2}; 4 | use libsmt::backends::backend::SMTBackend; 5 | use libsmt::logics::qf_abv; 6 | use libsmt::theories::{array_ex, bitvec, core}; 7 | use r2api::structs::Endian; 8 | 9 | use crate::memory::memory::Memory; 10 | 11 | // Not using address_width/endianness 12 | #[derive(Clone, Debug)] 13 | pub struct QWordMemory { 14 | map: Option, 15 | address_width: usize, 16 | endian: Endian, 17 | } 18 | 19 | impl Memory for QWordMemory { 20 | type VarRef = NodeIndex; 21 | 22 | fn new(address_width: usize, endian: Endian) -> QWordMemory { 23 | QWordMemory { 24 | map: None, 25 | address_width: address_width, 26 | endian: endian, 27 | } 28 | } 29 | 30 | fn init_memory(&mut self, solver: &mut SMTLib2) { 31 | let bv_array = qf_abv::array_sort(qf_abv::bv_sort(64), 32 | qf_abv::bv_sort(64)); 33 | let idx_ = solver.new_var(Some("mem"), bv_array); 34 | // Set memory to all 0s 35 | let arr_const_ty = qf_abv::array_const(qf_abv::bv_sort(64), 36 | qf_abv::bv_sort(64), 37 | bitvec::OpCodes::Const(0, 64)); 38 | 39 | let const_0 = solver.new_const(arr_const_ty); 40 | solver.assert(core::OpCodes::Cmp, &[idx_, const_0]); 41 | self.map = Some(idx_); 42 | } 43 | 44 | fn read(&mut self, 45 | addr: NodeIndex, 46 | read_size: usize, 47 | solver: &mut SMTLib2) 48 | -> NodeIndex { 49 | if self.map.is_none() { 50 | self.init_memory(solver); 51 | } 52 | let mem = self.map.unwrap(); 53 | let idx = solver.assert(array_ex::OpCodes::Select, &[mem, addr]); 54 | if read_size < 64 { 55 | solver.assert(bitvec::OpCodes::Extract((read_size - 1) as u64, 1), &[idx]) 56 | } else { 57 | idx 58 | } 59 | } 60 | 61 | fn write(&mut self, 62 | addr: NodeIndex, 63 | data: NodeIndex, 64 | _write_size: usize, 65 | solver: &mut SMTLib2) { 66 | if self.map.is_none() { 67 | self.init_memory(solver); 68 | } 69 | 70 | let mem = self.map.unwrap(); 71 | let new_mem = solver.assert(array_ex::OpCodes::Store, &[mem, addr, data]); 72 | self.map = Some(new_mem); 73 | } 74 | } 75 | 76 | -------------------------------------------------------------------------------- /rune/README.md: -------------------------------------------------------------------------------- 1 | # rune - symbolic execution for everyone 2 | 3 | rune is a symbolic execution engine over ESIL. Integrated with radare2 for 4 | your everyday use! 5 | 6 | rune is extensible and customizable. Almost every component in rune 7 | can have multiple implementations (each with their own tradeoffs) and still be 8 | compatible with the existing system. 9 | 10 | At the moment, rune is not designed to be run on an entire binary, rather it 11 | is used to reason about smaller pieces of code iteratively and assist in 12 | reverse engineering tasks. If you need something that can be run on an entire 13 | binary automatically, you are better off other symbolic execution engines, 14 | such as [angr](https://github.com/angr/angr). 15 | 16 | __Warning__: rune is under heavy development and the API is highly unstable. 17 | However, feel free to use rune as any comments, suggestions and feedbacks are 18 | highly valued at this stage of the project! 19 | 20 | __NOTE__: I am actively collecting suggestions for changes to the API. Please 21 | open issues for the same. 22 | 23 | ## Asciinema 24 | [![asciicast](https://asciinema.org/a/1zvz0s5wpm2gx38hp5tw6za4m.png)](https://asciinema.org/a/1zvz0s5wpm2gx38hp5tw6za4m) 25 | 26 | ## Installing 27 | Requires: 28 | * Standard rust toolchain. This should work with stable, but nightly is 29 | recommended 30 | * Latest build of [radare2](https://github.com/radare/radare2) 31 | 32 | Clone this repository. Then run 33 | `cargo build` 34 | 35 | Cargo automatically fetches the required dependencies required for this 36 | project. To use runec, it is recommended to make a symlink to 37 | ./target/debug/runec 38 | 39 | `ln -s ./target/debug/runec /usr/bin/runec` 40 | 41 | ## Examples 42 | TODO 43 | 44 | ## Documentation 45 | Documentation will be available (shortly) at: [docs]() 46 | 47 | ## Contributing 48 | Contributing in terms of suggestions, bug-reports, blog posts and most importantly pull 49 | requests are greatly appreciated. Unless otherwise requested by the authors, 50 | all code will be dual-licensed under MIT and Apache Version 2.0, 51 | 52 | To make reviews easier please ensure that the code adhers to the standard 53 | rust style of coding. 54 | 55 | ## Project Milestones and Roadmap 56 | Please check the [Issues](https://github.com/sushant94/rune/issues) 57 | 58 | ## License 59 | 60 | rune is dual-licensed under: 61 | * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) 62 | * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) 63 | 64 | Use under either one of the above listed licenses is acceptable. 65 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/sintrange.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | use super::{KnownBits, ScannableSet, SIntRange, UIntMultiple, UIntRange, ValueSet}; 9 | use std::cmp::{max, min}; 10 | use std::ops::{BitAnd, BitOr}; 11 | 12 | impl ValueSet for SIntRange { 13 | fn contains(&self, value: u64) -> bool { 14 | (self.min <= (value as i64)) && ((value as i64) <= self.max) 15 | } 16 | } 17 | 18 | impl ScannableSet for SIntRange { 19 | fn scan_up(&self, n: u64) -> Option { 20 | //let io = self.modulus - self.residue; 21 | //if n > U64MAX - io { 22 | // return Option::None; 23 | //} 24 | //let t = (n + io) % self.modulus; 25 | //Option::Some(if t == 0 { 26 | // n 27 | //} else { 28 | // n + (self.modulus - t) 29 | //}) 30 | if self.contains(n + 1) { 31 | Some(n + 1) 32 | } else { 33 | None 34 | } 35 | } 36 | fn scan_dn(&self, n: u64) -> Option { 37 | //if n < self.residue { 38 | // return Option::None; 39 | //} 40 | //Option::Some(n - (n - self.residue) % self.modulus) 41 | if self.contains(n - 1) { 42 | Some(n - 1) 43 | } else { 44 | None 45 | } 46 | } 47 | } 48 | 49 | /// A value set that includes all i64 values between a minimum and a maximum 50 | impl SIntRange { 51 | // TODO 52 | fn as_knownbits(&self) -> KnownBits { 53 | KnownBits { 54 | zerobits: 0, 55 | onebits: 0, 56 | } 57 | } 58 | fn as_umultiple(&self) -> UIntMultiple { 59 | UIntMultiple { 60 | modulus: 0, 61 | residue: 0, 62 | } 63 | } 64 | fn as_urange(&self) -> UIntRange { 65 | UIntRange { min: 0, max: 0 } 66 | } 67 | } 68 | 69 | impl<'a, 'b> BitAnd<&'a SIntRange> for &'b SIntRange { 70 | type Output = SIntRange; 71 | 72 | fn bitand(self, rhs: &SIntRange) -> SIntRange { 73 | SIntRange { 74 | min: max(self.min, rhs.min), 75 | max: min(self.max, rhs.max), 76 | } 77 | } 78 | } 79 | 80 | impl<'a, 'b> BitOr<&'a SIntRange> for &'b SIntRange { 81 | type Output = SIntRange; 82 | 83 | fn bitor(self, rhs: &SIntRange) -> SIntRange { 84 | SIntRange { 85 | min: min(self.min, rhs.min), 86 | max: max(self.max, rhs.max), 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /radeco-lib/src/middle/ssa/ssaquote.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | // Eventually we want to specifiy replacements like this 9 | // Add(x, Neg(y)) -> Sub(x, y) 10 | // Sub(x, x) -> 0 11 | // 12 | // This file contains the datastructures to hold fragments like "Add(x, Neg(y))" 13 | // 14 | // variables = ["x", "y"] 15 | // nodes = [ 16 | // /*0*/ varindex=0 pattern=Any 17 | // /*1*/ varindex=1 pattern=Any 18 | // /*2*/ varindex=_ pattern=Op1(Neg, 1) 19 | // /*3*/ varindex=_ pattern=Op2(Add, 0, 1) 20 | // ] 21 | 22 | use middle::ir; 23 | use super::ssa_traits::{SSA, SSAMod}; 24 | 25 | struct Variable { 26 | name: String, 27 | } 28 | 29 | type Ref = u16; 30 | 31 | enum Pattern { 32 | Any, 33 | Const(u8), 34 | ConstAny, 35 | Op0(ir::MOpcode), 36 | Op1(ir::MOpcode, Ref), 37 | Op2(ir::MOpcode, Ref, Ref), 38 | } 39 | 40 | struct Node { 41 | varindex: u8, 42 | pattern: Pattern 43 | } 44 | 45 | struct SSAQuote { 46 | variables: Vec, 47 | nodes: Vec, // contains the quoted trees in postorder 48 | } 49 | 50 | trait Binding { 51 | fn get_valueref(&self, &SSA, &Variable) -> SSA::ValueRef; 52 | fn get_value(&self, &SSA, &Variable) -> u64; 53 | fn set_valueref(&mut self, &SSA, &Variable, SSA::ValueRef); 54 | fn set_value(&mut self, &SSA, &Variable, u64); 55 | } 56 | 57 | impl SSAQuote { 58 | fn insert_into(&self, ssa: &mut SSAMod, block: T::ActionRef, binding: &Binding) { 59 | let mut indices = Vec::with_capacity(self.nodes.len()); 60 | for node in &self.nodes { 61 | let i = match node.pattern { 62 | Any => binding.get_valueref(ssa, &self.variables[node.varindex]), 63 | Const(n) => ssa.add_const(block, n), 64 | ConstAny => ssa.add_const(block, binding.get_value(ssa, &self.variables[node.varindex])), 65 | Op0(op) => ssa.add_op(block, op), 66 | Op1(op, op1r) => { 67 | let n = ssa.add_op(block, op); 68 | ssa.op_use(n, 0, indices[op1r as usize]); 69 | n 70 | }, 71 | Op2(op, op1r, op2r) => { 72 | let n = ssa.add_op(block, op); 73 | ssa.op_use(n, 0, indices[op1r as usize]); 74 | ssa.op_use(n, 1, indices[op2r as usize]); 75 | n 76 | }, 77 | }; 78 | indices.push(i); 79 | } 80 | } 81 | 82 | fn extract_from(&self, ssa: &SSA, binding: &mut Binding) { 83 | unimplemented!(); 84 | //for node in reverse &self.nodes 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/inst_combine/combine_rules.rs: -------------------------------------------------------------------------------- 1 | use super::CombinableOpConstInfo as COCI; 2 | use super::CombinableOpInfo as COI; 3 | use crate::middle::ir::MOpcode::*; 4 | 5 | macro_rules! gen_rules { 6 | ( 7 | . -> $sub_opinfo:ident -> $cur_opinfo:ident 8 | { 9 | $( $lhs:tt => $rhs:tt ; )* 10 | } 11 | ) => { 12 | match ((0, $sub_opinfo), $cur_opinfo) { 13 | $( gen_rules!(@genlhs $lhs) => gen_rules!(@genrhs $rhs) , )* 14 | _ => None, 15 | } 16 | }; 17 | 18 | (@genlhs .) 19 | => {_}; 20 | (@genlhs ($sub:tt $op:tt $c:ident)) 21 | => { (gen_rules!(@genlhs $sub), &COI(gen_rules!(@opcode $op), COCI::Right($c))) }; 22 | (@genlhs ($c:ident $op:tt $sub:tt)) 23 | => { (gen_rules!(@genlhs $sub), &COI(gen_rules!(@opcode $op), COCI::Left($c))) }; 24 | 25 | (@genrhs (. $op:tt $sub:tt)) 26 | => { Some(COI(gen_rules!(@opcode $op), COCI::Right(gen_rules!(@geneval $sub)))) }; 27 | (@genrhs ($sub:tt $op:tt .)) 28 | => { Some(COI(gen_rules!(@opcode $op), COCI::Left(gen_rules!(@geneval $sub)))) }; 29 | 30 | (@geneval ($l:ident $op:tt $r:ident)) 31 | => { gen_rules!(@opcode $op).eval_binop($l, $r).unwrap() }; 32 | 33 | (@opcode +) => (OpAdd); 34 | (@opcode -) => (OpSub); 35 | (@opcode &) => (OpAnd); 36 | (@opcode |) => (OpOr); 37 | (@opcode ^) => (OpXor); 38 | } 39 | 40 | pub(super) fn combine_opinfo(cur_opinfo: &COI, sub_opinfo: &COI) -> Option { 41 | // try to keep put the const on the left like `ssasort` does 42 | gen_rules! { 43 | . -> sub_opinfo -> cur_opinfo 44 | { 45 | // add/add 46 | ((.+a)+b) => ((a+b)+.); 47 | ((a+.)+b) => ((a+b)+.); 48 | (b+(.+a)) => ((a+b)+.); 49 | (b+(a+.)) => ((a+b)+.); 50 | // add/sub 51 | ((.+a)-b) => ((a-b)+.); 52 | ((a+.)-b) => ((a-b)+.); 53 | (b-(.+a)) => ((b-a)-.); 54 | (b-(a+.)) => ((b-a)-.); 55 | // sub/add 56 | ((.-a)+b) => ((b-a)+.); 57 | ((a-.)+b) => ((b+a)-.); 58 | (b+(.-a)) => ((b-a)+.); 59 | (b+(a-.)) => ((b+a)-.); 60 | // sub/sub 61 | ((.-a)-b) => (.-(a+b)); 62 | ((a-.)-b) => ((a-b)-.); 63 | (b-(.-a)) => ((b+a)-.); 64 | (b-(a-.)) => ((b-a)+.); 65 | // and/and 66 | ((.&a)&b) => ((a&b)&.); 67 | ((a&.)&b) => ((a&b)&.); 68 | (b&(.&a)) => ((a&b)&.); 69 | (b&(a&.)) => ((a&b)&.); 70 | // or/or 71 | ((.|a)|b) => ((a|b)|.); 72 | ((a|.)|b) => ((a|b)|.); 73 | (b|(.|a)) => ((a|b)|.); 74 | (b|(a|.)) => ((a|b)|.); 75 | // xor/xor 76 | ((.^a)^b) => ((a^b)^.); 77 | ((a^.)^b) => ((a^b)^.); 78 | (b^(.^a)) => ((a^b)^.); 79 | (b^(a^.)) => ((a^b)^.); 80 | } 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Radeco 2 | 3 | [![Appveyor Status](https://ci.appveyor.com/api/projects/status/t8dujay25g31sxia?svg=true)](https://ci.appveyor.com/project/radare/radeco-lib-8ycg0) 4 | [![Build Status](https://travis-ci.org/radareorg/radeco.svg?branch=master)](https://travis-ci.org/radareorg/radeco) 5 | [![Coverage Status](https://coveralls.io/repos/github/radare/radeco-lib/badge.svg?branch=master)](https://coveralls.io/github/radare/radeco-lib?branch=master) 6 | 7 | A radare2 based binary analysis framework consisting from the Radeco client, in `./radeco/` directory, `./radeco-lib/` - library where whole high-level logic is located, `./arch-rs/` to abstract the architectures intricacies, `./esil-rs/` to parse the radare2 ESIL, and `./rune/` to perform symbolic execution on top of ESIL. Radeco uses its own intermediate representation, 8 | which also has a text representation - RadecoIL. 9 | 10 | ### Is this ready yet? 11 | 12 | Nope. There is still a ton of work to do before this can be considered ready. 13 | That said, parts of the library are already stable enough to write your own 14 | analysis passes and use in your projects. 15 | 16 | ## Usage 17 | 18 | Build like a regular rust project, using cargo: 19 | 20 | `cargo build` 21 | 22 | To include in your rust project, add to Cargo.toml: 23 | 24 | ``` 25 | [dependencies.radeco-lib] 26 | git = "https://github.com/radare/radeco" 27 | ``` 28 | 29 | See examples for usage. 30 | 31 | ### Trace Log 32 | 33 | To debug, you may want to enable trace output from various parts of radeco. 34 | Build with `trace_log` feature to enable this: 35 | 36 | `cargo build --features 'trace_log'` 37 | 38 | 39 | ### Profiling 40 | 41 | Requires [gperftools ](https://github.com/gperftools/gperftools). Check the 42 | [cpuprofiler](https://github.com/AtheMathmo/cpuprofiler) repository for more details. 43 | 44 | To enable profiling, build with `profile` feature: 45 | 46 | `cargo build --features 'profiler'` 47 | 48 | Wrap the code you want to profile with: 49 | 50 | ```rust 51 | use cpuprofiler::PROFILER; 52 | 53 | PROFILER.lock().unwrap().start("./my-prof.profile").unwrap(); 54 | // Code you want to sample goes here! 55 | PROFILER.lock().unwrap().stop().unwrap(); 56 | ``` 57 | 58 | ## Radeco-lib project layout 59 | 60 | ``` 61 | src/ 62 | ├── analysis/ Analyzers on SSA form Radeco-IR 63 | ├── backend/ Analyzers on C-pseudo code 64 | │   ├── ctrl_flow_struct/ Implementation of `No More Gotos` 65 | │   └── lang_c/ Coverter of C-pseudo code from RadecoFunction 66 | ├── frontend/ Loaders of RadecoFunction, RadecoProject 67 | ├── middle/ Constructer, writer, parser of Radeco-IR 68 | │   ├── regfile/ Profile of registers 69 | │   └── ssa/ SSA form of Radeco-IR 70 | └── utils/ Logger, etc 71 | ``` 72 | 73 | ## License 74 | Licensed under The BSD 3-Clause License. Please check [COPYING](https://github.com/radare/radeco-lib/blob/master/COPYING) file for 75 | complete license. 76 | -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_fn_info.json: -------------------------------------------------------------------------------- 1 | [{"callrefs":[{"addr":4195296,"type":"C","at":4195232}],"calltype":"amd64","codexrefs":[],"datarefs":[6293728],"dataxrefs":[],"name":"sym._init","offset":4195216,"realsz":26,"size":26,"type":"sym","locals":[]},{"callrefs":[{"addr":4195248,"type":"J","at":4195275}],"calltype":"amd64","codexrefs":[],"datarefs":[6293760,6293752],"dataxrefs":[],"name":"sym.imp.puts","offset":4195264,"realsz":32,"size":16,"type":"sym","locals":[]},{"callrefs":[{"addr":4195248,"type":"J","at":4195291},{"addr":4195248,"type":"J","at":4195275}],"calltype":"amd64","codexrefs":[],"datarefs":[6293768,1,6293752,6293760],"dataxrefs":[],"name":"sym.imp.__libc_start_main","offset":4195280,"realsz":48,"size":16,"type":"sym","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195232,"type":"C","at":4195296}],"datarefs":[6293728,4195760,4195648,4195558],"dataxrefs":[],"name":"fcn.004003e0","offset":4195296,"realsz":16,"size":16,"type":"fcn","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[],"datarefs":[4195760,4195648,4195558],"dataxrefs":[],"name":"entry0","offset":4195312,"realsz":41,"size":41,"type":"fcn","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[],"datarefs":[6293799,14,6293792],"dataxrefs":[],"name":"sym.deregister_tm_clones","offset":4195360,"realsz":41,"size":50,"type":"sym","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[],"datarefs":[6293792,6293792],"dataxrefs":[],"name":"sym.register_tm_clones","offset":4195424,"realsz":53,"size":53,"type":"sym","locals":[]},{"callrefs":[{"addr":4195360,"type":"C","at":4195501}],"calltype":"amd64","codexrefs":[],"datarefs":[6293792],"dataxrefs":[],"name":"sym.__do_global_dtors_aux","offset":4195488,"realsz":28,"size":28,"type":"sym","locals":[]},{"callrefs":[{"addr":4195424,"type":"J","at":4195531},{"addr":4195424,"type":"J","at":4195553}],"calltype":"amd64","codexrefs":[],"datarefs":[6293256],"dataxrefs":[],"name":"sym.frame_dummy","offset":4195520,"realsz":35,"size":38,"type":"sym","locals":[]},{"callrefs":[{"addr":4195264,"type":"C","at":4195627},{"addr":4195616,"type":"J","at":4195604},{"addr":4195264,"type":"C","at":4195611}],"calltype":"amd64","codexrefs":[],"datarefs":[10,4195782,24,4195780],"dataxrefs":[],"name":"sym.main","offset":4195558,"realsz":81,"size":81,"type":"sym","locals":[{"name":"local_ch","kind":"var","type":"int","ref":{"base":"rbp","offset":-12}},{"name":"local_8h","kind":"var","type":"int","ref":{"base":"rbp","offset":-8}}]},{"callrefs":[{"addr":4195216,"type":"C","at":4195692},{"addr":0,"type":"C","at":4195721}],"calltype":"amd64","codexrefs":[],"datarefs":[6293240,6293248],"dataxrefs":[],"name":"sym.__libc_csu_init","offset":4195648,"realsz":101,"size":101,"type":"sym","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[],"datarefs":[],"dataxrefs":[],"name":"sym.__libc_csu_fini","offset":4195760,"realsz":2,"size":2,"type":"sym","locals":[]},{"callrefs":[],"calltype":"amd64","codexrefs":[],"datarefs":[],"dataxrefs":[],"name":"sym._fini","offset":4195764,"realsz":9,"size":9,"type":"sym","locals":[]}] -------------------------------------------------------------------------------- /radeco-lib/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //! # The Radare2 Decompilation Library 9 | //! radeco-lib is the crate that powers the 10 | //! [radare2 decompiler](https://github.com/radare/radeco). 11 | //! 12 | //! Apart from decompilation, this library is designed to allow users to 13 | //! perform static analysis on binaries in a easy and intuitive way. 14 | //! __Reusablility__ and __Interactivity__ are the most important 15 | //! design principles of this library. 16 | //! 17 | //! # Design 18 | //! radeco-lib is built on top of r2pipe.rs, a simple library that provides 19 | //! methods 20 | //! to communicate with radare2 (using pipes). To know more about r2pipe or 21 | //! radare2 in general, please head over to the 22 | //! [repo](https://github.com/radare/radare2). 23 | //! 24 | //! radeco-lib works on analyzing ESIL (Evaluable Strings Intermediate 25 | //! Language), an intermediate 26 | //! representation (IR) used by radare2 for emulation. ESIL is converted into 27 | //! an internal SSA IR 28 | //! and used for subsequent analysis and optimizations. 29 | //! 30 | //! __NOTE__: This library is still under heavy developement. 31 | //! Some API's have been stabilized, please check the docs before using 32 | //! radeco-lib 33 | //! in your projects as changes may not be backwards compatible. Contributions, 34 | //! suggestions 35 | //! and bug reports are always welcome at: 36 | //! [tracker](https://github.com/radare/radeco-lib/issues) 37 | //! 38 | 39 | #![doc(html_root_url = "https://radare.github.io/radeco-lib/")] 40 | #![doc(html_logo_url = "http://rada.re/r/img/r2logo3.png")] 41 | #![feature(box_patterns)] 42 | #![feature(box_syntax)] 43 | #![feature(slice_patterns)] 44 | #![feature(try_trait)] 45 | //#[cfg(test)] #[macro_use] extern crate quickcheck_macros; 46 | 47 | extern crate petgraph; 48 | extern crate regex; 49 | extern crate serde_json; 50 | 51 | #[macro_use] 52 | extern crate lazy_static; 53 | extern crate bit_set; 54 | extern crate either; 55 | extern crate fixedbitset; 56 | extern crate linear_map; 57 | extern crate num; 58 | extern crate typed_arena; 59 | extern crate vec_map; 60 | 61 | #[cfg(test)] 62 | extern crate quickcheck; 63 | 64 | #[cfg(feature = "trace_log")] 65 | #[macro_use] 66 | extern crate log; 67 | #[cfg(feature = "trace_log")] 68 | extern crate env_logger; 69 | 70 | extern crate r2api; 71 | extern crate r2pipe; 72 | 73 | extern crate esil; 74 | // extern crate capstone_rust; 75 | extern crate rayon; 76 | 77 | #[cfg(feature = "profile")] 78 | extern crate cpuprofiler; 79 | 80 | extern crate lalrpop_util; 81 | 82 | #[macro_use] 83 | pub mod utils; 84 | #[macro_use] 85 | pub mod middle; 86 | #[macro_use] 87 | pub mod analysis; 88 | 89 | pub mod backend; 90 | pub mod frontend; 91 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/math/mod.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | #[cfg(test)] 9 | mod test; 10 | 11 | // warning: rust uses '!' as bitwise not operator 12 | // blcic(!x) = tzmsk(x)+1 = product of the '2's of x's prime decomposition 13 | pub fn blcic(x: u64) -> u64 { 14 | x.wrapping_add(1) & !x 15 | } // 101111-> 10000 16 | pub fn tzmsk(x: u64) -> u64 { 17 | x.wrapping_sub(1) & !x 18 | } // 010000-> 1111 19 | pub fn bitsmear(mut smear: u64) -> u64 { 20 | smear |= smear >> 32; 21 | smear |= smear >> 16; 22 | smear |= smear >> 8; 23 | smear |= smear >> 4; 24 | smear |= smear >> 2; 25 | smear |= smear >> 1; 26 | smear 27 | } 28 | 29 | pub fn gcd_lcm(mut m: u64, mut n: u64) -> (u64, u64) { 30 | let p = m * n; 31 | while m != 0 { 32 | let o = m; 33 | m = n % m; 34 | n = o; 35 | } 36 | (n, 37 | if n == 0 { 38 | 0 39 | } else { 40 | p / n 41 | }) 42 | } 43 | 44 | pub fn multiplicative_inverse(mut a: u64, n: u64) -> Option { 45 | 46 | // println!("{:?} {:?}", a, n); 47 | 48 | if n == 0 { 49 | return Option::None; 50 | } 51 | a %= n; 52 | // println!(" ({:?} {:?})", a, n); 53 | if a == 0 { 54 | return Option::None; 55 | } 56 | 57 | let mut t: u64 = 0; 58 | let mut r: u64 = n; 59 | let mut nt: u64 = 1; 60 | let mut nr: u64 = a; 61 | 62 | while nr != 0 { 63 | 64 | let (ot, or) = (nt, nr); 65 | let q = match r.checked_div(nr) { 66 | Some(x) => x, 67 | None => return Option::None; 68 | }; 69 | 70 | //nt = (t + q * (n - nt)) % n; 71 | 72 | nt = match (match t.checked_add(q) { 73 | Some(layer1) => { 74 | match layer1.checked_mul(match n.checked_sub(nt) { 75 | Some(layer2) => layer2, 76 | None => return Option::None 77 | }) { 78 | Some(layer2) => layer2, 79 | None => return Option::None 80 | } 81 | }, 82 | None => return Option::None 83 | }).checked_rem(n) { 84 | Some(x) => x, 85 | None => return Option::None 86 | }; 87 | 88 | // nr = r - q * nr; 89 | 90 | nr = match r.checked_sub(match q.checked_mul(nr) { 91 | Some(x) => x, 92 | None => return Option::None 93 | }) { 94 | Some(x) => x, 95 | None => return Option::None 96 | }; 97 | t = ot; 98 | r = or; 99 | } 100 | if r > 1 { 101 | return Option::None; 102 | } 103 | // println!("= {:?}", t); 104 | Option::Some(t) 105 | } 106 | -------------------------------------------------------------------------------- /radeco-lib/tests/lib.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | //extern crate radeco_lib; 9 | //extern crate r2pipe; 10 | 11 | //use radeco_lib::utils::{Pipeline, Runner, Pipeout, Analysis}; 12 | //use r2pipe::R2; 13 | 14 | //#[test] 15 | //fn test1() { 16 | //let pipeline = vec![Pipeline::ReadFromR2, Pipeline::ParseEsil, 17 | //Pipeline::CFG, Pipeline::SSA]; 18 | 19 | //let test_name = "test1".to_owned(); 20 | //let bin_name = Some("./ex-bins/simple2".to_owned()); 21 | //let addr = Some("sym.main".to_owned()); 22 | //let mut test = Runner::new(test_name, bin_name, addr, false, pipeline, None); 23 | //test.run(); 24 | //test.output(None); 25 | //} 26 | 27 | //#[test] 28 | //fn test_analysis1() { 29 | //let esil = vec!["4,5,+".to_owned(), "6,*".to_owned(), 30 | //"100,>,zf,=".to_owned(), 31 | //"5,rax,=".to_owned(), 32 | //"6,rbx,=".to_owned(), 33 | //"7,rbx,=".to_owned() 34 | //]; 35 | 36 | //let test_name = "test2".to_owned(); 37 | //// Get a new r2 instance. 38 | //let mut r2 = R2::new(Some("./ex-bins/simple2".to_owned())).unwrap(); 39 | //// Initialize with sane defaults. 40 | //r2.init(); 41 | //let r = r2.get_reg_info().unwrap(); 42 | 43 | //let pipeline = vec![ 44 | //Pipeline::ParseEsil, 45 | //Pipeline::CFG, 46 | //Pipeline::SSA, 47 | //Pipeline::Verify, 48 | //Pipeline::AnalyzeSSA(Analysis::ConstProp), 49 | //Pipeline::DCE, 50 | //Pipeline::Verify 51 | //]; 52 | 53 | //let mut test = Runner::new(test_name, None, None, true, pipeline, None); 54 | //test.state.pipeout = Some(Pipeout::Esil(esil)); 55 | //test.state.reg_info = Some(r.clone()); 56 | //test.run(); 57 | //test.output(None); 58 | //} 59 | 60 | //#[test] 61 | //fn test_analysis2() { 62 | //let test_name = "test_analysis".to_owned(); 63 | //let bin_name = Some("./ex-bins/constprop.o".to_owned()); 64 | //let addr = Some("entry0".to_owned()); 65 | //let pipeline = vec![ 66 | //Pipeline::ReadFromR2, 67 | //Pipeline::ParseEsil, 68 | //Pipeline::CFG, 69 | //Pipeline::SSA 70 | ////Pipeline::Verify 71 | ////Pipeline::DCE, 72 | ////Pipeline::AnalyzeSSA(Analysis::ConstProp), 73 | ////Pipeline::DCE 74 | //]; 75 | //let mut test = Runner::new(test_name, bin_name, addr, true, pipeline, None); 76 | //test.run(); 77 | //test.output(None); 78 | //} 79 | 80 | ////#[test] 81 | ////fn tachikoma() { 82 | ////let test_name = "tachikoma".to_string(); 83 | ////let bin_name = Some("./ex-bins/tachikoma".to_string()); 84 | ////let addr = Some("fcn.0002b401".to_string()); 85 | ////let pipeline = vec![ 86 | ////Pipeline::ReadFromR2, 87 | ////Pipeline::ParseEsil, 88 | ////Pipeline::CFG, 89 | ////Pipeline::SSA, 90 | ////Pipeline::Verify 91 | //////Pipeline::DCE, 92 | //////Pipeline::Verify 93 | //////Pipeline::AnalyzeSSA(Analysis::ConstProp), 94 | //////Pipeline::DCE 95 | ////]; 96 | ////let mut test = Runner::new(test_name, bin_name, addr, true, pipeline, None); 97 | ////test.run(); 98 | ////test.dump(); 99 | ////} 100 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/valueset/knownbits.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, The Radare Project. All rights reserved. 2 | // See the COPYING file at the top-level directory of this distribution. 3 | // Licensed under the BSD 3-Clause License: 4 | // 5 | // This file may not be copied, modified, or distributed 6 | // except according to those terms. 7 | 8 | use super::{KnownBits, SIntRange, ScannableSet, UIntMultiple, UIntRange, ValueSet}; 9 | use std::ops::{BitAnd, BitOr}; 10 | use super::math::{bitsmear, blcic}; 11 | 12 | impl ValueSet for KnownBits { 13 | fn contains(&self, value: u64) -> bool { 14 | if self.zerobits & self.onebits != 0 { 15 | return false; // pattern unfulfillable 16 | } 17 | value & (self.zerobits | self.onebits) == self.onebits 18 | } 19 | } 20 | 21 | fn scan_up(value: u64, zeroes: u64, ones: u64) -> Option { 22 | let fixedbits = zeroes | ones; 23 | if value & fixedbits == ones { 24 | return Option::Some(value); 25 | } 26 | 27 | let over = bitsmear(fixedbits & (ones ^ value)); 28 | let bsm = value & over; 29 | let increase = bitsmear(bsm) + 1; 30 | let rounded = ((value & !over) | fixedbits) + (increase & !over); 31 | let overwritten = (!fixedbits & rounded) | ones; 32 | 33 | Option::Some(overwritten) 34 | } 35 | 36 | impl ScannableSet for KnownBits { 37 | fn scan_up(&self, value: u64) -> Option { 38 | scan_up(value, self.zerobits, self.onebits) 39 | } 40 | fn scan_dn(&self, value: u64) -> Option { 41 | scan_up(!value, self.onebits, self.zerobits).map(|x| !x) 42 | } 43 | } 44 | 45 | impl KnownBits { 46 | pub fn as_umultiple(&self) -> UIntMultiple { 47 | let fixedbits = self.zerobits | self.onebits; 48 | let f_blcic = blcic(fixedbits); 49 | UIntMultiple { 50 | modulus: f_blcic, 51 | residue: (f_blcic - 1) & self.onebits, 52 | } 53 | } 54 | pub fn as_urange(&self) -> UIntRange { 55 | let fixedbits = self.zerobits | self.onebits; 56 | UIntRange { 57 | min: (u64::min_value() & !fixedbits) | self.onebits, 58 | max: (u64::max_value() & !fixedbits) | self.onebits, 59 | } 60 | } 61 | pub fn as_srange(&self) -> SIntRange { 62 | let fixedbits = self.zerobits | self.onebits; 63 | SIntRange { 64 | min: ((i64::min_value() as u64 & !fixedbits) | self.onebits) as i64, 65 | max: ((i64::max_value() as u64 & !fixedbits) | self.onebits) as i64, 66 | } 67 | } 68 | } 69 | 70 | impl<'a, 'b> BitAnd<&'a KnownBits> for &'b KnownBits { 71 | type Output = KnownBits; 72 | 73 | fn bitand(self, rhs: &KnownBits) -> KnownBits { 74 | KnownBits { 75 | zerobits: self.zerobits | rhs.zerobits, 76 | onebits: self.onebits | rhs.onebits, 77 | } 78 | } 79 | } 80 | 81 | impl<'a, 'b> BitOr<&'a KnownBits> for &'b KnownBits { 82 | type Output = KnownBits; 83 | 84 | fn bitor(self, rhs: &KnownBits) -> KnownBits { 85 | KnownBits { 86 | zerobits: self.zerobits & rhs.zerobits, 87 | onebits: self.onebits & rhs.onebits, 88 | } 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /radeco-lib/src/analysis/mask2narrow.rs: -------------------------------------------------------------------------------- 1 | //! Module that implements translation from bit mask to MOpcode::OpNarrow 2 | 3 | use crate::middle::ir::MOpcode; 4 | use crate::middle::ssa::cfg_traits::CFG; 5 | use crate::middle::ssa::ssa_traits::{SSAMod, ValueInfo, SSA}; 6 | use crate::middle::ssa::ssastorage::SSAStorage; 7 | use petgraph::graph::NodeIndex; 8 | 9 | fn mask2narrow(ssa: &SSAStorage, expr: NodeIndex) -> Option { 10 | let width_opt = ssa 11 | .node_data(expr) 12 | .ok() 13 | .and_then(|nd| nd.vt.width().get_width()); 14 | // The width returned by OpNarrow should be less than the width of operand. 15 | // In case the width will be the same size to the operand, it returns OpMov 16 | match (ssa.constant_value(expr), width_opt) { 17 | (Some(0xffffffffffffffff), Some(64)) => Some(MOpcode::OpMov), 18 | (Some(x), Some(w)) if (x + 1).count_ones() == 1 => { 19 | let n = (x + 1).trailing_zeros() as u16; 20 | if n == w { 21 | Some(MOpcode::OpMov) 22 | } else { 23 | Some(MOpcode::OpNarrow(n)) 24 | } 25 | } 26 | _ => None, 27 | } 28 | } 29 | 30 | pub fn run(ssa: &mut SSAStorage) { 31 | let it = ssa 32 | .blocks() 33 | .into_iter() 34 | .flat_map(|b| ssa.exprs_in(b)) 35 | .filter(|&e| match ssa.opcode(e) { 36 | Some(MOpcode::OpAnd) => true, 37 | _ => false, 38 | }) 39 | .collect::>(); 40 | 41 | for node in it { 42 | let mut _ops = ssa.operands_of(node); 43 | let mut ops = _ops.iter().take(2).cloned(); 44 | if let (Some(x), Some(y)) = (ops.next(), ops.next()) { 45 | visit_expr(ssa, node, x, y); 46 | visit_expr(ssa, node, y, x); 47 | } 48 | } 49 | } 50 | 51 | fn visit_expr(ssa: &mut SSAStorage, expr: NodeIndex, n: NodeIndex, mask: NodeIndex) -> Option<()> { 52 | let op = mask2narrow(ssa, mask)?; 53 | let vt = ssa.node_data(expr).ok()?.vt; 54 | let addr = ssa.address(expr)?; 55 | let blk = ssa.block_for(expr)?; 56 | match op { 57 | MOpcode::OpMov => { 58 | let new_op = ssa.insert_op(op, vt, Some(addr.address))?; 59 | ssa.op_use(new_op, 0, n); 60 | ssa.replace_value(expr, new_op); 61 | ssa.insert_into_block(new_op, blk, addr); 62 | } 63 | MOpcode::OpNarrow(w) => { 64 | let narrowed_op = { 65 | let mut x = scalar!(w); 66 | x.vty = vt.vty; 67 | ssa.insert_op(op, x, Some(addr.address)) 68 | }?; 69 | let extended_op = { 70 | let www = vt 71 | .width() 72 | .get_width() 73 | .expect("vt.width() should not be `None`"); 74 | ssa.insert_op(MOpcode::OpZeroExt(www), vt, Some(addr.address)) 75 | }?; 76 | ssa.op_use(narrowed_op, 0, n); 77 | ssa.op_use(extended_op, 0, narrowed_op); 78 | ssa.insert_into_block(narrowed_op, blk, addr); 79 | ssa.insert_into_block(extended_op, blk, addr); 80 | ssa.replace_value(expr, extended_op); 81 | } 82 | _ => unreachable!(), 83 | }; 84 | None 85 | } 86 | -------------------------------------------------------------------------------- /radeco-lib/src/middle/regfile/regusage.rs: -------------------------------------------------------------------------------- 1 | use super::RegisterId; 2 | use fixedbitset::FixedBitSet; 3 | 4 | /// The set of registers (possibly including the memory "register") that a 5 | /// function reads and/or preserves. 6 | /// 7 | /// **Note:** Instances created with [`Default::default`] *cannot be modified* 8 | /// To create a mutable instance, use [`SubRegisterFile::new_register_usage`]. 9 | /// 10 | /// **Implementation note:** This stores which registers a function *ignores* 11 | /// instead of what it reads. This is so the `Default` implementation of 12 | /// "reads and clobbers everything" is safe to assign to unanalyzed functions. 13 | #[derive(Debug, Clone, Default)] 14 | pub struct RegisterUsage { 15 | /// Registers that are *not* parameters 16 | ignores: FixedBitSet, 17 | /// Callee-saved registers 18 | preserves: FixedBitSet, 19 | } 20 | 21 | impl RegisterUsage { 22 | pub(super) fn with_register_count(regcount: usize) -> Self { 23 | RegisterUsage { 24 | ignores: FixedBitSet::with_capacity(regcount), 25 | preserves: FixedBitSet::with_capacity(regcount), 26 | } 27 | } 28 | 29 | /// Returns `true` if a callee that adheres to `self` can be called by a 30 | /// caller that assumes that callee adheres to `other`. 31 | pub fn is_compatible_with(&self, other: &RegisterUsage) -> bool { 32 | // self.reads.is_subset(&other.reads) && self.preserves.is_superset(&other.preserves) 33 | other.ignores.ones().all(|i| self.ignores[i]) 34 | && other.preserves.ones().all(|i| self.preserves[i]) 35 | } 36 | 37 | /// Returns if this `RegisterUsage` can be modified. 38 | /// If this returns `false`, *calling the `set_*` functions will panic*. 39 | pub fn is_mutable(&self) -> bool { 40 | self.ignores.len() > 0 && self.preserves.len() > 0 41 | } 42 | 43 | pub fn is_ignored(&self, reg_id: RegisterId) -> bool { 44 | self.ignores[reg_id.to_usize()] 45 | } 46 | pub fn is_read(&self, reg_id: RegisterId) -> bool { 47 | !self.ignores[reg_id.to_usize()] 48 | } 49 | pub fn is_preserved(&self, reg_id: RegisterId) -> bool { 50 | self.preserves[reg_id.to_usize()] 51 | } 52 | pub fn is_clobbered(&self, reg_id: RegisterId) -> bool { 53 | !self.preserves[reg_id.to_usize()] 54 | } 55 | 56 | pub fn set_ignored(&mut self, reg_id: RegisterId) -> () { 57 | self.ignores.set(reg_id.to_usize(), true) 58 | } 59 | pub fn set_read(&mut self, reg_id: RegisterId) -> () { 60 | self.ignores.set(reg_id.to_usize(), false) 61 | } 62 | pub fn set_preserved(&mut self, reg_id: RegisterId) -> () { 63 | self.preserves.set(reg_id.to_usize(), true) 64 | } 65 | pub fn set_clobbered(&mut self, reg_id: RegisterId) -> () { 66 | self.preserves.set(reg_id.to_usize(), false) 67 | } 68 | 69 | pub fn set_all_ignored(&mut self) -> () { 70 | self.ignores.set_range(.., true) 71 | } 72 | pub fn set_all_read(&mut self) -> () { 73 | self.ignores.set_range(.., false) 74 | } 75 | pub fn set_all_preserved(&mut self) -> () { 76 | self.preserves.set_range(.., true) 77 | } 78 | pub fn set_all_clobbered(&mut self) -> () { 79 | self.preserves.set_range(.., false) 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin1_filesource/bin1_fn_info.json: -------------------------------------------------------------------------------- 1 | [{"callrefs":[{"addr":4195472,"type":"C","at":4195400}],"calltype":"amd64","codexrefs":[{"addr":4195934,"type":"C","at":4195384}],"datarefs":[6295544],"dataxrefs":[],"name":"sym._init","offset":4195384,"realsz":26,"size":26,"type":"sym"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195808,"type":"C","at":4195440},{"addr":4195859,"type":"C","at":4195440},{"addr":4195876,"type":"C","at":4195440}],"datarefs":[6295576],"dataxrefs":[],"name":"sym.imp.puts","offset":4195440,"realsz":6,"size":6,"type":"sym"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195540,"type":"C","at":4195456}],"datarefs":[6295584],"dataxrefs":[],"name":"sym.imp.__libc_start_main","offset":4195456,"realsz":6,"size":6,"type":"sym"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195400,"type":"C","at":4195472}],"datarefs":[6295592],"dataxrefs":[],"name":"loc.imp.__gmon_start","offset":4195472,"realsz":6,"size":6,"type":"fcn"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195774,"type":"C","at":4195488}],"datarefs":[6295600],"dataxrefs":[],"name":"sym.imp.__isoc99_scanf","offset":4195488,"realsz":6,"size":6,"type":"sym"},{"callrefs":[{"addr":4195456,"type":"C","at":4195540}],"calltype":"amd64","codexrefs":null,"datarefs":[4196000,4195888,4195741],"dataxrefs":null,"name":"entry0","offset":4195504,"realsz":41,"size":41,"type":"fcn"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195677,"type":"C","at":4195552}],"datarefs":[6295631,6295624],"dataxrefs":[],"name":"sym.deregister_tm_clones","offset":4195552,"realsz":41,"size":41,"type":"sym"},{"callrefs":[],"calltype":"amd64","codexrefs":[{"addr":4195728,"type":"J","at":4195600},{"addr":4195736,"type":"J","at":4195600}],"datarefs":[6295624,6295624],"dataxrefs":[],"name":"sym.register_tm_clones","offset":4195600,"realsz":57,"size":57,"type":"sym"},{"callrefs":[{"addr":4195552,"type":"C","at":4195677}],"calltype":"amd64","codexrefs":null,"datarefs":[6295624],"dataxrefs":null,"name":"sym.__do_global_dtors_aux","offset":4195664,"realsz":28,"size":28,"type":"sym"},{"callrefs":[{"addr":4195600,"type":"J","at":4195728},{"addr":4195600,"type":"J","at":4195736}],"calltype":"amd64","codexrefs":null,"datarefs":[6295072],"dataxrefs":null,"name":"entry1.init","offset":4195696,"realsz":42,"size":45,"type":"fcn"},{"callrefs":[{"addr":4195488,"type":"C","at":4195774},{"addr":4195440,"type":"C","at":4195808},{"addr":4195886,"type":"J","at":4195818},{"addr":4195440,"type":"C","at":4195859},{"addr":4195886,"type":"J","at":4195869},{"addr":4195440,"type":"C","at":4195876}],"calltype":"amd64","codexrefs":[{"addr":4195818,"type":"J","at":4195886},{"addr":4195869,"type":"J","at":4195886}],"datarefs":[4196020,4196029,4196035,4196043],"dataxrefs":[4195533],"name":"main","offset":4195741,"realsz":147,"size":147,"type":"sym"},{"callrefs":[{"addr":4195384,"type":"C","at":4195934}],"calltype":"amd64","codexrefs":[],"datarefs":[6295056,6295064],"dataxrefs":[4195526],"name":"sym.__libc_csu_init","offset":4195888,"realsz":101,"size":101,"type":"sym"},{"callrefs":null,"calltype":"amd64","codexrefs":[],"datarefs":null,"dataxrefs":[4195519],"name":"sym.__libc_csu_fini","offset":4196000,"realsz":2,"size":2,"type":"sym"},{"callrefs":null,"calltype":"amd64","codexrefs":null,"datarefs":null,"dataxrefs":null,"name":"sym._fini","offset":4196004,"realsz":9,"size":9,"type":"sym"}] -------------------------------------------------------------------------------- /radeco-lib/test_files/ct1_sccp_ex/ct1_sccp_ex_sections.json: -------------------------------------------------------------------------------- 1 | [{"flags":"-----","name":"","paddr":0,"size":0,"vaddr":0,"vsize":0},{"flags":"--r--","name":".interp","paddr":512,"size":28,"vaddr":4194816,"vsize":28},{"flags":"--r--","name":".note.ABI_tag","paddr":540,"size":32,"vaddr":4194844,"vsize":32},{"flags":"--r--","name":".note.gnu.build_id","paddr":572,"size":36,"vaddr":4194876,"vsize":36},{"flags":"--r--","name":".gnu.hash","paddr":608,"size":28,"vaddr":4194912,"vsize":28},{"flags":"--r--","name":".dynsym","paddr":640,"size":96,"vaddr":4194944,"vsize":96},{"flags":"--r--","name":".dynstr","paddr":736,"size":61,"vaddr":4195040,"vsize":61},{"flags":"--r--","name":".gnu.version","paddr":798,"size":8,"vaddr":4195102,"vsize":8},{"flags":"--r--","name":".gnu.version_r","paddr":808,"size":32,"vaddr":4195112,"vsize":32},{"flags":"--r--","name":".rela.dyn","paddr":840,"size":24,"vaddr":4195144,"vsize":24},{"flags":"--r--","name":".rela.plt","paddr":864,"size":48,"vaddr":4195168,"vsize":48},{"flags":"--r-x","name":".init","paddr":912,"size":26,"vaddr":4195216,"vsize":26},{"flags":"--r-x","name":".plt","paddr":944,"size":48,"vaddr":4195248,"vsize":48},{"flags":"--r-x","name":".plt.got","paddr":992,"size":8,"vaddr":4195296,"vsize":8},{"flags":"--r-x","name":".text","paddr":1008,"size":450,"vaddr":4195312,"vsize":450},{"flags":"--r-x","name":".fini","paddr":1460,"size":9,"vaddr":4195764,"vsize":9},{"flags":"--r--","name":".rodata","paddr":1472,"size":9,"vaddr":4195776,"vsize":9},{"flags":"--r--","name":".eh_frame_hdr","paddr":1484,"size":52,"vaddr":4195788,"vsize":52},{"flags":"--r--","name":".eh_frame","paddr":1536,"size":244,"vaddr":4195840,"vsize":244},{"flags":"--rw-","name":".init_array","paddr":1784,"size":8,"vaddr":6293240,"vsize":8},{"flags":"--rw-","name":".fini_array","paddr":1792,"size":8,"vaddr":6293248,"vsize":8},{"flags":"--rw-","name":".jcr","paddr":1800,"size":8,"vaddr":6293256,"vsize":8},{"flags":"--rw-","name":".dynamic","paddr":1808,"size":464,"vaddr":6293264,"vsize":464},{"flags":"--rw-","name":".got","paddr":2272,"size":8,"vaddr":6293728,"vsize":8},{"flags":"--rw-","name":".got.plt","paddr":2280,"size":40,"vaddr":6293736,"vsize":40},{"flags":"--rw-","name":".data","paddr":2320,"size":16,"vaddr":6293776,"vsize":16},{"flags":"--rw-","name":".bss","paddr":2336,"size":8,"vaddr":6293792,"vsize":8},{"flags":"-----","name":".comment","paddr":2336,"size":38,"vaddr":0,"vsize":38},{"flags":"-----","name":".shstrtab","paddr":4515,"size":268,"vaddr":0,"vsize":268},{"flags":"-----","name":".symtab","paddr":2376,"size":1608,"vaddr":0,"vsize":1608},{"flags":"-----","name":".strtab","paddr":3984,"size":531,"vaddr":0,"vsize":531},{"flags":"m-r-x","name":"PHDR","paddr":64,"size":448,"vaddr":4194368,"vsize":448},{"flags":"m-r--","name":"INTERP","paddr":512,"size":28,"vaddr":4194816,"vsize":28},{"flags":"m-r-x","name":"LOAD0","paddr":0,"size":1780,"vaddr":4194304,"vsize":1780},{"flags":"m-rw-","name":"LOAD1","paddr":1784,"size":552,"vaddr":6293240,"vsize":560},{"flags":"m-rw-","name":"DYNAMIC","paddr":1808,"size":464,"vaddr":6293264,"vsize":464},{"flags":"m-r--","name":"NOTE","paddr":540,"size":68,"vaddr":4194844,"vsize":68},{"flags":"m-r--","name":"GNU_EH_FRAME","paddr":1484,"size":52,"vaddr":4195788,"vsize":52},{"flags":"m-rw-","name":"GNU_STACK","paddr":0,"size":0,"vaddr":0,"vsize":0},{"flags":"m-rw-","name":"ehdr","paddr":0,"size":64,"vaddr":4194304,"vsize":64}] -------------------------------------------------------------------------------- /rune/src/explorer/dfs.rs: -------------------------------------------------------------------------------- 1 | //! `PathExplorer` that works by exploring the CFG in Depth First Order. 2 | 3 | use std::collections::VecDeque; 4 | 5 | use libsmt::theories::core; 6 | 7 | use crate::explorer::explorer::PathExplorer; 8 | use crate::engine::rune::RuneControl; 9 | use crate::context::context::{Context, Evaluate, RegisterRead}; 10 | use crate::context::rune_ctx::RuneContext; 11 | use crate::memory::qword_mem::QWordMemory; 12 | use crate::regstore::regfile::RuneRegFile; 13 | 14 | #[derive(Clone, Copy, Debug, PartialEq)] 15 | #[allow(dead_code)] 16 | enum BranchType { 17 | True, 18 | False, 19 | } 20 | 21 | #[derive(Clone, Debug)] 22 | struct SavedState { 23 | pub ctx: C, 24 | pub branch: BranchType, 25 | } 26 | 27 | impl SavedState { 28 | fn new(ctx: C, b: BranchType) -> SavedState { 29 | SavedState { 30 | ctx: ctx, 31 | branch: b, 32 | } 33 | } 34 | } 35 | 36 | /// An explorer that traverses the program states in a depth first order. 37 | #[derive(Default)] 38 | pub struct DFSExplorer { 39 | /// Depth First Queue 40 | queue: VecDeque>, 41 | } 42 | 43 | // TODO: [X] Add constraints for T/F branch 44 | // [ ] Check if the paths are feasible before enqueue 45 | impl PathExplorer for DFSExplorer> { 46 | type C = RuneControl; 47 | type Ctx = RuneContext; 48 | 49 | fn new() -> DFSExplorer { 50 | DFSExplorer { queue: VecDeque::new() } 51 | } 52 | 53 | // TODO: Terminate the current execution path if the depth is greater than a 54 | // preset threshold. 55 | fn next(&mut self, _: &mut Self::Ctx) -> RuneControl { 56 | RuneControl::Continue 57 | } 58 | 59 | // When rune finishes its execution, pop another unexplored path for it to 60 | // explore. 61 | fn next_job(&mut self, ctx: &mut Self::Ctx) -> Option { 62 | if let Some(ref state) = self.queue.pop_back() { 63 | *ctx = state.ctx.clone(); 64 | Some(match state.branch { 65 | BranchType::True => RuneControl::ExploreTrue, 66 | BranchType::False => RuneControl::ExploreFalse, 67 | }) 68 | } else { 69 | None 70 | } 71 | } 72 | 73 | fn register_branch(&mut self, 74 | ctx: &mut Self::Ctx, 75 | condition: ::VarRef) 76 | -> RuneControl { 77 | // When a new branch is encountered, push the false branch into the queue and 78 | // explore the 79 | // true branch. Note that this choice is arbitrary and we could have as well 80 | // chosen the 81 | // other part without changing the nature of this explorer. 82 | let mut false_ctx = ctx.clone(); 83 | { 84 | let zero = ctx.define_const(0, 1); 85 | false_ctx.eval(core::OpCodes::Cmp, &[condition, zero]); 86 | } 87 | self.queue.push_back(SavedState::new(false_ctx, BranchType::False)); 88 | { 89 | let one = ctx.define_const(1, 1); 90 | ctx.eval(core::OpCodes::Cmp, &[condition, one]); 91 | } 92 | RuneControl::ExploreTrue 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /radeco-lib/test_files/bin_file/bin_file_sections.json: -------------------------------------------------------------------------------- 1 | [{"flags":"-----","name":"","paddr":0,"size":0,"vaddr":0,"vsize":0},{"flags":"--r--","name":".interp","paddr":568,"size":28,"vaddr":568,"vsize":28},{"flags":"--r--","name":".note.ABI_tag","paddr":596,"size":32,"vaddr":596,"vsize":32},{"flags":"--r--","name":".note.gnu.build_id","paddr":628,"size":36,"vaddr":628,"vsize":36},{"flags":"--r--","name":".hash","paddr":664,"size":376,"vaddr":664,"vsize":376},{"flags":"--r--","name":".gnu.hash","paddr":1040,"size":76,"vaddr":1040,"vsize":76},{"flags":"--r--","name":".dynsym","paddr":1120,"size":1320,"vaddr":1120,"vsize":1320},{"flags":"--r--","name":".dynstr","paddr":2440,"size":622,"vaddr":2440,"vsize":622},{"flags":"--r--","name":".gnu.version","paddr":3062,"size":110,"vaddr":3062,"vsize":110},{"flags":"--r--","name":".gnu.version_r","paddr":3176,"size":80,"vaddr":3176,"vsize":80},{"flags":"--r--","name":".rela.dyn","paddr":3256,"size":1416,"vaddr":3256,"vsize":1416},{"flags":"--r--","name":".rela.plt","paddr":4672,"size":936,"vaddr":4672,"vsize":936},{"flags":"--r-x","name":".init","paddr":5608,"size":23,"vaddr":5608,"vsize":23},{"flags":"--r-x","name":".plt","paddr":5632,"size":640,"vaddr":5632,"vsize":640},{"flags":"--r-x","name":".plt.got","paddr":6272,"size":8,"vaddr":6272,"vsize":8},{"flags":"--r-x","name":".text","paddr":6288,"size":5378,"vaddr":6288,"vsize":5378},{"flags":"--r-x","name":".fini","paddr":11668,"size":9,"vaddr":11668,"vsize":9},{"flags":"--r--","name":".rodata","paddr":11680,"size":4029,"vaddr":11680,"vsize":4029},{"flags":"--r--","name":".eh_frame_hdr","paddr":15712,"size":108,"vaddr":15712,"vsize":108},{"flags":"--r--","name":".eh_frame","paddr":15824,"size":676,"vaddr":15824,"vsize":676},{"flags":"--rw-","name":".init_array","paddr":18800,"size":8,"vaddr":2115952,"vsize":8},{"flags":"--rw-","name":".fini_array","paddr":18808,"size":8,"vaddr":2115960,"vsize":8},{"flags":"--rw-","name":".data.rel.ro","paddr":18816,"size":1088,"vaddr":2115968,"vsize":1088},{"flags":"--rw-","name":".dynamic","paddr":19904,"size":512,"vaddr":2117056,"vsize":512},{"flags":"--rw-","name":".got","paddr":20416,"size":40,"vaddr":2117568,"vsize":40},{"flags":"--rw-","name":".got.plt","paddr":20480,"size":336,"vaddr":2117632,"vsize":336},{"flags":"--rw-","name":".data","paddr":20832,"size":208,"vaddr":2117984,"vsize":208},{"flags":"--rw-","name":".bss","paddr":21040,"size":112,"vaddr":2118208,"vsize":112},{"flags":"-----","name":".gnu_debuglink","paddr":21040,"size":16,"vaddr":0,"vsize":16},{"flags":"-----","name":".shstrtab","paddr":21056,"size":266,"vaddr":0,"vsize":266},{"flags":"m-r-x","name":"PHDR","paddr":64,"size":504,"vaddr":64,"vsize":504},{"flags":"m-r--","name":"INTERP","paddr":568,"size":28,"vaddr":568,"vsize":28},{"flags":"m-r-x","name":"LOAD0","paddr":0,"size":16500,"vaddr":0,"vsize":16500},{"flags":"m-rw-","name":"LOAD1","paddr":18800,"size":2240,"vaddr":2115952,"vsize":2368},{"flags":"m-rw-","name":"DYNAMIC","paddr":19904,"size":512,"vaddr":2117056,"vsize":512},{"flags":"m-r--","name":"NOTE","paddr":596,"size":68,"vaddr":596,"vsize":68},{"flags":"m-r--","name":"GNU_EH_FRAME","paddr":15712,"size":108,"vaddr":15712,"vsize":108},{"flags":"m-rw-","name":"GNU_STACK","paddr":0,"size":0,"vaddr":0,"vsize":0},{"flags":"m-r--","name":"GNU_RELRO","paddr":18800,"size":1680,"vaddr":2115952,"vsize":1680},{"flags":"m-rw-","name":"ehdr","paddr":0,"size":64,"vaddr":0,"vsize":64}] -------------------------------------------------------------------------------- /radeco-lib/src/middle/ir_reader/simple_ast.rs: -------------------------------------------------------------------------------- 1 | //! Defines an AST to represent the textual IL. It is designed so that the parser actions in 2 | //! [the parser] are fairly trivial and so that lowering to [`SSAStorage`] is fairly easy. 3 | //! 4 | //! [the parser]: ::middle::ir_reader::parser 5 | //! [`SSAStorage`]: ::middle::ssa::ssastorage::SSAStorage 6 | 7 | use crate::middle::ir; 8 | use std::fmt; 9 | 10 | #[derive(Debug)] 11 | pub struct Function { 12 | pub name: String, 13 | pub entry_reg_state: Vec<(NewValue, PhysReg)>, 14 | pub basic_blocks: Vec, 15 | pub exit_node: Option, 16 | pub final_reg_state: Vec<(PhysReg, Operand)>, 17 | } 18 | 19 | #[derive(Debug)] 20 | pub struct BasicBlock { 21 | pub addr: ir::MAddress, 22 | pub size: u64, 23 | pub ops: Vec, 24 | pub term: Terminator, 25 | } 26 | 27 | #[derive(Debug)] 28 | pub struct ExitNode { 29 | pub ops: Vec, 30 | } 31 | 32 | #[derive(Debug)] 33 | pub enum Terminator { 34 | Return, 35 | JmpUncond(ir::MAddress), 36 | JmpCond(Operand, ir::MAddress, ir::MAddress), 37 | JmpIndirect(Operand), 38 | Unreachable, 39 | } 40 | 41 | #[derive(Debug)] 42 | pub enum Operation { 43 | Phi(NewValue, Vec), 44 | Assign(Option, NewValue, Expr), 45 | Call(Option, Vec, Operand, Vec), 46 | } 47 | 48 | #[derive(Debug)] 49 | pub struct CallRet { 50 | pub value: NewValue, 51 | pub reg: PhysReg, 52 | } 53 | 54 | #[derive(Debug)] 55 | pub struct CallArg { 56 | pub formal: PhysReg, 57 | pub actual: Operand, 58 | } 59 | 60 | #[derive(Debug)] 61 | pub enum Expr { 62 | Value(Operand), 63 | Infix(Operand, InfixOp, Operand), 64 | Prefix(PrefixOp, Operand), 65 | Load(Operand, Operand), 66 | Store(Operand, Operand, Operand), 67 | Resize(ResizeType, WidthSpec, Operand), 68 | } 69 | 70 | #[derive(Debug)] 71 | pub enum ResizeType { 72 | Narrow, 73 | SignExt, 74 | ZeroExt, 75 | } 76 | 77 | #[derive(Debug)] 78 | pub enum Operand { 79 | ValueRef(ValueRef), 80 | Const(u64), 81 | } 82 | 83 | #[derive(Debug)] 84 | pub enum PrefixOp { 85 | Not, 86 | } 87 | 88 | #[derive(Debug)] 89 | pub enum InfixOp { 90 | Add, 91 | Sub, 92 | Mul, 93 | Div, 94 | Mod, 95 | And, 96 | Or, 97 | Xor, 98 | Eq, 99 | Gt, 100 | Lt, 101 | Lsl, 102 | Lsr, 103 | } 104 | 105 | #[derive(Debug)] 106 | pub struct NewValue(pub ValueRef, pub Type); 107 | 108 | #[derive(Debug)] 109 | pub struct Type(pub WidthSpec, pub RefSpec); 110 | 111 | #[derive(Hash, PartialEq, Eq)] 112 | pub struct ValueRef(pub u64); 113 | 114 | #[derive(PartialEq, Eq)] 115 | pub struct PhysReg(pub String); 116 | 117 | #[derive(Debug)] 118 | pub struct WidthSpec(pub u16); 119 | 120 | #[derive(Debug)] 121 | pub enum RefSpec { 122 | Scalar, 123 | Reference, 124 | Unknown, 125 | } 126 | 127 | impl fmt::Debug for ValueRef { 128 | fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { 129 | write!(fmt, "%{}", self.0) 130 | } 131 | } 132 | 133 | impl fmt::Debug for PhysReg { 134 | fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { 135 | write!(fmt, "${}", self.0) 136 | } 137 | } 138 | --------------------------------------------------------------------------------