first files

2025-03-29 18:17:41 +01:00
parent a0a4afce31
commit 2d70eb315c
10 changed files with 121 additions and 0 deletions
--- a/Practica_2/Ej1_main.pdf
+++ b/Practica_2/Ej1_main.pdf
--- a/Practica_2/Ej1_main.png-1.png
+++ b/Practica_2/Ej1_main.png-1.png
--- a/Practica_2/Ej1_main.txt
+++ b/Practica_2/Ej1_main.txt
@ -0,0 +1,40 @@
+[0x08048390]> pdf @ main
+            ;-- main:
+/ (fcn) main 92
+|   main ();
+|           ; var int local_ch @ ebp-0xc
+|           ; var int local_4h_2 @ ebp-0x4
+|           ; var int local_4h @ esp+0x4
+|              ; DATA XREF from 0x080483a7 (entry0)
+|           0x080484d7      8d4c2404       lea ecx, [local_4h]         ; 4
+|           0x080484db      83e4f0         and esp, 0xfffffff0
+|           0x080484de      ff71fc         push dword [ecx - 4]
+|           0x080484e1      55             push ebp
+|           0x080484e2      89e5           mov ebp, esp
+|           0x080484e4      51             push ecx
+|           0x080484e5      83ec14         sub esp, 0x14
+|           0x080484e8      83ec08         sub esp, 8
+|           0x080484eb      6a64           push 0x64                   ; 'd' ; 100
+|           0x080484ed      6a00           push 0
+|           0x080484ef      e897ffffff     call sym.read_valid_int
+|           0x080484f4      83c410         add esp, 0x10
+|           0x080484f7      8945f4         mov dword [local_ch], eax
+|           0x080484fa      8b45f4         mov eax, dword [local_ch]
+|           0x080484fd      83e001         and eax, 1
+|           0x08048500      85c0           test eax, eax
+|       ,=< 0x08048502      7512           jne 0x8048516
+|       |   0x08048504      83ec0c         sub esp, 0xc
+|       |   0x08048507      68ea850408     push str.x_is_even          ; 0x80485ea ; "x is even"
+|       |   0x0804850c      e83ffeffff     call sym.imp.puts           ; int puts(const char *s)
+|       |   0x08048511      83c410         add esp, 0x10
+|      ,==< 0x08048514      eb10           jmp 0x8048526
+|      |`-> 0x08048516      83ec0c         sub esp, 0xc
+|      |    0x08048519      68f4850408     push str.x_is_odd           ; 0x80485f4 ; "x is odd"
+|      |    0x0804851e      e82dfeffff     call sym.imp.puts           ; int puts(const char *s)
+|      |    0x08048523      83c410         add esp, 0x10
+|      |       ; JMP XREF from 0x08048514 (main)
+|      `--> 0x08048526      b800000000     mov eax, 0
+|           0x0804852b      8b4dfc         mov ecx, dword [local_4h_2]
+|           0x0804852e      c9             leave
+|           0x0804852f      8d61fc         lea esp, [ecx - 4]
+\           0x08048532      c3             ret
--- a/Practica_2/Ej1_read_valid_int.pdf
+++ b/Practica_2/Ej1_read_valid_int.pdf
--- a/Practica_2/Ej1_read_valid_int.png-1.png
+++ b/Practica_2/Ej1_read_valid_int.png-1.png
--- a/Practica_2/Ej1_read_valid_int.txt
+++ b/Practica_2/Ej1_read_valid_int.txt
@ -0,0 +1,32 @@
+[0x080485a4]> pdf @ sym.read_valid_int
+/ (fcn) sym.read_valid_int 76
+|   sym.read_valid_int (int arg_8h, int arg_ch);
+|           ; var int local_ch @ ebp-0xc
+|           ; arg int arg_8h @ ebp+0x8
+|           ; arg int arg_ch @ ebp+0xc
+|              ; CALL XREF from 0x080484ef (main)
+|           0x0804848b      55             push ebp
+|           0x0804848c      89e5           mov ebp, esp
+|           0x0804848e      83ec18         sub esp, 0x18
+|           0x08048491      c745f4000000.  mov dword [local_ch], 0              ;->int x=0 en dirección ebp-0xc
+|      ..-> 0x08048498      83ec04         sub esp, 4
+|      ::   0x0804849b      ff750c         push dword [arg_ch]
+|      ::   0x0804849e      ff7508         push dword [arg_8h]
+|      ::   0x080484a1      68c0850408     push str.Provide_a_number_x_between__d_and__d: ; 0x80485c0 ; "Provide a number x between %d and %d: "
+|      ::   0x080484a6      e895feffff     call sym.imp.printf         ; int printf(const char *format)
+|      ::   0x080484ab      83c410         add esp, 0x10
+|      ::   0x080484ae      83ec08         sub esp, 8
+|      ::   0x080484b1      8d45f4         lea eax, [local_ch]
+|      ::   0x080484b4      50             push eax
+|      ::   0x080484b5      68e7850408     push 0x80485e7
+|      ::   0x080484ba      e8b1feffff     call sym.imp.__isoc99_scanf          ;->scanf
+|      ::   0x080484bf      83c410         add esp, 0x10
+|      ::   0x080484c2      8b45f4         mov eax, dword [local_ch]            ;->guarda valor de x en eax
+|      ::   0x080484c5      394508         cmp dword [arg_8h], eax     ; [0x13:4]=-1 ; 19   ;-> min < x
+|      `==< 0x080484c8      7fce           jg 0x8048498
+|       :   0x080484ca      8b45f4         mov eax, dword [local_ch]            ;->guarda valor de x en eax
+|       :   0x080484cd      3b450c         cmp eax, dword [arg_ch]     ; [0xc:4]=-1 ; 12    ;-> x  > max
+|       `=< 0x080484d0      7fc6           jg 0x8048498
+|           0x080484d2      8b45f4         mov eax, dword [local_ch]
+|           0x080484d5      c9             leave
+\           0x080484d6      c3             ret
--- a/Practica_2/analisis_grafos.py
+++ b/Practica_2/analisis_grafos.py
@ -0,0 +1,49 @@
+import angr
+from angrutils import * # for plot_cfg
+import sys
+import os
+
+if len(sys.argv) != 2:
+    print("Usage: python2 analisis_grafos.py <binary_file>")
+    sys.exit(1)
+
+binary_path = sys.argv[1]
+proj = angr.Project(binary_path, load_options={'auto_load_libs': False})
+main = proj.loader.main_object.get_symbol("main")
+start_state = proj.factory.blank_state(addr=main.rebased_addr)
+cfg = proj.analyses.CFGAccurate(
+    fail_fast=True, starts=[main.rebased_addr], initial_state=start_state
+)
+
+print("This is the graph:", cfg.graph)
+print("It has %d nodes and %d edges" % (len(cfg.graph.nodes()), len(cfg.graph.edges())))
+
+# this grabs *any* node at a given location:
+entry_node = cfg.get_any_node(main.rebased_addr)
+
+# on the other hand, this grabs all of the nodes
+print(
+    "There were %d contexts for the entry block"
+    % len(cfg.get_all_nodes(main.rebased_addr))
+)
+
+# we can also look up predecessors and successors
+print("Predecessors of the entry point:", entry_node.predecessors)
+print("Successors of the entry point:", entry_node.successors)
+print(
+    "Successors (and type of jump) of the entry point:",
+    [
+        jumpkind + " to " + str(node.addr)
+        for node, jumpkind in cfg.get_successors_and_jumpkind(entry_node)
+    ],
+)
+
+# Get the filename without extension
+filename_without_extension = os.path.splitext(os.path.basename(binary_path))[0]
+plot_cfg(
+    cfg,
+    filename_without_extension,
+    asminst=True,
+    remove_imports=True,
+    remove_path_terminator=True,
+)
--- a/Practica_2/ejemplo_cfg.out
+++ b/Practica_2/ejemplo_cfg.out
--- a/Practica_2/ejemplo_cfg.png
+++ b/Practica_2/ejemplo_cfg.png
--- a/Practica_2/feedme.png
+++ b/Practica_2/feedme.png