Skip to content

Commit

Permalink
Update capstone and tests
Browse files Browse the repository at this point in the history
  • Loading branch information
imbillow committed Jul 4, 2023
1 parent 18a5ebd commit 8f04ca8
Show file tree
Hide file tree
Showing 15 changed files with 827 additions and 126 deletions.
2 changes: 1 addition & 1 deletion subprojects/capstone-next.wrap
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[wrap-git]
url = https://github.com/capstone-engine/capstone.git
revision = 7729902a56fafd971bebba7776f594172027a8bf
revision = 53e68142050957e278d1a7f31b6ab52cbe9bed26
directory = capstone-next
patch_directory = capstone-next
4 changes: 2 additions & 2 deletions test/db/analysis/golang
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ EXPECT=<<EOF
0x0027401c str.btcctl.conf
0x00274090 str.rpc.cert
0x00274104 str.rpc.cert
14104
14056
EOF
RUN

Expand Down Expand Up @@ -235,7 +235,7 @@ EXPECT=<<EOF
0x100006e64 str.pointer
0x100006eac str.panicwrap:_no___in
0x1000076d0 str.internal_error___misuse_of_itab
1709
1710
0x10008bada 31 31 slice bounds out of range [:%x]
0x10008babb 31 31 slice bounds out of range [%x:]
0x10008be19 32 32 slice bounds out of range [::%x]
Expand Down
766 changes: 718 additions & 48 deletions test/db/analysis/tricore

Large diffs are not rendered by default.

144 changes: 83 additions & 61 deletions test/db/analysis/vars
Original file line number Diff line number Diff line change
Expand Up @@ -959,11 +959,12 @@ EXPECT=<<EOF
var va_list ap @ stack + 0x4
arg const char *fmt @ a6
int printf(const char *format);
; CALL XREFS from dbg.main @ 0x8000054e, 0x80000636
;-- printf:
/ int dbg.printf(const char *fmt, va_args ..);
| ; arg const char *fmt @ a6
| ; var va_list ap @ stack + 0x4
| 0x80000c22 mov.aa a6, a4 ; printf.c:10 ; int printf(const char *fmt, va_args ..);
| 0x80000c22 mov.aa a6, a4 ; printf.c:10 ; arg5 ; int printf(const char *fmt, va_args ..);
---------
arg void *str @ a15
arg const char *buf @ a5
Expand All @@ -974,7 +975,7 @@ void dbg.prout(const char *buf);
| ; arg void *str @ a15
| ; arg size_t n @ d4
| ; arg const char *buf @ a5
| 0x80000c04 mov.aa a15, a4 ; printf.c:5 ; void *prout(void *str, const char *buf, size_t n);
| 0x80000c04 mov.aa a15, a4 ; printf.c:5 ; arg5 ; void *prout(void *str, const char *buf, size_t n);
---------
arg fp_number_type *b @ a12
arg fp_number_type *a @ a13
Expand All @@ -986,6 +987,8 @@ var int b_normal_exp @ d2
var intfrac tfraction @ d3
var fractype b_fraction @ d9
void dbg._fpadd_parts();
; CALL XREF from dbg.__adddf3 @ 0x80003e32
; CALL XREF from dbg.__subdf3 @ 0x80003e72
;-- _fpadd_parts:
/ fp_number_type *dbg._fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);
| ; arg fp_number_type *a @ a13
Expand All @@ -997,60 +1000,66 @@ void dbg._fpadd_parts();
| ; var fractype a_fraction @ d11
| ; var fractype b_fraction @ d9
| ; var int diff @ d12
| 0x80003c60 ld.bu d15, [a4]0 ; fp-bit.c:604 ; fp_number_type *_fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);
| 0x80003c60 ld.bu d15, [a4]#0 ; fp-bit.c:604 ; arg5 ; fp_number_type *_fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);
---------
var const char *sc @ a2
arg const char *s @ a4
arg size_t maxsize @ d4
void dbg.strnlen_s(const char *s);
; CALL XREF from dbg._Fail_s @ 0x8000191e
;-- strnlen_s:
/ size_t dbg.strnlen_s(const char *s, size_t maxsize);
| ; arg size_t maxsize @ d4
| ; var const char *sc @ a2
| ; arg const char *s @ a4
| 0x800030ca mov d2, 0 ; strnlen_s.c:6 ; size_t strnlen_s(const char *s, size_t maxsize);
| 0x800030ca mov d2, #0 ; strnlen_s.c:6 ; size_t strnlen_s(const char *s, size_t maxsize);
---------
arg mbstate_t *pst @ a12
var _Statab *pwcstate @ a13
arg char *s @ a15
arg wchar_t wc @ d15
void dbg._Wctomb();
; CALL XREF from dbg._Putstr @ 0x800014d2
;-- _Wctomb:
/ int dbg._Wctomb(char *s, wchar_t wc, mbstate_t *pst);
| ; arg char *s @ a15
| ; arg wchar_t wc @ d15
| ; arg mbstate_t *pst @ a12
| ; var _Statab *pwcstate @ a13
| 0x800018a6 movh.a a2, 53248 ; xwctomb.c:123 ; int _Wctomb(char *s, wchar_t wc, mbstate_t *pst);
| 0x800018a6 movh.a a2, #0xd000 ; xwctomb.c:123 ; int _Wctomb(char *s, wchar_t wc, mbstate_t *pst);
---------
arg wchar_t *pwc @ a4
arg const char *s @ a5
arg mbstate_t *pst @ a6
arg size_t nin @ d4
void dbg._Mbtowc(wchar_t *pwc, const char *s, mbstate_t *pst);
; CALL XREF from dbg._Printf @ 0x80000d02
;-- _Mbtowc:
/ int dbg._Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);
| ; arg size_t nin @ d4
| ; arg wchar_t *pwc @ a4
| ; arg const char *s @ a5
| ; arg mbstate_t *pst @ a6
| 0x80003084 movh.a a15, 53248 ; xmbtowc.c:150 ; int _Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);
| 0x80003084 movh.a a15, #0xd000 ; xmbtowc.c:150 ; int _Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);
---------
arg int except @ d4
int feraiseexcept(int excepts);
; CALL XREF from dbg._Feraise @ 0x8000343e
;-- feraiseexcept:
/ int dbg.feraiseexcept(int except);
| ; arg int except @ d4
| 0x800037d8 mov d2, 0 ; feraiseexcept.c:173 ; int feraiseexcept(int except);
| 0x800037d8 mov d2, #0 ; feraiseexcept.c:173 ; int feraiseexcept(int except);
---------
var Ppvoidfn newfuns @ a12
var size_t inc @ d15
void dbg._Atrealloc();
; CALL XREF from sym.atexit @ +0x30
; CALL XREF from dbg._Atexit @ 0x800033b8
;-- _Atrealloc:
/ int dbg._Atrealloc();
| ; var size_t inc @ d15
| ; var Ppvoidfn newfuns @ a12
| 0x80001994 movh.a a15, 53248 ; exit.c:22 ; int _Atrealloc();
| 0x80001994 movh.a a15, #0xd000 ; exit.c:22 ; int _Atrealloc();
---------
EOF
RUN
Expand All @@ -1064,52 +1073,56 @@ e asm.comments=0
pdf
EOF
EXPECT=<<EOF
/ sym.fn1();
/ sym.fn1(size_t size, int32_t arg5, int32_t arg6, int32_t arg7);
| ; arg size_t size @ a0
| ; arg int32_t arg5 @ a4
| ; arg int32_t arg6 @ a5
| ; arg int32_t arg7 @ a6
| 0x800004ce mov.aa a14, sp
| 0x800004d0 sub.a sp, 24
| 0x800004d2 st.w [a14]-4, d4
| 0x800004d6 st.a [a14]-8, a4
| 0x800004da st.d [a14]-16, e6
| 0x800004de st.a [a14]-20, a5
| 0x800004e2 st.a [a14]-24, a6
| 0x800004e6 ld.w d15, [a14]-20
| 0x800004ea jz d15, 0x800004f2
| 0x800004ec ld.w d15, [a14]-24
| 0x800004f0 jnz d15, 0x800004f6
| 0x800004f2 mov d15, 0
| 0x800004f4 j 0x8000054c
| 0x800004f6 mov d4, 20
| 0x800004fa call dbg.malloc
| 0x800004fe mov.aa a15, a2
| 0x80000500 mov.d d15, a15
| 0x80000502 ld.a a15, [a14]-24
| 0x80000506 st.w [a15]0, d15
| 0x80000508 ld.a a15, [a14]-24
| 0x8000050c ld.a a15, [a15]0
| 0x8000050e ld.w d15, [a14]-4
| 0x80000512 st.w [a15]0, d15
| 0x80000514 ld.a a15, [a14]-24
| 0x80000518 nop
| 0x8000051a ld.w d15, [a15]0
| 0x8000051c mov.a a15, d15
| 0x8000051e add.a a15, 4
| 0x80000520 mov d4, 5
| 0x80000522 ld.a a5, [a14]-8
| 0x80000526 mov.aa a4, a15
| 0x80000528 call dbg.strncpy
| 0x8000052c ld.a a15, [a14]-24
| 0x80000530 ld.a a15, [a15]0
| 0x80000532 ld.d e4, [a14]-16
| 0x80000536 call dbg.__truncdfsf2
| 0x8000053a mov d15, d2
| 0x8000053c st.w [a15]12, d15
| 0x8000053e ld.a a15, [a14]-24
| 0x80000542 ld.a a15, [a15]0
| 0x80000544 ld.w d15, [a14]-20
| 0x80000548 st.w [a15]16, d15
| 0x8000054a mov d15, 1
| 0x8000054c mov d2, d15
| 0x8000054e ret
| 0x800004d0 sub.a sp, #0x18
| 0x800004d2 st.w [a14]#-4, d4
| 0x800004d6 st.a [a14]#-8, a4
| 0x800004da st.d [a14]#-0x10, e6
| 0x800004de st.a [a14]#-0x14, a5
| 0x800004e2 st.a [a14]#-0x18, a6
| 0x800004e6 ld.w d15, [a14]#-0x14
| ,=< 0x800004ea jz d15, #0x800004f2
| | 0x800004ec ld.w d15, [a14]#-0x18
| ,==< 0x800004f0 jnz d15, #0x800004f6
| |`-> 0x800004f2 mov d15, #0
| |,=< 0x800004f4 j #0x8000054c
| `--> 0x800004f6 mov d4, #0x14
| | 0x800004fa call #0x80000afc
| | 0x800004fe mov.aa a15, a2
| | 0x80000500 mov.d d15, a15
| | 0x80000502 ld.a a15, [a14]#-0x18
| | 0x80000506 st.w [a15]#0, d15
| | 0x80000508 ld.a a15, [a14]#-0x18
| | 0x8000050c ld.a a15, [a15]#0
| | 0x8000050e ld.w d15, [a14]#-4
| | 0x80000512 st.w [a15]#0, d15
| | 0x80000514 ld.a a15, [a14]#-0x18
| | 0x80000518 nop
| | 0x8000051a ld.w d15, [a15]#0
| | 0x8000051c mov.a a15, d15
| | 0x8000051e add.a a15, #4
| | 0x80000520 mov d4, #5
| | 0x80000522 ld.a a5, [a14]#-8
| | 0x80000526 mov.aa a4, a15
| | 0x80000528 call #0x800011e0
| | 0x8000052c ld.a a15, [a14]#-0x18
| | 0x80000530 ld.a a15, [a15]#0
| | 0x80000532 ld.d e4, [a14]#-0x10
| | 0x80000536 call #0x80000728
| | 0x8000053a mov d15, d2
| | 0x8000053c st.w [a15]#0xc, d15
| | 0x8000053e ld.a a15, [a14]#-0x18
| | 0x80000542 ld.a a15, [a15]#0
| | 0x80000544 ld.w d15, [a14]#-0x14
| | 0x80000548 st.w [a15]#0x10, d15
| | 0x8000054a mov d15, #1
| `-> 0x8000054c mov d2, d15
\ 0x8000054e ret
EOF
RUN

Expand Down Expand Up @@ -1139,11 +1152,12 @@ EXPECT=<<EOF
var va_list ap @ stack + 0x4
arg const char *fmt @ a6
int printf(const char *format);
; CALL XREFS from dbg.main @ 0x8000054e, 0x80000636
;-- printf:
/ int dbg.printf(const char *fmt, va_args ..);
| ; arg const char *fmt @ a6
| ; var va_list ap @ stack + 0x4
| 0x80000c22 mov.aa a6, a4 ; printf.c:10 ; int printf(const char *fmt, va_args ..);
| 0x80000c22 mov.aa a6, a4 ; printf.c:10 ; arg5 ; int printf(const char *fmt, va_args ..);

arg void *str @ a15
arg const char *buf @ a5
Expand All @@ -1154,7 +1168,7 @@ void dbg.prout(const char *buf);
| ; arg void *str @ a15
| ; arg size_t n @ d4
| ; arg const char *buf @ a5
| 0x80000c04 mov.aa a15, a4 ; printf.c:5 ; void *prout(void *str, const char *buf, size_t n);
| 0x80000c04 mov.aa a15, a4 ; printf.c:5 ; arg5 ; void *prout(void *str, const char *buf, size_t n);

arg fp_number_type *b @ a12
arg fp_number_type *a @ a13
Expand All @@ -1166,6 +1180,8 @@ var int b_normal_exp @ d2
var intfrac tfraction @ d3
var fractype b_fraction @ d9
void dbg._fpadd_parts();
; CALL XREF from dbg.__adddf3 @ 0x80003e32
; CALL XREF from dbg.__subdf3 @ 0x80003e72
;-- _fpadd_parts:
/ fp_number_type *dbg._fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);
| ; arg fp_number_type *a @ a13
Expand All @@ -1177,60 +1193,66 @@ void dbg._fpadd_parts();
| ; var fractype a_fraction @ d11
| ; var fractype b_fraction @ d9
| ; var int diff @ d12
| 0x80003c60 ld.bu d15, [a4]0 ; fp-bit.c:604 ; fp_number_type *_fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);
| 0x80003c60 ld.bu d15, [a4]#0 ; fp-bit.c:604 ; arg5 ; fp_number_type *_fpadd_parts(fp_number_type *a, fp_number_type *b, fp_number_type *tmp);

var const char *sc @ a2
arg const char *s @ a4
arg size_t maxsize @ d4
void dbg.strnlen_s(const char *s);
; CALL XREF from dbg._Fail_s @ 0x8000191e
;-- strnlen_s:
/ size_t dbg.strnlen_s(const char *s, size_t maxsize);
| ; arg size_t maxsize @ d4
| ; var const char *sc @ a2
| ; arg const char *s @ a4
| 0x800030ca mov d2, 0 ; strnlen_s.c:6 ; size_t strnlen_s(const char *s, size_t maxsize);
| 0x800030ca mov d2, #0 ; strnlen_s.c:6 ; size_t strnlen_s(const char *s, size_t maxsize);

arg mbstate_t *pst @ a12
var _Statab *pwcstate @ a13
arg char *s @ a15
arg wchar_t wc @ d15
void dbg._Wctomb();
; CALL XREF from dbg._Putstr @ 0x800014d2
;-- _Wctomb:
/ int dbg._Wctomb(char *s, wchar_t wc, mbstate_t *pst);
| ; arg char *s @ a15
| ; arg wchar_t wc @ d15
| ; arg mbstate_t *pst @ a12
| ; var _Statab *pwcstate @ a13
| 0x800018a6 movh.a a2, 53248 ; xwctomb.c:123 ; int _Wctomb(char *s, wchar_t wc, mbstate_t *pst);
| 0x800018a6 movh.a a2, #0xd000 ; xwctomb.c:123 ; int _Wctomb(char *s, wchar_t wc, mbstate_t *pst);

arg wchar_t *pwc @ a4
arg const char *s @ a5
arg mbstate_t *pst @ a6
arg size_t nin @ d4
void dbg._Mbtowc(wchar_t *pwc, const char *s, mbstate_t *pst);
; CALL XREF from dbg._Printf @ 0x80000d02
;-- _Mbtowc:
/ int dbg._Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);
| ; arg size_t nin @ d4
| ; arg wchar_t *pwc @ a4
| ; arg const char *s @ a5
| ; arg mbstate_t *pst @ a6
| 0x80003084 movh.a a15, 53248 ; xmbtowc.c:150 ; int _Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);
| 0x80003084 movh.a a15, #0xd000 ; xmbtowc.c:150 ; int _Mbtowc(wchar_t *pwc, const char *s, size_t nin, mbstate_t *pst);

arg int except @ d4
int feraiseexcept(int excepts);
; CALL XREF from dbg._Feraise @ 0x8000343e
;-- feraiseexcept:
/ int dbg.feraiseexcept(int except);
| ; arg int except @ d4
| 0x800037d8 mov d2, 0 ; feraiseexcept.c:173 ; int feraiseexcept(int except);
| 0x800037d8 mov d2, #0 ; feraiseexcept.c:173 ; int feraiseexcept(int except);

var Ppvoidfn newfuns @ a12
var size_t inc @ d15
void dbg._Atrealloc();
; CALL XREF from sym.atexit @ +0x30
; CALL XREF from dbg._Atexit @ 0x800033b8
;-- _Atrealloc:
/ int dbg._Atrealloc();
| ; var size_t inc @ d15
| ; var Ppvoidfn newfuns @ a12
| 0x80001994 movh.a a15, 53248 ; exit.c:22 ; int _Atrealloc();
| 0x80001994 movh.a a15, #0xd000 ; exit.c:22 ; int _Atrealloc();

EOF
RUN
4 changes: 4 additions & 0 deletions test/db/analysis/x86_64
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,7 @@ RUN

NAME=block takeover
FILE=bins/elf/static-glibc-2.27
BROKEN=1
CMDS=<<EOF
e asm.comments=false
e asm.bytes=true
Expand Down Expand Up @@ -574,6 +575,7 @@ RUN

NAME=aaa with avra
FILE=bins/elf/class_test
BROKEN=1
CMDS=<<EOF
aaa
avra
Expand Down Expand Up @@ -2640,6 +2642,7 @@ RUN

NAME=refs with aar
FILE=bins/elf/crackme
BROKEN=1
CMDS=<<EOF
e analysis.jmp.cref=true
e asm.bytes=true
Expand All @@ -2664,6 +2667,7 @@ RUN

NAME=refs with afr
FILE=bins/elf/crackme
BROKEN=1
CMDS=<<EOF
e asm.bytes=true
e asm.lines.bb=false
Expand Down
2 changes: 1 addition & 1 deletion test/db/asm/x86_16
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ dB "jmp 0xfec50" e95bec
dB "jmp 0xec50" e95bec 0x1ffff2 (jmp (cast 16 false (bv 16 0xec50)))
d "jmp 0xec50" e95bec 0xfff2 (jmp (cast 16 false (bv 16 0xec50)))
ad "leave" c9 0x0 (seq (set sp (var bp)) (set sp (+ (var sp) (bv 16 0x2))) (set bp (loadw 0 16 (+ (+ (cast 16 false (var sp)) (bv 16 0x0)) (<< (cast 16 false (var ss)) (bv 8 0x4) false)))))
ad "loop 0xff92" e290 0x0 (seq (set cx (- (var cx) (bv 16 0x1))) (branch (! (is_zero (var cx))) (jmp (bv 16 0xff94)) nop))
adB "loop 0xff92" e290 0x0 (seq (set cx (- (var cx) (bv 16 0x1))) (branch (! (is_zero (var cx))) (jmp (bv 16 0xff94)) nop))
a "mov al, [0xbeef]" a0efbe 0x0 (set ax (| (& (var ax) (~ (bv 16 0xff))) (cast 16 false (loadw 0 8 (bv 16 0xbeef)))))
a "mov ax, [0xbeef]" a1efbe 0x0 (set ax (loadw 0 16 (bv 16 0xbeef)))
d "popf" 9d 0x0 (seq (set _flags (loadw 0 16 (+ (+ (cast 16 false (var sp)) (bv 16 0x0)) (<< (cast 16 false (var ss)) (bv 8 0x4) false)))) (set cf (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x2) false)) (set pf (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x2) false)) (set af (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x2) false)) (set zf (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x1) false)) (set sf (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x1) false)) (set tf (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x1) false)) (set if (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x1) false)) (set df (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x1) false)) (set of (lsb (var _flags))) (set _flags (>> (var _flags) (bv 8 0x3) false)) (set nt (lsb (var _flags))) (set sp (+ (var sp) (bv 16 0x2))))
Expand Down
2 changes: 1 addition & 1 deletion test/db/asm/x86_32
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ d "lodsd eax, dword [si]" 67ad 0x0 (seq (set eax (loadw 0 32 (+ (+ (cast 32 fals
d "loop 3" 66e200 0x0 (seq (set ecx (- (var ecx) (bv 32 0x1))) (branch (! (is_zero (var ecx))) (jmp (bv 32 0x6)) nop))
d "loope 3" 66e100 0x0 (seq (set ecx (- (var ecx) (bv 32 0x1))) (branch (&& (! (is_zero (var ecx))) (var zf)) (jmp (bv 32 0x6)) nop))
d "loopne 3" 66e000 0x0 (seq (set ecx (- (var ecx) (bv 32 0x1))) (branch (&& (! (is_zero (var ecx))) (! (var zf))) (jmp (bv 32 0x6)) nop))
d "lsl eax, dword [eax]" 0f0300
dB "lsl eax, dword [eax]" 0f0300
d "ltr ax" 0f00d8
d "ltr word [eax]" 0f0018
d "lzcnt eax, dword [eax]" f30fbd00
Expand Down
Loading

0 comments on commit 8f04ca8

Please sign in to comment.