def run(self, ptr_env, ptr_str_bytes):
# load string from native memory
str_val = self._load_string_from_native_memory(ptr_str_bytes)
# create java string and return the reference
str_ref = SimSootValue_StringRef(
self.state.javavm_memory.get_new_uuid())
self.state.javavm_memory.store(str_ref, StringV(str_val))
return self.state.jni_references.create_new_reference(str_ref)
def generate_symbolic_cmd_line_arg(state, max_length=1000):
"""
Generates a new symbolic cmd line argument string.
:return: The string reference.
"""
str_ref = SimSootValue_StringRef(state.memory.get_new_uuid())
str_sym = StringS("cmd_line_arg", max_length)
state.solver.add(str_sym != StringV(""))
state.memory.store(str_ref, str_sym)
return str_ref
def run(self, ptr_env, str_ref_, native_buf):
# FIXME delete this, when claripy fully supports string solving
# All changes made from the native code to a symbolic string are not
# reflected in the claripy.String representation (used for Java strings)
# => when the native code releases a string, the symbolic string gets
# replaced with a concretized version that includes all additional
# constraints added in the native execution
str_ref = self.state.jni_references.lookup(str_ref_)
str_val = self.state.javavm_memory.load(str_ref)
if self.state.solver.symbolic(str_val):
str_native = self._load_string_from_native_memory(native_buf)
self.state.javavm_memory.store(str_ref, StringV(str_native))