Source released for EuroS&P 2017

LICENSE

@@ -0,0 +1,28 @@
+Copyright (c) 2016, 2017 Dennis Andriesse, Vrije Universiteit Amsterdam.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright notice, this 
+    list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright notice, 
+    this list of conditions and the following disclaimer in the documentation 
+    and/or other materials provided with the distribution.
+
+  * Neither the name of the copyright holders nor the names of its contributors 
+    may be used to endorse or promote products derived from this software 
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

Makefile

@@ -0,0 +1,28 @@
+CXX=g++
+CXXFLAGS=-Wall -std=c++11 -O2 -DNDEBUG
+LDFLAGS=-lcapstone -lbfd
+
+SRC=nucleus.cc bb.cc cfg.cc dataregion.cc disasm.cc edge.cc exception.cc export.cc function.cc insn.cc loader.cc log.cc options.cc strategy.cc util.cc
+OBJ=$(patsubst %.cc,obj/%.o,$(SRC))
+BIN=nucleus
+
+.PHONY: all clean
+
+all: $(BIN)
+
+$(OBJ): | obj
+
+obj:
+	@mkdir -p $@
+
+obj/%.o: %.cc %.h
+	$(CXX) $(CXXFLAGS) -c -o $@ $<
+
+$(BIN): $(OBJ)
+	$(CXX) $(CXXFLAGS) -o $(BIN) $(OBJ) $(LDFLAGS)
+
+clean:
+	rm -f $(OBJ)
+	rm -Rf obj
+	rm -f $(BIN)
+

README

@@ -0,0 +1,12 @@
+Requirements:
+  - libcapstone (tested with 3.0)
+  - libbfd
+
+Platform:
+  - Tested on Ubuntu 15.10 and 16.04
+
+Suggested usage:
+  make
+  ./nucleus -e /bin/ls -d linear -i idainfo.py
+  (idainfo.py can be run in IDA Pro to import the functions found by nucleus)
+

bb.cc

@@ -0,0 +1,55 @@
+#include <stdio.h>
+
+#include "bb.h"
+#include "insn.h"
+
+
+void
+BB::print(FILE *out)
+{
+  fprintf(out, "BB @0x%016jx (score %.10f) %s%s%s%s {\n", 
+          start, score, invalid ? "i" : "-", privileged ? "p" : "-", 
+          addrtaken ? "a" : "-", padding ? "n" : "-");
+  if(invalid) {
+    fprintf(out, "  0x%016jx  (bad)", start);
+  } else {
+    for(auto &ins: insns) {
+      ins.print(out);
+    }
+  }
+  if(!ancestors.empty()) {
+    fprintf(out, "--A ancestors:\n");
+    for(auto &e: ancestors) {
+      fprintf(out, "--A 0x%016jx (%s)\n", e.src->insns.back().start, e.type2str().c_str());
+    }
+  }
+  if(!targets.empty()) {
+    fprintf(out, "--T targets:\n");
+    for(auto &e: targets) {
+      fprintf(out, "--T 0x%016jx (%s)\n", e.dst->start+e.offset, e.type2str().c_str());
+    }
+  }
+  fprintf(out, "}\n\n");
+}
+
+
+bool
+BB::is_called()
+{
+  for(auto &e: ancestors) {
+    if((e.type == Edge::EDGE_TYPE_CALL) 
+       || (e.type == Edge::EDGE_TYPE_CALL_INDIRECT)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+
+bool
+BB::returns()
+{
+  return (insns.back().flags & Instruction::INS_FLAG_RET);
+}
+

bb.h

@@ -0,0 +1,58 @@
+#ifndef NUCLEUS_BB_H
+#define NUCLEUS_BB_H
+
+#include <stdio.h>
+#include <stdint.h>
+
+#include <list>
+
+#include "insn.h"
+#include "edge.h"
+#include "loader.h"
+
+class Function;
+
+class BB {
+public:
+  BB() : start(0), end(0), function(NULL), section(NULL), score(0.0), 
+         alive(false), invalid(false), privileged(false), addrtaken(false), padding(false), trap(false) {}
+  BB(const BB &bb) : start(bb.start), end(bb.end), insns(bb.insns), function(bb.function), section(bb.section), score(bb.score), 
+                     alive(bb.alive), invalid(bb.invalid), privileged(bb.privileged), addrtaken(bb.addrtaken), padding(bb.padding), trap(bb.trap), 
+                     ancestors(bb.ancestors), targets(bb.targets) {}
+
+  void reset()                           { start = 0; end = 0; insns.clear(); function = NULL; section = NULL; score = 0.0; 
+                                           alive = false; invalid = false; privileged = false; addrtaken = false; padding = false; trap = false;
+                                           ancestors.clear(); targets.clear(); }
+  void set(uint64_t start, uint64_t end) { reset(); this->start = start; this->end = end; }
+
+  bool is_addrtaken () { return addrtaken; }
+  bool is_padding   () { return padding; }
+  bool is_trap      () { return trap; }
+  bool is_called    ();
+  bool returns      ();
+
+  void print(FILE *out);
+
+  static bool comparator (BB& bb, BB& cc)     { return bb.start < cc.start; }
+  inline bool operator<  (const BB& cc) const { return this->start < cc.start; }
+
+  uint64_t                start;
+  uint64_t                end;
+  std::list<Instruction>  insns;
+  Function               *function;
+  Section                *section;
+
+  double                  score;
+  bool                    alive;
+  bool                    invalid;
+  bool                    privileged;
+  bool                    addrtaken;
+  bool                    padding;
+  bool                    trap;
+
+  std::list<Edge>         ancestors;
+  std::list<Edge>         targets;
+};
+
+#endif /* NUCLEUS_BB_H */
+