def main_takeover(m, args, takeover_symbol):
takeover_ea = find_symbol_ea(m, takeover_symbol)
if not takeover_ea:
L.critical("Cannot find symbol `%s` in binary `%s`",
takeover_symbol, args.binary)
return 1
takeover_state = _make_initial_state(m.binary_path)
mc = DeepManticore(takeover_state)
ea_of_api_table = find_symbol_ea(m, 'DeepState_API')
if not ea_of_api_table:
L.critical("Could not find API table in binary `%s`", args.binary)
return 1
base = get_base(m)
apis = mc.read_api_table(ea_of_api_table, base)
del mc
fake_test = TestInfo(takeover_ea, '_takeover_test', '_takeover_file', 0)
hook_test = not args.klee
takeover_hook = lambda state: run_test(state, apis, fake_test, m._workspace.uri, hook_test)
m.add_hook(takeover_ea, takeover_hook)
with m.kill_timeout(consts.timeout):
m.run()
m.kill()
def main_unit_test(m, args):
setup_ea = find_symbol_ea(m, 'DeepState_Setup')
if not setup_ea:
L.critical("Cannot find symbol `DeepState_Setup` in binary `%s`", args.binary)
return 1
setup_state = _make_initial_state(m.binary_path)
mc = DeepManticore(setup_state)
ea_of_api_table = find_symbol_ea(m, 'DeepState_API')
if not ea_of_api_table:
L.critical("Could not find API table in binary `%s`", args.binary)
return 1
base = get_base(m)
apis = mc.read_api_table(ea_of_api_table, base)
del mc
m.add_hook(setup_ea, lambda state: run_tests(args, state, apis, m._workspace.uri))
with m.kill_timeout(consts.timeout):
m.run()
m.kill()
def get_base(m):
initial_state = _make_initial_state(m.binary_path)
e_type = initial_state.platform.elf['e_type']
if e_type == 'ET_EXEC':
return 0x0
elif e_type == 'ET_DYN':
if initial_state.cpu.address_bit_size == 32:
return 0x56555000
else:
return 0x555555554000
else:
L.critical("Invalid binary type `%s`", e_type)
exit(1)