miasm icon indicating copy to clipboard operation
miasm copied to clipboard

Published 20 hours ago verified publisher icon cea-sec

Arm: unknown mnemo STCMI

Open Godrichp opened this issue 6 years ago • 2 comments

The project VulSeeker(https://github.com/buptsseGJ/VulSeeker) use miasm. It use miasm to fetch asm code features. When processing arm binary, it will raise exception "unknown mnemo STCMI". It seems STC instruction is not supported. Would you mind adding the support? Thanks.

/Users/aaa/Project/VulSeeker/VulSeeker/2_gen_features.py: unknown mnemo STCMI      p5, c11, [R7], 0xFFFFFFC0
Traceback (most recent call last):
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/ida_idaapi.py", line 553, in IDAPython_ExecScript
    execfile(script, g)
  File "/Users/aaa/Project/VulSeeker/VulSeeker/2_gen_features.py", line 653, in <module>
    main()
  File "/Users/aaa/Project/VulSeeker/VulSeeker/2_gen_features.py", line 592, in main
    dfg = dataflow_analysis(func,block_items,DG)
  File "/Users/aaa/Project/VulSeeker/VulSeeker/2_gen_features.py", line 415, in dataflow_analysis
    ir_arch.add_block(block)
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/miasm2/arch/arm/sem.py", line 1664, in add_block
    ir_blocks_all, gen_pc_updt)
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/miasm2/ir/ir.py", line 589, in add_instr_to_irblock
    assignblk, ir_blocks_extra = self.instr2ir(instr)
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/miasm2/ir/ir.py", line 491, in instr2ir
    ir_bloc_cur, extra_irblocks = self.get_ir(instr)
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/miasm2/arch/arm/sem.py", line 1559, in get_ir
    instr_ir, extra_ir = get_mnemo_expr(self, instr, *args)
  File "/Applications/IDA Pro 7.0/ida.app/Contents/MacOS/python/miasm2/arch/arm/sem.py", line 1508, in get_mnemo_expr
    raise ValueError('unknown mnemo %s' % instr)
ValueError: unknown mnemo STCMI      p5, c11, [R7], 0xFFFFFFC0

Godrichp avatar Mar 11 '19 11:03 Godrichp

Hi @Godrichp !

Yes, we could implement the stcmi, but I afraid you won't go any further: I guess the next step will be to do some coprocessor function, and we haven't implemented those features yet :cry:

Do you know what kind of co processor function will come next?

serpilliere avatar Mar 12 '19 06:03 serpilliere

Thanks for your reply. From the Armv7 document A4.10, coprocessor instruction are CDP LDC, STC,MRC, MRRC, MCR, MCRR. That's only the Armv7'case. Arm64 may be different. I'm not very familiar with miasm's code. It will be appreciated if you can implement the stcmi. Other coprocessor instrucions may be similar. I can follow your examples to implement the features If other cases appear.

Godrichp avatar Mar 12 '19 06:03 Godrichp