Skip to content

LinuxSimProcedure ¤

LinuxSimProcedure ¤

LinuxSimProcedure(verbose=False)

Bases: CustomSimProcedure

Defines methods for customizing Linux simulation procedures.

This class includes methods for setting up the logger, handling alternative names, customizing hooks for static libraries, and loading the syscall table using the Linux loader.

This method sets up the Linux environment for simulation procedures by initializing the logger and configuring the environment for Linux-specific procedures.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
33
34
35
36
37
38
39
40
41
def __init__(self, verbose = False):
    """
    Initializes a Linux simulation procedure with optional verbosity.

    This method sets up the Linux environment for simulation procedures by initializing the logger and configuring the environment for Linux-specific procedures.
    """
    super().__init__(verbose)
    self.log = None
    self.setup("linux")

amd64_sim_proc_hook ¤

amd64_sim_proc_hook(project, name, sim_proc)

Applies a simulation procedure hook for AMD64 architecture in the project.

This function hooks the specified name with the provided simulation procedure, applying the System V AMD64 calling convention if the project architecture is AMD64.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
def amd64_sim_proc_hook(self, project, name, sim_proc):
    """
    Applies a simulation procedure hook for AMD64 architecture in the project.

    This function hooks the specified name with the provided simulation procedure, applying the System V AMD64 calling convention if the project architecture is AMD64.
    """
    if project.arch.name == "AMD64":
        project.hook(
            name,
            sim_proc(
                cc=SimCCSystemVAMD64(project.arch)
            ),
        )
        return True
    return False

config_logger ¤

config_logger()

Configures the logger if it is not already set.

This function sets up the logger for the Linux simulation procedure, initializing it with the specified log level if it is not already defined.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
43
44
45
46
47
48
49
50
51
def config_logger(self):
    """
    Configures the logger if it is not already set.

    This function sets up the logger for the Linux simulation procedure, initializing it with the specified log level if it is not already defined.
    """
    if self.log is None:
        self.log = logger
        self.log_level = log_level

custom_hook_linux_symbols ¤

custom_hook_linux_symbols(proj)

Customizes hooking for Linux symbols in the project.

This function applies custom procedures to symbols from the custom package, handling exceptions and standard procedures based on the symbol name.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
def custom_hook_linux_symbols(self, proj):
    """
    Customizes hooking for Linux symbols in the project.

    This function applies custom procedures to symbols from the custom package, handling exceptions and standard procedures based on the symbol name.
    """
    if self.verbose: self.log.info("custom_hook_linux_symbols")
    proj.loader
    symbols = proj.loader.symbols

    for symb in symbols:
        if symb.name in self.sim_proc["custom_package"]:
            # if "CreateThread" in symb.name:
            #     self.create_thread.add(symb.rebased_addr)
            proj.unhook(symb.rebased_addr)
            if not self.amd64_sim_proc_hook(proj, symb.rebased_addr, self.sim_proc["custom_package"][symb.name]):
                if symb.name not in self.CDECL_EXCEPT:
                    self.std_sim_proc_hook(proj, symb.rebased_addr, self.sim_proc["custom_package"][symb.name])
                else:
                    self.exception_sim_proc_hook(proj, symb.rebased_addr, self.sim_proc["custom_package"][symb.name])

custom_hook_static ¤

custom_hook_static(proj)

Applies custom static hooks for Linux symbols in the project.

This function customizes hooking for specific Linux symbols, including handling different procedures based on the symbol name, architecture, and predefined simulation procedures.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
def custom_hook_static(self, proj):
    """
    Applies custom static hooks for Linux symbols in the project.

    This function customizes hooking for specific Linux symbols, including handling different procedures based on the symbol name, architecture, and predefined simulation procedures.
    """
    if self.verbose: self.log.info("custom_hook_static_linux")
    proj.loader
    symbols = proj.loader.symbols

    simproc64 = {"fopen64": "fopen"}
    angr_simproc_to_check = [
        "glibc",
        "libc",
        "posix",
        "linux_kernel",
        "win32",
        "win_user32",
        "ntdll",
        "msvcr"
    ]

    def hook_readlink(symb, proj):
        if proj.arch.name == "X86":
            proj.hook(symb.rebased_addr, angr.SIM_PROCEDURES["posix"]["read"]())
        else:
            self.amd64_sim_proc_hook(proj, symb.rebased_addr, angr.SIM_PROCEDURES["posix"]["read"])

    for symb in symbols:
        name = symb.name
        if name == "readlink":
            hook_readlink(symb, proj)
        boo = False
        for simproc_to_check in angr_simproc_to_check:
            if name in angr.SIM_PROCEDURES[simproc_to_check]:
                boo = True
                if proj.arch.name != "X86":
                    self.amd64_sim_proc_hook(proj, symb.rebased_addr, angr.SIM_PROCEDURES[simproc_to_check][name])
                break
        if boo : continue
        if name in simproc64:
            if proj.arch.name != "X86":
                self.amd64_sim_proc_hook(proj, symb.rebased_addr, angr.SIM_PROCEDURES["libc"][simproc64[name]])
        elif "ordinal" in name:
            part_names = name.split(".")
            if self.verbose:
                lib_part = f"{part_names[2][2:]}.dll"
                self.log.info(lib_part)
                ord_part = part_names[1]
                self.log.info(ord_part)

deal_with_alt_names ¤

deal_with_alt_names(pkg_name, proc)

Sets the value in the sim_proc dictionary for alternative names encountered.

This function iterates through the alternative names of a procedure and assigns the procedure to the corresponding package name in the sim_proc dictionary.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
53
54
55
56
57
58
59
60
def deal_with_alt_names(self, pkg_name, proc):
    """
    Sets the value in the sim_proc dictionary for alternative names encountered.

    This function iterates through the alternative names of a procedure and assigns the procedure to the corresponding package name in the sim_proc dictionary.
    """
    for altname in proc.ALT_NAMES:
        self.sim_proc[pkg_name][altname] = proc

load_syscall_table ¤

load_syscall_table(proj)

Loads the syscall table using the Linux loader in the project.

This function initializes the system call table by loading it from the project using the Linux loader.

Source code in sema_toolchain/sema_scdg/application/procedures/LinuxSimProcedure.py 
151
152
153
154
155
156
157
def load_syscall_table(self, proj):
    """
    Loads the syscall table using the Linux loader in the project.

    This function initializes the system call table by loading it from the project using the Linux loader.
    """
    self.system_call_table = self.linux_loader.load_table(proj)