def find_virtual_regs(trace, manual=False, update=None):
"""
Maps the virtual registers on the stack to the actual registers after the vm exit.
:param trace: instruction trace
:return: virtual registers dict which maps the real regs onto virtual ones via stack addresses
"""
vmr = get_vmr()
assert isinstance(trace, Trace)
virt_regs = defaultdict(lambda: False)
# trace, vm_seg_start, vm_seg_end = extract_vm_segment(trace)
while trace:
try:
elem = trace.pop(len(trace) - 1)
if len(elem.disasm) > 0 and elem.disasm[0] == 'pop':
opnd = elem.disasm[1]
if get_reg_class(opnd) is None: # if not a register it is a mem_loc
pass
elif virt_regs[opnd]:
pass
else:
# the context always shows the registers after the execution, so we nee the SP from the instruction before
stack_addr = trace[len(trace) - 1].ctx[get_reg('rsp', trace.ctx_reg_size)]
virt_regs[opnd] = stack_addr
except:
pass
if update is not None:
update.pbar_update(60)
vmr.vm_stack_reg_mapping = virt_regs
if manual:
print ''.join('%s:%s\n' % (c, virt_regs[c]) for c in virt_regs.keys())
return virt_regs
评论列表
文章目录
