improve abstraction

Author: RobinDavid

ida_plugin/qsynthesis_plugin.py

@@ -27,7 +27,7 @@ def init(self) -> int:
         addon_info.name = self.wanted_name
         addon_info.producer = "Quarkslab"
         addon_info.version = qsynthesis.__version__
-        addon_info.url = "https://gitlab.qb/synthesis/qsynthesis"
+        addon_info.url = "https://github.com/quarkslab/qsynthesis"
         addon_info.freeform = "Copyright (c) 2020 - All Rights Reserved"
         ida_kernwin.register_addon(addon_info)
         self.view = None

qsynthesis/plugin/actions.py

@@ -1,5 +1,4 @@
-from qsynthesis.plugin.dependencies import ida_kernwin, TRITON_ENABLED
-from qtracedb.trace import Trace
+from qsynthesis.plugin.dependencies import ida_kernwin, TRITON_ENABLED, Trace
 
 
 class SynthetizerViewHook(ida_kernwin.action_handler_t):

qsynthesis/plugin/arch.py

@@ -0,0 +1,150 @@
+from typing import List, Optional
+
+import capstone
+from capstone import x86_const, arm_const, arm64_const, CS_AC_READ, CS_AC_WRITE
+from enum import IntEnum
+from collections import namedtuple
+
+Reg = namedtuple("Reg", "name")
+
+
+class Opnd:
+    def __init__(self, cs_op, arch):
+        self._cs_op = cs_op
+        self._arch = arch
+
+    @property
+    def type(self):
+        return self._cs_op.type
+
+    def is_read(self) -> bool:
+        return bool(self._cs_op.access & CS_AC_READ)
+
+    def is_written(self) -> bool:
+        return bool(self._cs_op.access & CS_AC_WRITE)
+
+    def is_register(self) -> bool:
+        return self.type == self._arch.optypes.REG
+
+    def is_memory(self) -> bool:
+        return self.type == self._arch.optypes.MEM
+
+
+class Instr:
+    def __init__(self, cs_ins, arch):
+        self._cs_ins = cs_ins
+        self._arch = arch
+
+    @property
+    def bytes(self):
+        return bytes(self._cs_ins.bytes)
+
+    def __str__(self):
+        return self._cs_ins.mnemonic + " " + self._cs_ins.op_str
+
+    @property
+    def operands(self):
+        return [Opnd(x, self._arch) for x in self._cs_ins.operands]
+
+
+class Arch:
+    _CSD = None
+
+    def disasm(cls, asm: bytes, addr: int) -> List[Instr]:
+        cls._CSD.detail = True
+        return [Instr(x, cls) for x in cls._CSD.disasm(asm, addr)]
+
+    def disasm_one(cls, asm: bytes, addr: int) -> Instr:
+        r = cls.disasm(asm, addr)
+        return r[0] if r else None
+
+
+
+class _ArchX86(Arch):
+    NAME = "x86"
+    INS_PTR = Reg('eip')
+    STK_PTR = Reg('esp')
+    _CSD = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
+    nop_instruction = b"\x90"
+
+    class optypes(IntEnum):
+        INVALID = x86_const.X86_OP_INVALID
+        IMM = x86_const.X86_OP_IMM
+        REG = x86_const.X86_OP_REG
+        MEM = x86_const.X86_OP_MEM
+
+
+class _ArchX64(_ArchX86):
+    NAME = "x86_64"
+    INS_PTR = Reg('rip')
+    STK_PTR = Reg('rsp')
+    _CSD = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
+
+
+
+class _ArchARM(Arch):
+    NAME = "ARM"
+    INS_PTR = Reg('pc')
+    STK_PTR = Reg('sp')
+    _CSD = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
+    nop_instruction = b"\x00\xf0\x20\xe3"
+
+    class optypes(IntEnum):
+        INVALID = arm_const.ARM_OP_INVALID
+        REG = arm_const.ARM_OP_REG
+        IMM = arm_const.ARM_OP_IMM
+        MEM = arm_const.ARM_OP_MEM
+        FP = arm_const.ARM_OP_FP
+        CIMM = arm_const.ARM_OP_CIMM
+        PIMM = arm_const.ARM_OP_PIMM
+        SETEND = arm_const.ARM_OP_SETEND
+        SYSREG = arm_const.ARM_OP_SYSREG
+
+
+class _ArchARM64(Arch):
+    NAME = "AARCH64"
+    INS_PTR = Reg('x28')
+    STK_PTR = Reg('sp')
+    _CSD = capstone.Cs(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM)
+    nop_instruction = b"\x1f\x20\x03\xd5"
+
+    class optypes(IntEnum):
+        INVALID = arm64_const.ARM64_OP_INVALID
+        REG = arm64_const.ARM64_OP_REG
+        IMM = arm64_const.ARM64_OP_IMM
+        MEM = arm64_const.ARM64_OP_MEM
+        FP = arm64_const.ARM64_OP_FP
+        CIMM = arm64_const.ARM64_OP_CIMM
+        REG_MRS = arm64_const.ARM64_OP_REG_MRS
+        REG_MSR = arm64_const.ARM64_OP_REG_MSR
+        PSTATE = arm64_const.ARM64_OP_PSTATE
+        SYS = arm64_const.ARM64_OP_SYS
+        PREFETCH = arm64_const.ARM64_OP_PREFETCH
+        BARRIER = arm64_const.ARM64_OP_BARRIER
+
+
+ArchX86 = _ArchX86()
+ArchX64 = _ArchX64()
+ArchARM = _ArchARM()
+ArchARM64 = _ArchARM64()
+
+
+class ArchsManager:
+    @staticmethod
+    def get_supported_regs(arch: Arch) -> List[Reg]:
+        if isinstance(arch, _ArchX64):
+            return [Reg('RAX'), Reg('RBX'), Reg('RCX'), Reg('RDX'), Reg('RDI'), Reg('RSI'), Reg('RBP'), Reg('RSP'),
+                    Reg('RIP'), Reg('EFLAGS'), Reg('R8'), Reg('R9'), Reg('R10'), Reg('R11'), Reg('R12'), Reg('R13'),
+                    Reg('R14'), Reg('R15')]
+        elif isinstance(arch, _ArchX86):
+            return [Reg('EAX'), Reg('EBX'), Reg('ECX'), Reg('EDX'), Reg('EDI'), Reg('ESI'), Reg('EBP'), Reg('ESP'), Reg('EIP'), Reg('EFLAGS')]
+        elif isinstance(arch, _ArchARM):
+            return [Reg('R0'), Reg('R1'), Reg('R2'), Reg('R3'), Reg('R4'), Reg('R5'), Reg('R6'), Reg('R7'), Reg('R8'),
+                    Reg('R9'), Reg('R10'), Reg('R11'), Reg('R12'), Reg('R13'), Reg('R14'), Reg('R15'), Reg('CPSR')]
+        elif isinstance(arch, _ArchARM64):
+            return [Reg('X0'), Reg('X1'), Reg('X2'), Reg('X3'), Reg('X4'), Reg('X5'), Reg('X6'), Reg('X7'), Reg('X8'),
+                    Reg('X9'), Reg('X10'), Reg('X11'), Reg('X12'), Reg('X13'), Reg('X14'), Reg('X15'), Reg('X16'),
+                    Reg('X17'), Reg('X18'), Reg('X19'), Reg('X20'), Reg('X21'), Reg('X22'), Reg('R23'), Reg('X24'),
+                    Reg('X25'), Reg('X26'), Reg('X27'), Reg('X28'), Reg('X29'), Reg('X30')]
+        else:
+            assert False

qsynthesis/plugin/ast_viewer.py

@@ -1,11 +1,8 @@
 # built-in modules
 from typing import List
 
-# third-party
-from qtracedb.archs.arch import Instr
-
 # qsynthesis modules
-from qsynthesis.plugin.dependencies import ida_graph
+from qsynthesis.plugin.dependencies import ida_graph, Instr
 from qsynthesis.tritonast import TritonAst
 
 

qsynthesis/plugin/dependencies.py

@@ -44,9 +44,20 @@ class PluginForm:
 
 try:
     import qtracedb
+    from qtracedb import DatabaseManager
+    from qtracedb.trace import Trace, InstrCtx
+    from qtracedb.archs.arch import Instr, Arch
+    from qtracedb.manager import ArchsManager
+    from qtracedb.archs.x86 import ArchX86, ArchX64
+    from qtracedb.archs.arm import ArchARM
+    from qtracedb.archs.arm64 import ArchARM64
     QTRACEDB_ENABLED = True
-except ImportError:
+except ImportError as e:
     QTRACEDB_ENABLED = False
+    from .arch import Arch, ArchX64, ArchARM, ArchARM64, ArchX86, Instr, ArchsManager
+    # Set dummy vars
+    DatabaseManager, Trace, InstrCtx = None, None, None
+
 
 try:
     import triton

qsynthesis/plugin/popup_actions.py

@@ -34,7 +34,7 @@ def set_text_widget(self, ea: Addr) -> None:
         the Qsynthesis view.
 
         :param ea: address to set
-        :return: None
+        :return: Nones
         """
         self.widget.from_line.setText(f"{ea:#x}")
 
@@ -138,8 +138,8 @@ def __init__(self, widget: 'SynthesizerView'):
     def activate(self, ctx) -> bool:
         """
         Upon clicking (or shortcut key typed) retrieve the current operand
-        with qtracedb Instruction object and set various widget variable
-        to be able to retrieve the information later on.
+        object and set various widget variable to be able to retrieve the
+        information later on.
 
         :return: True if the operand is value and has successfully been retrieved
         """

qsynthesis/plugin/processor.py

@@ -7,13 +7,10 @@
 
 # third-party modules
 from triton import ARCH
-from qtracedb.archs.arch import Arch
-from qtracedb.archs.x86 import ArchX86, ArchX64
-from qtracedb.archs.arm import ArchARM
-from qtracedb.archs.arm64 import ArchARM64
 
 # qsynthesis modules
 from qsynthesis.plugin.dependencies import ida_idp, ida_idaapi
+from qsynthesis.plugin.dependencies import ArchX86, ArchX64, ArchARM, ArchARM64
 
 
 class ProcessorType(IntEnum):
@@ -61,7 +58,7 @@ def processor_to_triton_arch() -> ARCH:
         assert False
 
 
-def processor_to_qtracedb_arch() -> Arch:
+def processor_to_arch():
     """
     Get the current IDB processor as a Qtrace-DB Arch object
 

qsynthesis/plugin/view.py

@@ -5,19 +5,16 @@
 
 # third-party modules
 from PyQt5 import QtWidgets, QtCore, QtGui  # provided by IDA
-from qtracedb import DatabaseManager
-from qtracedb.trace import Trace, InstrCtx
-from qtracedb.archs.arch import Instr
-from qtracedb.archs import ArchsManager
 
 # qsynthesis modules
+from qsynthesis.plugin.dependencies import DatabaseManager, Trace, InstrCtx, Instr, Arch, ArchsManager
 from qsynthesis.plugin.dependencies import ida_kernwin, IDA_ENABLED, QTRACEIDA_ENABLED, QTRACEDB_ENABLED
-from qsynthesis.plugin.dependencies import ida_bytes, ida_nalt, ida_ua, ida_funcs, ida_gdl, ida_loader
+from qsynthesis.plugin.dependencies import ida_bytes, ida_nalt, ida_ua, ida_funcs, ida_gdl, ida_loader, ida_lines
 from qsynthesis.tables import InputOutputOracleLevelDB, InputOutputOracleREST
 from qsynthesis.algorithms import TopDownSynthesizer, PlaceHolderSynthesizer
 from qsynthesis.utils.symexec import SimpleSymExec
 from qsynthesis.tritonast import ReassemblyError
-from qsynthesis.plugin.processor import processor_to_triton_arch, Arch, Processor, ProcessorType, processor_to_qtracedb_arch
+from qsynthesis.plugin.processor import processor_to_triton_arch, Processor, ProcessorType, processor_to_arch
 from qsynthesis.plugin.ast_viewer import AstViewer, BasicBlockViewer
 from qsynthesis.plugin.popup_actions import SynthetizeFromHere, SynthetizeToHere, SynthetizeOperand
 from qsynthesis.plugin.ui.synthesis_ui import Ui_synthesis_view
@@ -162,7 +159,7 @@ def __init__(self, qtrace: Optional['QtraceIDA']):
         # If working on its own
         self._dbm = None
         self._trace = None
-        self._arch = processor_to_qtracedb_arch()  # By default initialize it with current architecture
+        self._arch = processor_to_arch()  # By default initialize it with current architecture
 
         # Expresssion highlighted
         self.highlighted_addr = {}  # addr -> backed_color
@@ -852,7 +849,7 @@ def reassemble_clicked(self) -> None:
             try:
                 if patch_fun:
                     addrs = self.get_dependency_addresses()
-                    asm_bytes = self.synth_ast.reassemble(dst_reg, self.arch)
+                    asm_bytes = self.synth_ast.reassemble(dst_reg, self.arch.NAME)
                     if snap:  # Create a snapshot of the database
                         ss = ida_loader.snapshot_t()
                         ss.desc = f"Reassembly of {dst_reg} at {self.stop_addr:#x}"
@@ -863,7 +860,8 @@ def reassemble_clicked(self) -> None:
                         self.patch_reassembly(addrs, asm_bytes)
                 else:
                     # Reassemble to instruction and show it in a View
-                    insts = self.synth_ast.reassemble_to_insts(dst_reg, self.arch)
+                    raw_insts = self.synth_ast.reassemble(dst_reg, self.arch.NAME)
+                    insts = self.arch.disasm(raw_insts, 0x0)
                     bb_viewer = BasicBlockViewer("Reassembly", insts)
                     bb_viewer.Show()
             except ReassemblyError as e:
@@ -1076,11 +1074,13 @@ def selected_expr_register(self) -> Tuple[bool, Optional[str]]:
         elif self.target_type == TargetType.MEMORY:
             return False, None
         elif self.target_type == TargetType.OPERAND:
+
             opc = ida_bytes.get_bytes(self.stop_addr, ida_bytes.get_item_size(self.stop_addr))
             inst = self.arch.disasm_one(opc, self.stop_addr)
             op = inst.operands[self.op_num]
             if op.is_register():
-                return True, op.register.name
+                op_name = ida_lines.tag_remove(ida_ua.print_operand(self.stop_addr, self.op_num))
+                return True, op_name  # op.register.name
             else:
                 return False, None
 

qsynthesis/tritonast.py

@@ -8,10 +8,6 @@
 # Third-party modules
 from triton import TritonContext, AST_NODE, SYMBOLIC, ARCH
 
-# Qtrace imports
-from qtracedb.archs.manager import ArchsManager
-from qtracedb.archs.arch import Arch, Instr
-
 # QSynthesis imports
 from qsynthesis.types import AstNode, List, Tuple, Generator, Dict, Union, Optional, AstType, SymVarMap, \
                              SymbolicVariable, Char, IOVector, Input, Output
@@ -679,7 +675,7 @@ def visit_replacement(self, update: bool = True) -> Generator['TritonAst', 'Trit
                     self._inplace_replace(new_expr_to_send)
                     return
 
-    def reassemble(self, dst_reg: str, target_arch: Optional[Union['Arch', str]] = None) -> bytes:
+    def reassemble(self, dst_reg: str, target_arch: Optional[str] = None) -> bytes:
         """
         Reassemble the TritonAst in assembly. ``dst_reg`` is the destination register of the
         result of the computation of the AST. Parameter ``target_arch`` is either a QtraceDB
@@ -717,10 +713,9 @@ def my_asm_binary(arybo_expr, dst_regs, inps, target):
                     m = {ARCH.X86: "x86", ARCH.X86_64: "x86_64", ARCH.ARM32: "arm", ARCH.AARCH64: "aarch64"}
                     arch_name = m[self.ctx.getArchitecture()]
                 else:
-                    arch_name = target_arch if isinstance(target_arch, str) else target_arch.NAME.lower()
+                    arch_name = target_arch.lower()
                 arybo_expr = tritonast2arybo(self.expr, use_exprs=True, use_esf=False)
                 inps = {x.getName(): (x.getAlias(), x.getBitSize()) for x in self.symvars}
-                #return asm_binary(arybo_expr, (dst_reg, self.size), inps, f"{arch_name}-unknown-unknwon")
                 return my_asm_binary(arybo_expr, (dst_reg, self.size), inps, f"{arch_name}-unknown-unknwon")
             else:
                 raise ReassemblyError("Can only reassemble if variable are registers (at the moment)")
@@ -731,29 +726,6 @@ def my_asm_binary(arybo_expr, dst_regs, inps, target):
         except Exception as e:
             raise ReassemblyError(f"Something went wrong during reassembly: {e}")
 
-    def reassemble_to_insts(self, dst_reg: str, target_arch: Optional[Union[Arch, str]] = None) -> List[Instr]:
-        """
-        Similar to :meth:`TritonAst.reassemble` but returns Instruction object for each instruction
-        reassembled.
-
-        :param dst_reg: destination register as lowercase string
-        :param target_arch: target architecture in which to reassemble the AST
-        :returns: bytes of the AST reassembled in the given architecture
-        :raises: ReassemblyError
-
-        .. warning:: This method requires the ``arybo`` library that can be installed with
-           (pip3 install arybo).
-        """
-
-        # Note: let all exception being raised above if any
-        asm = self.reassemble(dst_reg, target_arch)
-        if target_arch is None:
-            m = {ARCH.X86: "x86", ARCH.X86_64: "x86_64", ARCH.ARM32: "arm", ARCH.AARCH64: "aarch64"}
-            arch = ArchsManager.get_arch(m[self.ctx.getArchitecture()])
-        else:
-            arch = ArchsManager.get_arch(target_arch) if isinstance(target_arch, str) else target_arch
-        return arch.disasm(asm, 0x0)
-
     def make_graph(self) -> 'Graph':
         """
         Generate a graph object representing the AST