* Armv7 code refactor
Removes dead imports, makes code style more consistent and a bit more compliant with pep8 (yeah i seems we don't enforce any particular style, but this seems to be a reasonable default for me).
* Review fix: add comment for armv7 _shift
* WIP. issues with setting PC correctly via POP are corrected. issues with pc relative addressing in thumb mode corrected. Still a memory access error, but getting there
* WIP - PC relative addressing in thumb mode now aligns the value for PC per the spec before applying offset
* General thumb mode fixes:
* ldr pc, <operand> now swaps modes and sets pc correctly
* the bl instruction sets the lr appropriately for the current mode
* the two operand forms of the ORR, EOR, and BIC instructions now exist
* tests added for these updates
* comment cleanup
* WIP :more thumb mode instructions, a special case for the sys_brk handled, and a really ugly solution to an internal plumbing problem
* First attempt at concretizing ARM mode
* Handle symbolic mode for ARMv7
* Clean up imports
* Make comment more accurate and use instruction.size
* Collapse _Shift and _Shift_thumb
* Make ARM mode handling more Pythonic
* Improve comment on arm shift register handling and capstone behavior
* orn instruction plus unit test
* uadd8 and it instructions implemented
* SEL instruction implementation
* GE flag set by UADD8
* IT instruction condition code properly no longer prevents its execution
* support for multiple instruction tests added to testing setup
* unit test for SEL instruction
* cleaned up the tests for thumb instructions
* implemented sxth and rev instructions
* implemented tests for sxth and rev instructions
* updated the add implementation to support two operand variant (i.e., add r4, #4)
* added test for itete ne instruction
- blx <Rm> swaps mode appropriately
- asr.w and lsr.w in thumb mode handle immediates for op2 correctly
- unit tests for thumb mode behavior for shifting instructions
- unit tests check for correct mode on BX and BLX instructions
* Add MOVT instruction
* Add new ARM operand types for MRC
* mrc implementation seems to work
* UXTB inst implemented, provisional implementations of LDREX and STREX
* Added unit tests for MRC, MOVT, and UXTB
* Added mode swapping from blx instruction on arm cpu
* Make tests pass
* Enable simple ARM register concretization for Unicorn
* Add canonical_registers property to abstractcpu
* cpu to self
* Check for regs_access better
* Emulate a single instruction
* Bypass capstone 3.0.4 arm bug
* Dealing with capstone
* Temporary disable ASR and remobe BitVec.Bool from test
* WIP WIP debug prints WIP WIP
* Unicorn fallback working (using unicorn master)
* HAck to support unicorn 1.0.0
* WIP
* Unicorn hack to handle PC updates
* [WIP] do not do anything with this commit; for debugging only
* Adding before clean up
* emulation more or less works; need to work out more unicorn bugs
* clean up emulate() caller code
* move hooks to methods; cleanup
* Concretize memory when emulating
* Re-add Bool()
* Update tests to start at offset 4
When an instruction branches to the previous instruction,
Unicorn attempts to dereference that memory. We'd like to use
unit tests to also make sure Unicorn emulation is in line with
our own semantics. If we start all tests at offset 4, we can
jump to a previous instruction and not fault when Unicorn
dereferences it.
* Fix concretization
* Clean up test imports; upper-case Cpu
* Unicorn tests
* Add tests for all the ARM semantics, but make sure they're equivalent
on unicorn.
* Add a few tests to make sure unicorn correctly concretizes the memory
it references
* Fix broken import
* Add symbolic register tests
* Re-introduce the unicorn hack
* Add the 'ONE' concretization policy
* Rm unused function
* Update concretization; add comments
* Add ONE policy test
* Create a base class for all concretization exceptions
* Remove Armv7Cpu._concretize_registers
* Check for enabled logging in a more idiomatic way
* [wip] intermediate testing commit
* Reimplement hooks and execution with unicorn
* Add a DMB (mem barrier) instruction; nop
* simplify instruction resolution
* improve unicorn error handling
* explicitly delete emu
* Handle ARM helpers inline
* map fetched memory
* Narrow exception handling
* Update DMB docs; make __kuser_dmb match real implementation
* Fix typo; add comment; remove extraneous parameter
* typos++
* RegisterFile refactor everywhere
* Update arm_rf tests
* Refactor Operand in both x86 and arm
* Add APSR support (#53)
* Add APSR support
* #issuecomment-284826572
* APSR tests
* cspr to aspr
* RegisterFile refactor everywhere
* Update arm_rf tests
* Refactor Operand in both x86 and arm
* Rebased and NotImplementedError fix
* ARM register initialization compressed
* Fix merging bugs
* Assimilate PR comments
* Assimilate PR comments2
* The new style. future is now
* WIP
* Improve quick start ,add asciinema (#58)
* Towards a helloworld world
* Rm requirements.txt (#56)
* Print workspace dir by default (#55)
* Print workspace dir by default
* Change initial cli output
* refactor or or or
* WIP
* Add arm rf testcase
* ARM aliases fix
* debug print removed
* fix tests
* Remove unicorn script from travis build (#64)
* remove unicorn script from travis build
* remove unicorn script entirely
* Rename test -> tests (#66)
* rename test -> tests
* re-add ignored tests
* Switch instructions to prefer virtualenv (#65)
* switch instructions to prefer virtualenv
* document use of virtualenvwrapper
* Make cpuid more forgiving (#67)
* Make cpuid more forgiving
* error() to warning()
* Add CPUID EAX=0xd ECX=0,1
* Let logger handle the format string iff needed
* to hex
* Rm unused files (#76)
* Move state into own file (#75)
* Move State from executor.py
* Fix import
* relative import
* Rm unnecessary code (#80)
* Add example crackme (#77)
* add example crackme
* make filename and directory structure more accurate
* Fix state.branches (#74)
* init
* rm old code
pretty sure it's wrong
* Clean
* rm
* Rename record_fork, move to ConcretizeRegister exception handler
It doesn't need to be in fork() because it's only relevant for when
we fork due to PC.
* Add test for record_branches
* Add back record_branches which got removed in rebase
Rebase went oddly because State got moved to a new file
* unnecesary tuple()
* necesary tuple
* remove unnecessary keys()
* Use OrderedDict (#84)
It can be useful to know elements in `branches` towards the end are
more recently discovered branches
* arm: Fix broken dynamic APSR (#78)
* Refactor Register (#82)
* Fix register read bug
If we store a BitVec, we do NOT want to return bool() of it, which
returns True, which is totally incorrect. We do however, want to return
a symbolic Bool of it, if it is a 1 bit register (flag).
* Improve
* Raise error
* Fix register tests
Changed the interfaces:
- removed nbits param (never used)
- no longer raise AssertionError when overflowing a flag reg, just
truncate
- rename test funcs to be more descriptive
* rm unused import
* Add symbolic tests
* Rm no longer applicable test
* Add docs (#61)
* Add sphinx-quickstart generated docs
* Add api.rst
* Edit index.rst
* Add autodocumenting Manticore class
* Update Manticore docstring
* Doc verbosity
* Doc hook and add_hook
* More docs
* Add Sphinx dev dep
For building docs
* RegisterFile refactor everywhere
* Update arm_rf tests
* Refactor Operand in both x86 and arm
* RegisterFile refactor everywhere
* Refactor Operand in both x86 and arm
* Rebased and NotImplementedError fix
* ARM register initialization compressed
* Fix merging bugs
* Assimilate PR comments
* Assimilate PR comments2
* The new style. future is now
* WIP
* Towards a helloworld world
* refactor or or or
* WIP
* Add arm rf testcase
* ARM aliases fix
* debug print removed
* fix tests
* unnecesary tuple()
* necesary tuple
* remove unnecessary keys()
* rebased
* Remove test
* https://github.com/trailofbits/manticore/pull/57#pullrequestreview-27971778
* https://github.com/trailofbits/manticore/pull/57#discussion_r107820815, https://github.com/trailofbits/manticore/pull/57#discussion_r107820331
* https://github.com/trailofbits/manticore/pull/57#discussion_r107821090
* https://github.com/trailofbits/manticore/pull/57#discussion_r107821066
* https://github.com/trailofbits/manticore/pull/57#discussion_r107821919
* OOps search and replace
* (invalid) -> None
* The (invalid) -> None
* None vs. invalid
* In armpy we know that STACK is SP so lets try to eliminate cpu.STACK in favor of x.SP
* remove ugly hex
* Removed redundant import and comment
