search

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
https://triton-library.github.io
Apache License 2.0
3.56k stars 539 forks source link

Support for ARM32 ldm<amode> #1278

Open pdamian opened 1 year ago

pdamian commented 1 year ago

Would it be possible to add support for different <amode> (DA: Decrement After, DB: Decrement Before, IA: Increment After and IB: Increment Before) in instructions such as ldm (or stm)? These seem currently not being supported (see example below). Example:

#!/usr/bin/env python3
## -*- coding: utf-8 -*-
from triton import ARCH, EXCEPTION, Instruction, MemoryAccess, MODE, TritonContext

function = {
    0x8000: b"\x06\x00\x90\xe8", # ldm r0, {r1, r2}
    0x8004: b"\x06\x00\x10\xe9", # ldmdb r0, {r1, r2}
}

ctx = TritonContext(ARCH.ARM32)
ctx.setMode(MODE.ALIGNED_MEMORY, True)
ctx.setThumb(False)

ctx.setConcreteRegisterValue(ctx.registers.r0, 0x1000)
ctx.setConcreteMemoryValue(MemoryAccess(0x0ff8, 4), 0x0ff8)
ctx.setConcreteMemoryValue(MemoryAccess(0x0ffc, 4), 0x0ffc)
ctx.setConcreteMemoryValue(MemoryAccess(0x1000, 4), 0x1000)
ctx.setConcreteMemoryValue(MemoryAccess(0x1004, 4), 0x1004)

pc = 0x8000
while pc in function:
    inst = Instruction(pc, function[pc])
    e = ctx.processing(inst)
    print(inst)
    if e != EXCEPTION.NO_FAULT:
        print(f"\tException = {e:d}")
        break
    r0 = ctx.getConcreteRegisterValue(ctx.registers.r0)
    r1 = ctx.getConcreteRegisterValue(ctx.registers.r1)
    r2 = ctx.getConcreteRegisterValue(ctx.registers.r2)
    print(f"\tr0 = 0x{r0:x}")
    print(f"\tr1 = 0x{r1:x}")
    print(f"\tr2 = 0x{r2:x}")
    pc = ctx.getConcreteRegisterValue(ctx.registers.pc)

Output:

0x8000: ldm r0, {r1, r2}
        r0 = 0x1000
        r1 = 0x1000
        r2 = 0x1004
0x8004: ldmdb r0, {r1, r2}
        Exception = 3
cnheitman commented 1 year ago

Hi @pdamian ! I can take a look to this and try to implement the missing modes in the upcoming weeks.

m4drat commented 11 months ago

Hi! While playing with https://github.com/quarkslab/tritondse/ and an ARM32 target I also encountered this problem. Are there any updates on implementation of these instructions?

cnheitman commented 11 months ago

Hi @m4drat ! Unfortunately I did not have much time to spend on this. It is still on my todo list but I cannot give an estimate on when I'll be able to do it.

m4drat commented 11 months ago

Thanks for an answer. Got it! I've come across a couple other instructions that seem to need to be implemented as well, so I might work on this and related issues in the future. Of course, if it makes sense for the project I'm working on right now.

cnheitman commented 11 months ago

Great! Any PR will be very much appreciated :D