search

cea-sec / miasm

Reverse engineering framework in Python
https://miasm.re/
GNU General Public License v2.0
3.51k stars 474 forks source link

cannot convert miasm ir to llvm ir #1439

Open sh4m2hwz opened 1 year ago

sh4m2hwz commented 1 year ago 
>>> ircfg
loc_key_0
loc_key_1
loc_key_0 -> loc_key_1
>>> context = LLVMContext_IRCompilation()
>>> type(vmp.lifter)
<class 'miasm.arch.x86.lifter_model_call.LifterModelCall_x86_64'>
>>> context.lifter = vmp.lifter
>>> func = LLVMFunction_IRCompilation(context, name="test")
>>> func.ret_type = llvm_ir.VoidType()
>>> func.init_fc()
>>> all_regs = set()
>>> for block in viewvalues(ircfg.blocks):
...     for irs in block.assignblks:
...         for dst, src in viewitems(irs.get_rw(mem_read=True)):
...             elem = src.union(set([dst]))
...             all_regs.update(
...                 x for x in elem
...                 if x.is_id()
...             )
...
>>> reg2glob = {}
>>> for var in all_regs:
...     # alloca reg = global reg
...     data = context.mod.globals.get(str(var), None)
...     if data is None:
...         data = llvm_ir.GlobalVariable(context.mod,  LLVMType.IntType(var.size), name=str(var))
...     data.initializer = LLVMType.IntType(var.size)(0)
...     value = func.builder.load(data)
...     func.local_vars_pointers[var.name] = func.builder.alloca(llvm_ir.IntType(var.size), name=var.name)
...     func.builder.store(value, func.local_vars_pointers[var.name])
...     reg2glob[var] = data
...
<ir.StoreInstr '.3' of type 'void', opname 'store', operands [<ir.LoadInstr '.2' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RSI.54.0' of type 'i64*'>]>, <ir.AllocaInstr 'RSI.54.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.5' of type 'void', opname 'store', operands [<ir.LoadInstr '.4' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'tf_init' of type 'i1*'>]>, <ir.AllocaInstr 'tf_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.7' of type 'void', opname 'store', operands [<ir.LoadInstr '.6' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RAX.12.0' of type 'i64*'>]>, <ir.AllocaInstr 'RAX.12.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.9' of type 'void', opname 'store', operands [<ir.LoadInstr '.8' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'IRDst' of type 'i64*'>]>, <ir.AllocaInstr 'IRDst' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.11' of type 'void', opname 'store', operands [<ir.LoadInstr '.10' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'nf.351.0' of type 'i1*'>]>, <ir.AllocaInstr 'nf.351.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.13' of type 'void', opname 'store', operands [<ir.LoadInstr '.12' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RSP_init' of type 'i64*'>]>, <ir.AllocaInstr 'RSP_init' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.15' of type 'void', opname 'store', operands [<ir.LoadInstr '.14' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'cf.351.0' of type 'i1*'>]>, <ir.AllocaInstr 'cf.351.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.17' of type 'void', opname 'store', operands [<ir.LoadInstr '.16' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RBX.164.0' of type 'i64*'>]>, <ir.AllocaInstr 'RBX.164.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.19' of type 'void', opname 'store', operands [<ir.LoadInstr '.18' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'vm_init' of type 'i1*'>]>, <ir.AllocaInstr 'vm_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.21' of type 'void', opname 'store', operands [<ir.LoadInstr '.20' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RBP.127.0' of type 'i64*'>]>, <ir.AllocaInstr 'RBP.127.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.23' of type 'void', opname 'store', operands [<ir.LoadInstr '.22' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'R11_init' of type 'i64*'>]>, <ir.AllocaInstr 'R11_init' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.25' of type 'void', opname 'store', operands [<ir.LoadInstr '.24' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'zf.351.0' of type 'i1*'>]>, <ir.AllocaInstr 'zf.351.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.27' of type 'void', opname 'store', operands [<ir.LoadInstr '.26' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'R9_init' of type 'i64*'>]>, <ir.AllocaInstr 'R9_init' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.29' of type 'void', opname 'store', operands [<ir.LoadInstr '.28' of type 'i16', opname 'load', operands [<ir.GlobalVariable 'SS_init' of type 'i16*'>]>, <ir.AllocaInstr 'SS_init' of type 'i16*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.31' of type 'void', opname 'store', operands [<ir.LoadInstr '.30' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RSP.63.0' of type 'i64*'>]>, <ir.AllocaInstr 'RSP.63.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.33' of type 'void', opname 'store', operands [<ir.LoadInstr '.32' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RDX.5.0' of type 'i64*'>]>, <ir.AllocaInstr 'RDX.5.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.35' of type 'void', opname 'store', operands [<ir.LoadInstr '.34' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'rf_init' of type 'i1*'>]>, <ir.AllocaInstr 'rf_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.37' of type 'void', opname 'store', operands [<ir.LoadInstr '.36' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'RCX.11.0' of type 'i64*'>]>, <ir.AllocaInstr 'RCX.11.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.39' of type 'void', opname 'store', operands [<ir.LoadInstr '.38' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'pf.351.0' of type 'i1*'>]>, <ir.AllocaInstr 'pf.351.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.41' of type 'void', opname 'store', operands [<ir.LoadInstr '.40' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'i_d_init' of type 'i1*'>]>, <ir.AllocaInstr 'i_d_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.43' of type 'void', opname 'store', operands [<ir.LoadInstr '.42' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'R9.138.0' of type 'i64*'>]>, <ir.AllocaInstr 'R9.138.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.45' of type 'void', opname 'store', operands [<ir.LoadInstr '.44' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'vif_init' of type 'i1*'>]>, <ir.AllocaInstr 'vif_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.47' of type 'void', opname 'store', operands [<ir.LoadInstr '.46' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'nt_init' of type 'i1*'>]>, <ir.AllocaInstr 'nt_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.49' of type 'void', opname 'store', operands [<ir.LoadInstr '.48' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'i_f_init' of type 'i1*'>]>, <ir.AllocaInstr 'i_f_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.51' of type 'void', opname 'store', operands [<ir.LoadInstr '.50' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'of.351.0' of type 'i1*'>]>, <ir.AllocaInstr 'of.351.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.53' of type 'void', opname 'store', operands [<ir.LoadInstr '.52' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'df_init' of type 'i1*'>]>, <ir.AllocaInstr 'df_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.55' of type 'void', opname 'store', operands [<ir.LoadInstr '.54' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'af.345.0' of type 'i1*'>]>, <ir.AllocaInstr 'af.345.0' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.57' of type 'void', opname 'store', operands [<ir.LoadInstr '.56' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'ac_init' of type 'i1*'>]>, <ir.AllocaInstr 'ac_init' of type 'i1*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.59' of type 'void', opname 'store', operands [<ir.LoadInstr '.58' of type 'i2', opname 'load', operands [<ir.GlobalVariable 'iopl_f_init' of type 'i2*'>]>, <ir.AllocaInstr 'iopl_f_init' of type 'i2*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.61' of type 'void', opname 'store', operands [<ir.LoadInstr '.60' of type 'i64', opname 'load', operands [<ir.GlobalVariable 'R11.181.0' of type 'i64*'>]>, <ir.AllocaInstr 'R11.181.0' of type 'i64*', opname 'alloca', operands ()>]>
<ir.StoreInstr '.63' of type 'void', opname 'store', operands [<ir.LoadInstr '.62' of type 'i1', opname 'load', operands [<ir.GlobalVariable 'vip_init' of type 'i1*'>]>, <ir.AllocaInstr 'vip_init' of type 'i1*', opname 'alloca', operands ()>]>
>>> func.from_ircfg(ircfg, append_ret=False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Users\devirt\AppData\Local\Programs\Python\Python39\lib\site-packages\miasm-0.1.3.dev447-py3.9-win-amd64.egg\miasm\jitter\llvmconvert.py", line 1922, in from_ircfg
    self.gen_irblock(irblock)
  File "C:\Users\devirt\AppData\Local\Programs\Python\Python39\lib\site-packages\miasm-0.1.3.dev447-py3.9-win-amd64.egg\miasm\jitter\llvmconvert.py", line 1910, in gen_irblock
    return super(LLVMFunction_IRCompilation, self).gen_irblock(
  File "C:\Users\devirt\AppData\Local\Programs\Python\Python39\lib\site-packages\miasm-0.1.3.dev447-py3.9-win-amd64.egg\miasm\jitter\llvmconvert.py", line 1561, in gen_irblock
    self.add_ir(element)
  File "C:\Users\devirt\AppData\Local\Programs\Python\Python39\lib\site-packages\miasm-0.1.3.dev447-py3.9-win-amd64.egg\miasm\jitter\llvmconvert.py", line 1219, in add_ir
    addr = self.add_ir(expr.ptr)
  File "C:\Users\devirt\AppData\Local\Programs\Python\Python39\lib\site-packages\miasm-0.1.3.dev447-py3.9-win-amd64.egg\miasm\jitter\llvmconvert.py", line 933, in add_ir
    [self.local_vars["jitcpu"]] + casted_args
KeyError: 'jitcpu'

system: windows 10 python 3.9.8

serpilliere commented 1 year ago

Hi @sh4m2hwz After an analyzes with @commial, it seems that in your IR, you are translating an IR code which comes from a memory with segmentation use. (something as SS:DWORD PTR[ESP] for example, which may appear in IR in something like @32[segm(ss, esp)]) It seems that the default code (used in the generation in case of jit) tries to do that and uses a jitter which is not initialized here in your case (and you don't want that).

Maybe you will have to remove the segmentation in the IR if you are not using it, or maybe patch the IR code to use a custom function made by you which will handle the segmentation ?