doc: use packet.exe example in User Manual

GaloisInc · Jul 10, 2024 · 0976272 · 0976272
1 parent ed40d0d
commit 0976272
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 8 deletions.
diff --git a/docs/user-manual/binary-ninja-ui.tex b/docs/user-manual/binary-ninja-ui.tex
@@ -39,6 +39,9 @@ \subsection{Installation}
 
 \subsection{Usage}
 
+In Section~\ref{sec:terminal-ui} we examined the \texttt{packet.exe} example using the \pate{} terminal UI.
+In this section, we describe analyzing the same example using the \pate{} Binary Ninja plugin.
+
 \begin{figure}[h]
   \centering
   \includegraphics[width=\textwidth]{pate-binja-overview.png}
@@ -57,7 +60,7 @@ \subsection{Usage}
     \item[\texttt{args}] a list additional arguments to pass to \pate{}
 \end{description}
 
-For example:
+For example, the file \texttt{tests/integration/packet/packet.run-config.json} contains:
 
 \begin{verbatim}
   {
@@ -69,11 +72,12 @@ \subsection{Usage}
   }
 \end{verbatim}
 
-After selecting a run configuration file, the \pate{} plugin will open three Binary Ninja tabs: one for each of the original and patched binaries, and a third \emph{\pate{} analysis} tab.
+After selecting the run configuration file, the \pate{} plugin will open three Binary Ninja tabs: one for each of the original and patched binaries, and a third \emph{\pate{} analysis} tab.
 
 As shown in Figure~\ref{fig:overview}, the \pate{} analysis tab is composed of two primary regions.
-The bottom portion is an interactive text view that corresponds to the terminal user interface described in Section~\ref{sec:terminal-ui}.
+The bottom portion is an interactive text view that corresponds to the terminal user interface.
 The user interacts with this region through the text input field at the bottom of the window.
+In the \texttt{packet.exe} example, the user enters the same commands described in Section~\ref{sec:terminal-ui} through the \texttt{Finish and view final result} step, at which point results will be rendered in the interactive Binary Ninja view.
 
 The top portion of the \pate{} analysis tab is a graph view showing the current state of the \pate{} analysis.
 When \pate{} analysis is complete (via interaction in the bottom portion), the \pate{} graph shows rectangles for each slice of the program analyzed by \pate{}.
@@ -102,7 +106,7 @@ \subsection{Usage}
 
 Right clicking on a rectangle in the \pate{} analysis graph and selecting ``Show Instruction Trees'' will open a new window showing basic blocks from the original program on the left and corresponding basic blocks from the patched program on the right.
 At the bottom will be a linearized representation of the instruction trees in the original and patched program, with colorized diff view.
-Instructions conditionally reachable through control flow edges are prefixed by \texttt{+} or \texttt{-} to differentiate instructions in distinct branches.
+Instructions conditionally reachable through conditional control flow edges (if any) are prefixed by \texttt{+} or \texttt{-} to differentiate instructions in distinct branches.
 
 \subsection{Replays}
 

diff --git a/docs/user-manual/build.tex b/docs/user-manual/build.tex
@@ -27,10 +27,11 @@ \subsection{Recommended: Docker Container Image}
 \begin{verbatim}
   docker run --rm -it \
     --platform linux/amd64 \
-    -v "$(pwd)"/tests:/tests \
+    -v "$(pwd)"/tests/integration/packet/exe:/target \
     pate \
-    --original /tests/aarch32/const-args.original.exe \
-    --patched /tests/aarch32/const-args.patched.exe
+    --original /target/packet.exe \
+    --patched /target/packet.patched.exe \
+    -s parse_packet
 \end{verbatim}
 
 Please see later sections for detailed usage information.

diff --git a/docs/user-manual/images/pate-binja-equiv-cond.png b/docs/user-manual/images/pate-binja-equiv-cond.png
diff --git a/docs/user-manual/images/pate-binja-overview.png b/docs/user-manual/images/pate-binja-overview.png
diff --git a/docs/user-manual/terminal-ui.tex b/docs/user-manual/terminal-ui.tex
@@ -9,7 +9,19 @@ \section{The \pate{} Terminal UI}
 
 \subsection{Example Usage}
 
-After first starting \pate{}, the user is presented with a list of entry points and makes a selection:
+Launch \pate{} on the binaries in the \texttt{tests/integration/packet/exe/} directory with:
+
+\begin{verbatim}
+   docker run --rm -it \
+     --platform linux/amd64 \
+     -v "$(pwd)"/tests/integration/packet/exe:/target \
+     pate \
+     --original /target/packet.exe \
+     --patched /target/packet.patched.exe \
+     -s parse_packet
+ \end{verbatim}
+
+Once launched, \pate{} presents the user is presented with a list of entry points and makes a selection:
 \begin{lstlisting}
   Choose Entry Point
   0: Function Entry "_start" (segment1+0x435)

diff --git a/tests/integration/packet/packet.exp b/tests/integration/packet/packet.exp
@@ -14,6 +14,9 @@
 #    ./tests/integration/packet/packet.exp
 #
 # Note that expected strings must be escaped: double-quotes (\") and brackets (\\\[)
+#
+# Also note this example is mentioned in the README.rst and used in the User Manual.
+# Major changes here likely warrant an update of the corresponding User Manual content.
 
 spawn ./pate.sh --original tests/integration/packet/exe/packet.exe --patched tests/integration/packet/exe/packet.patched.exe -s parse_packet