From 56042c28a3632d17e88dca547c2f87a6696bfabe Mon Sep 17 00:00:00 2001 From: Han Dai Date: Fri, 1 Mar 2024 13:42:52 -0500 Subject: [PATCH] fix #18 --- src/patcherex2/components/archinfo/aarch64.py | 1 + src/patcherex2/components/archinfo/amd64.py | 1 + src/patcherex2/components/archinfo/arm.py | 1 + src/patcherex2/components/archinfo/mips.py | 1 + src/patcherex2/components/archinfo/mips64.py | 1 + src/patcherex2/components/archinfo/ppc.py | 1 + src/patcherex2/components/archinfo/ppc64.py | 1 + src/patcherex2/components/archinfo/ppc_vle.py | 1 + src/patcherex2/components/archinfo/sparc.py | 1 + src/patcherex2/components/archinfo/x86.py | 1 + src/patcherex2/components/utils/utils.py | 6 ++++++ 11 files changed, 16 insertions(+) diff --git a/src/patcherex2/components/archinfo/aarch64.py b/src/patcherex2/components/archinfo/aarch64.py index a1f33fb..b910824 100644 --- a/src/patcherex2/components/archinfo/aarch64.py +++ b/src/patcherex2/components/archinfo/aarch64.py @@ -4,6 +4,7 @@ class Aarch64Info: jmp_asm = "b {dst}" jmp_size = 4 call_asm = "bl {dst}" + pc_reg_names = ["pc", "ip"] save_context_asm = """ sub sp, sp, #0x1f0 stp x0, x1, [sp, #0x0] diff --git a/src/patcherex2/components/archinfo/amd64.py b/src/patcherex2/components/archinfo/amd64.py index de8aa93..480ced5 100644 --- a/src/patcherex2/components/archinfo/amd64.py +++ b/src/patcherex2/components/archinfo/amd64.py @@ -4,6 +4,7 @@ class Amd64Info: jmp_asm = "jmp {dst}" jmp_size = 6 call_asm = "call {dst}" + pc_reg_names = ["rip"] save_context_asm = """ push rax push rbx diff --git a/src/patcherex2/components/archinfo/arm.py b/src/patcherex2/components/archinfo/arm.py index 74202ae..4a4741a 100644 --- a/src/patcherex2/components/archinfo/arm.py +++ b/src/patcherex2/components/archinfo/arm.py @@ -4,6 +4,7 @@ class ArmInfo: jmp_asm = "b {dst}" jmp_size = 4 call_asm = "bl {dst}" + pc_reg_names = ["pc", "r15", "ip"] save_context_asm = """ push {r0-r11} """ diff --git a/src/patcherex2/components/archinfo/mips.py b/src/patcherex2/components/archinfo/mips.py index 19505a2..396d4f6 100644 --- a/src/patcherex2/components/archinfo/mips.py +++ b/src/patcherex2/components/archinfo/mips.py @@ -5,6 +5,7 @@ class MipsInfo: # NOTE: keystone will always add nop for branch delay slot, so include it in size jmp_size = 8 call_asm = "jal {dst}" + pc_reg_names = ["pc"] save_context_asm = """ sub $sp, $sp, -124 sw $ra, 120($sp) diff --git a/src/patcherex2/components/archinfo/mips64.py b/src/patcherex2/components/archinfo/mips64.py index b17565e..fcfac1a 100644 --- a/src/patcherex2/components/archinfo/mips64.py +++ b/src/patcherex2/components/archinfo/mips64.py @@ -5,6 +5,7 @@ class Mips64Info: # NOTE: keystone will aldays add nop for branch delay slot, so include it in size jmp_size = 8 call_asm = "jal {dst}" + pc_reg_names = ["pc"] save_context_asm = """ sub $sp, $sp, -248 sd $ra, 240($sp) diff --git a/src/patcherex2/components/archinfo/ppc.py b/src/patcherex2/components/archinfo/ppc.py index 876846d..0c0dc82 100644 --- a/src/patcherex2/components/archinfo/ppc.py +++ b/src/patcherex2/components/archinfo/ppc.py @@ -4,6 +4,7 @@ class PpcInfo: jmp_asm = "b {dst}" jmp_size = 4 call_asm = "bl {dst}" + pc_reg_names = [] save_context_asm = """ stwu r1, -0x80(r1) stmw r3, 0x8(r1) diff --git a/src/patcherex2/components/archinfo/ppc64.py b/src/patcherex2/components/archinfo/ppc64.py index 10f821f..84d321b 100644 --- a/src/patcherex2/components/archinfo/ppc64.py +++ b/src/patcherex2/components/archinfo/ppc64.py @@ -4,6 +4,7 @@ class Ppc64Info: jmp_asm = "b {dst}" jmp_size = 4 call_asm = "bl {dst}" + pc_reg_names = [] save_context_asm = """ stwu r1, -0x80(r1) stmw r3, 0x8(r1) diff --git a/src/patcherex2/components/archinfo/ppc_vle.py b/src/patcherex2/components/archinfo/ppc_vle.py index bad1e7c..a3b747e 100644 --- a/src/patcherex2/components/archinfo/ppc_vle.py +++ b/src/patcherex2/components/archinfo/ppc_vle.py @@ -4,5 +4,6 @@ class PpcVleInfo: jmp_asm = "b {dst}" jmp_size = 4 call_asm = "bl {dst}" + pc_reg_names = [] save_context_asm = "" # TODO restore_context_asm = "" # TODO diff --git a/src/patcherex2/components/archinfo/sparc.py b/src/patcherex2/components/archinfo/sparc.py index 2e82822..6fd608b 100644 --- a/src/patcherex2/components/archinfo/sparc.py +++ b/src/patcherex2/components/archinfo/sparc.py @@ -4,5 +4,6 @@ class SparcInfo: jmp_asm = "b {dst}\nnop" # nop due to delay slot jmp_size = 8 call_asm = "call {dst}" + pc_reg_names = ["pc"] save_context_asm = "" # TODO restore_context_asm = "" # TODO diff --git a/src/patcherex2/components/archinfo/x86.py b/src/patcherex2/components/archinfo/x86.py index 8254acf..41bae5d 100644 --- a/src/patcherex2/components/archinfo/x86.py +++ b/src/patcherex2/components/archinfo/x86.py @@ -4,6 +4,7 @@ class X86Info: jmp_asm = "jmp {dst}" jmp_size = 5 call_asm = "call {dst}" + pc_reg_names = ["eip"] save_context_asm = """ pusha """ diff --git a/src/patcherex2/components/utils/utils.py b/src/patcherex2/components/utils/utils.py index 697893a..b70ea9d 100644 --- a/src/patcherex2/components/utils/utils.py +++ b/src/patcherex2/components/utils/utils.py @@ -1,4 +1,5 @@ import logging +import re from typing import Dict, Optional from ..allocation_managers.allocation_manager import MemoryFlag @@ -128,6 +129,11 @@ def is_movable_instruction(self, addr: int) -> bool: is_thumb = self.p.binary_analyzer.is_thumb(addr) insn = self.p.binary_analyzer.get_instr_bytes_at(addr) asm = self.p.disassembler.disassemble(insn, addr, is_thumb=is_thumb)[0] + # if instruction use PC as a base register, it's not movable + tokens = re.split(r"\s|,|\[|\]", asm["op_str"]) + tokens = list(filter(None, tokens)) + if list(set(self.p.archinfo.pc_reg_names) & set(tokens)): + return False asm = self.p.disassembler.to_asm_string(asm) for addr in [0x0, 0x7F00000, 0xFE000000]: if self.p.assembler.assemble(asm, addr, is_thumb=is_thumb) != insn: