search

exported / paimei

Automatically exported from code.google.com/p/paimei
GNU General Public License v2.0
1 stars 0 forks source link

Error in __init_basic_blocks__() method, leading to incorrect CFG #22

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. print function's graph

What is the expected output? What do you see instead?
The so generated graph (CFG) is broken many places which means there are 
missing branches.

What version of the product are you using? On what operating system?
Latest version of Paimei.

Please provide any additional information below.

Let see the following code from __init_basic_blocks__() of function.py:
<code>
elif len(branches_from) > 0:
                    blocks.append((curr_start,ea))
                    curr_start = next_ea
                    for branch in branches_from:
                        if branch not in contained_heads:
                            print "skipped branch"
                            continue
                            if len(branches_from) == 1:
                            color = 0x0000FF
                            print "B1 JMP case"
                        elif branch == next_ea:
                            color = 0xFF0000
                            print "False Br case"
                        else:                        color = 0x00FF00
                        edges.append((curr_start, branch, color))
</code>
In the above code, the statement "curr_start = next_ea" must come at the end of 
the FOR loop. Otherwise it will create a branch to itself.
Another error is in the following code:
<code>
elif len(branches_to_next)> 0:
                    blocks.append((curr_start,ea))
                    curr_start = next_ea
                    # draw an "implicit" branch.
                    edges.append((curr_start, next_ea, 0x0000FF))
                    curr_start = next_ea
</code>
In the above code, "edges.append((ea, next_ea, 0x0000FF))" is wrong as it is 
starting an edge from "ea" rather it should be from "curr_start" and 
accordingly the position of the "curr_start = next_ea" should be changed. So 
the code should be changed to the following:
<code>
elif len(branches_to_next)> 0:
                    blocks.append((curr_start,ea))
                    # draw an "implicit" branch.
                    edges.append((curr_start, next_ea, 0x0000FF))
                    curr_start = next_ea
</code>

Thanks
-Sanjay

Original issue reported on code.google.com by tosanj...@gmail.com on 2 Apr 2011 at 12:38

GoogleCodeExporter commented 9 years ago 
In the original method code, the code is:
edges.append((ea, next_ea, 0x0000FF))
I pasted the corrected code, by mistake.

Original comment by tosanj...@gmail.com on 3 Apr 2011 at 10:00

GoogleCodeExporter commented 9 years ago 
I have attached the patch (function.patch) for the above mentioned modification.

Original comment by tosanj...@gmail.com on 6 Apr 2011 at 10:31

Attachments:

GoogleCodeExporter commented 9 years ago 
This patch seems not to have been incorporated yet. Haven't validated yet if 
this is a problem. if other people feel strongly about it please tell.

Do you have a demo application that will demonstrate this or perhaps tell a bit 
more about what the problem is? Or attach an incorect CFG.

http://gitorious.org/paimei

Original comment by streetde...@gmail.com on 9 Mar 2012 at 12:47

GoogleCodeExporter commented 9 years ago 
Hi,
I have mentioned the problem in the above mail. I am attaching three files (in 
a single zip) as an example.
1. Graph_sub_401000_IDA.pdf (IDA pro generated CFG of a function named 
sub_401000.)
2. cfg_sub_401000_Original.jpeg (Paimei calculated CFG with the original code.)
3. cfg_sub_401000_tmp_modified.jpeg (Paimei calculated CFG with the modified 
code.)
IN the attached files, it can be seen that the CFG of IDApro and modified 
Peimei are identical, which is not the case for the original code CFG.

Regards
-Sanjay

Original comment by tosanj...@gmail.com on 9 Mar 2012 at 1:37

Attachments: