Merge pull request #60 from trailofbits/fix-manticore

fixed Manticore backend

bin/deepstate/common.py

@@ -206,16 +206,17 @@ class DeepState(object):
     tests.sort(key=lambda t: (t.file_name, t.line_number))
     return tests
 
-  def read_api_table(self, ea):
+  def read_api_table(self, ea, base = 0):
     """Reads in the API table."""
+    ea = ea + base
     apis = {}
     while True:
       api_name_ea, ea = self.read_uintptr_t(ea)
       api_ea, ea = self.read_uintptr_t(ea)
       if not api_name_ea or not api_ea:
         break
-      api_name, _ = self.read_c_string(api_name_ea)
-      apis[api_name] = api_ea
+      api_name, _ = self.read_c_string(api_name_ea + base)
+      apis[api_name] = api_ea + base
     self.context['apis'] = apis
     return apis
 

bin/deepstate/main_manticore.py

@@ -371,6 +371,11 @@ def run_tests(args, state, apis):
 
   exit(0)
 
+def get_base(m):
+  if m.initial_state.cpu.address_bit_size == 32:
+    return 0x56555000
+  else:
+    return 0x555555554000
 
 def main_takeover(m, args, takeover_symbol):
   takeover_ea = find_symbol_ea(m, takeover_symbol)
@@ -389,7 +394,8 @@ def main_takeover(m, args, takeover_symbol):
     L.critical("Could not find API table in binary `{}`".format(args.binary))
     return 1
 
-  apis = mc.read_api_table(ea_of_api_table)
+  base = get_base(m)
+  apis = mc.read_api_table(ea_of_api_table, base)
   del mc
 
   fake_test = TestInfo(takeover_ea, '_takeover_test', '_takeover_file', 0)
@@ -417,7 +423,8 @@ def main_unit_test(m, args):
     L.critical("Could not find API table in binary `{}`".format(args.binary))
     return 1
 
-  apis = mc.read_api_table(ea_of_api_table)
+  base = get_base(m)
+  apis = mc.read_api_table(ea_of_api_table, base)
   del mc
 
   m.add_hook(setup_ea, lambda state: run_tests(args, state, apis))