def state_blank(self, fs=None, concrete_fs=False, chroot=None, **kwargs):
state = super(SimLinux, self).state_blank(**kwargs) #pylint:disable=invalid-name
if self.proj.loader.tls_object is not None:
if isinstance(state.arch, ArchAMD64):
state.regs.fs = self.proj.loader.tls_object.user_thread_pointer
elif isinstance(state.arch, ArchX86):
state.regs.gs = self.proj.loader.tls_object.user_thread_pointer >> 16
elif isinstance(state.arch, (ArchMIPS32, ArchMIPS64)):
state.regs.ulr = self.proj.loader.tls_object.user_thread_pointer
elif isinstance(state.arch, ArchPPC32):
state.regs.r2 = self.proj.loader.tls_object.user_thread_pointer
elif isinstance(state.arch, ArchPPC64):
state.regs.r13 = self.proj.loader.tls_object.user_thread_pointer
elif isinstance(state.arch, ArchAArch64):
state.regs.tpidr_el0 = self.proj.loader.tls_object.user_thread_pointer
state.register_plugin(
'posix',
SimStateSystem(fs=fs, concrete_fs=concrete_fs, chroot=chroot))
if self.proj.loader.main_bin.is_ppc64_abiv1:
state.libc.ppc64_abiv = 'ppc64_1'
return state
def state_blank(self, fs=None, **kwargs):
# Set CGC-specific options
# In this way those options can still be removed by "remove_options" argument
all_options = set()
if 'options' in kwargs:
all_options |= kwargs['options']
if 'add_options' in kwargs:
all_options |= kwargs['add_options']
if (o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY not in all_options):
# s.options.add(o.CGC_NO_SYMBOLIC_RECEIVE_LENGTH)
kwargs['add_options'] = kwargs[
'add_options'] if 'add_options' in kwargs else set()
kwargs['add_options'].add(o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY)
s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name
# Special stack base for CGC binaries to work with Shellphish CRS
s.regs.sp = 0xbaff0000
s.register_plugin('posix', SimStateSystem(fs=fs))
# Create the CGC plugin
s.get_plugin('cgc')
return s
def state_blank(self, fs=None, **kwargs):
s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name
s.register_plugin('posix', SimStateSystem(fs=fs))
# Create the CGC plugin
s.get_plugin('cgc')
# Set CGC-specific options
#s.options.add(o.CGC_NO_SYMBOLIC_RECEIVE_LENGTH)
s.options.add(o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY)
return s
def state_blank(self, fs=None, **kwargs):
state = super(SimLinux, self).state_blank(**kwargs) #pylint:disable=invalid-name
if self.proj.loader.tls_object is not None:
if isinstance(state.arch, ArchAMD64):
state.regs.fs = self.proj.loader.tls_object.thread_pointer
elif isinstance(state.arch, ArchX86):
state.regs.gs = self.proj.loader.tls_object.thread_pointer >> 16
elif isinstance(state.arch, ArchMIPS32):
state.regs.ulr = self.proj.loader.tls_object.thread_pointer
state.register_plugin('posix', SimStateSystem(fs=fs))
if self.proj.loader.main_bin.is_ppc64_abiv1:
state.libc.ppc64_abiv = 'ppc64_1'
return state
def state_blank(self, fs=None, **kwargs):
s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name
# Special stack base for CGC binaries to work with Shellphish CRS
s.regs.sp = 0xbaaaaffc
# Map the special cgc memory
if o.ABSTRACT_MEMORY not in s.options:
s.memory.mem._preapproved_stack = IRange(
0xbaaab000 - 1024 * 1024 * 8, 0xbaaab000)
s.memory.map_region(0x4347c000, 4096, 1)
s.register_plugin('posix', SimStateSystem(fs=fs))
# Create the CGC plugin
s.get_plugin('cgc')
# set up the address for concrete transmits
s.unicorn.transmit_addr = self.syscall_table[2].pseudo_addr
return s
