-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRizinOldFramework.py
More file actions
58 lines (47 loc) · 1.89 KB
/
RizinOldFramework.py
File metadata and controls
58 lines (47 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
from Binary import Binary
from Framework import FRAMEWORK_RIZIN_OLD_ANALYSIS, Framework
from stats.Symbol import Symbol, SymbolType
from stats.DPDuration import DPDuration, DPTypeDuration
from stats.Data import Addr
import re
import logging as log
import json
import rzpipe
class RizinOldFramework(Framework):
def __init__(self):
super().__init__(FRAMEWORK_RIZIN_OLD_ANALYSIS)
def init_framework(self):
pass
def analyze_bin(self, bin: Binary) -> dict[DPTypeDuration, DPDuration]:
dps = dict()
open_dp = DPDuration(DPTypeDuration.RUNTIME_OPEN_FILE)
pipe = rzpipe.open(str(bin.path))
open_dp.set_end()
dps[DPTypeDuration.RUNTIME_OPEN_FILE] = open_dp
aaa_dp = DPDuration(DPTypeDuration.RUNTIME_ANALYZE_ALL)
pipe.cmd("e log.level=5")
pipe.cmd("aaa")
aaa_dp.set_end()
dps[DPTypeDuration.RUNTIME_ANALYZE_ALL] = aaa_dp
# Add references and functions and all to
all_fcns_json = pipe.cmd("aflj")
all_fcns = json.loads(all_fcns_json)
for fcn in all_fcns:
fcn_addr = fcn["offset"]
fcn_bbs = json.loads(pipe.cmd(f"afbj @ {fcn_addr:#x}"))
fcn_size = fcn["size"]
# Remove flag name prefixes.
fcn_name = re.sub(r"^(\w+\.)+", "", fcn["name"])
symbol = Symbol(fcn_name, SymbolType.FUNCTION, fcn_size, Addr(fcn_addr))
symbol.add_entry_point(fcn_addr)
size_check = 0
for bb in fcn_bbs:
size_check += bb["size"]
symbol.add_range((Addr(bb["addr"]), Addr(bb["addr"] + bb["size"])))
if size_check != symbol.size:
log.warning(
f"Function {fcn['name']} accumulated BBs have a different size than assigned in Rizin."
)
self.symbols[fcn_name] = symbol
pipe.quit()
return dps