Exemple #1
0
 def exprEqual(self, expr, e):
     expr = EX.eval_expr(expr, self.use_esf)
     if self.use_esf:
         expand_esf_inplace(expr.vec)
         simplify_inplace(expr.vec)
     simplify_inplace(e.vec)
     simplify_inplace(expr.vec)
     self.assertEqual(expr, e)
Exemple #2
0
    def test_cmp(self):
        e = EX.ExprCond(EX.ExprCmpEq(self.x8_expr, EX.ExprCst(10, 8)),
                        self.y8_expr, self.z8_expr)

        e = EX.eval_expr(e)
        for i in range(256):
            eref = self.z8 if i != 10 else self.y8
            self.assertEqual(e.eval({self.x8: i}), eref.vec)
Exemple #3
0
 def astEquals(self, ast, v):
     if self.use_expr:
         e = tritonast2arybo(ast, use_exprs=True, use_esf=False)
         e = eval_expr(e, use_esf=False)
         v = expand_esf_inplace(v)
         v = simplify_inplace(v)
     else:
         e = tritonast2arybo(ast, use_exprs=False, use_esf=True)
     self.assertEqual(e, v)
Exemple #4
0
    def check_expr(self, e, args):
        M,cfunc = self.get_c_func(e, args)
        # Eval 'e'
        evale = EX.eval_expr(e)
        for n in range(100):
            args_v = [random.getrandbits(a.nbits) for a in args]
            self.assertEqual(cfunc(*args_v), evale.eval({a: args_v[i] for i,a in enumerate(args)}))

        self.engine.remove_module(M)
Exemple #5
0
    def test_exprs_xor_5C(self):
        # Based on djo's example

        # This is the xor_5C example compiled with optimisations for x86-4
        code = [
            "\x41\xB8\xE5\xFF\xFF\xFF",
            "\x89\xF8",
            "\xBA\x26\x00\x00\x00",
            "\x41\x0F\xAF\xC0",
            "\xB9\xED\xFF\xFF\xFF",
            "\x89\xC7",
            "\x89\xD0",
            "\x83\xEF\x09",
            "\x0F\xAF\xC7",
            "\x89\xC2",
            "\x89\xF8",
            "\x0F\xAF\xC1",
            "\xB9\x4B\x00\x00\x00",
            "\x8D\x44\x02\x2A",
            "\x0F\xB6\xC0",
            "\x89\xC2",
            "\xF7\xDA",
            "\x8D\x94\x12\xFF\x00\x00\x00",
            "\x81\xE2\xFE\x00\x00\x00",
            "\x01\xD0",
            "\x8D\x14\x00",
            "\x8D\x54\x02\x4D",
            "\x0F\xB6\xF2",
            "\x6B\xF6\x56",
            "\x83\xC6\x24",
            "\x83\xE6\x46",
            "\x89\xF0",
            "\x0F\xAF\xC1",
            "\xB9\xE7\xFF\xFF\xFF",
            "\x89\xC6",
            "\x89\xD0",
            "\xBA\x3A\x00\x00\x00",
            "\x0F\xAF\xC1",
            "\x89\xC1",
            "\x89\xD0",
            "\x8D\x4C\x0E\x76",
            "\xBE\x63\x00\x00\x00",
            "\x0F\xAF\xC1",
            "\x89\xC2",
            "\x89\xC8",
            "\x0F\xAF\xC6",
            "\x83\xEA\x51",
            "\xBE\x2D\x00\x00\x00",
            "\x83\xE2\xF4",
            "\x89\xC1",
            "\x8D\x4C\x0A\x2E",
            "\x89\xC8",
            "\x25\x94\x00\x00\x00",
            "\x01\xC0",
            "\x29\xC8",
            "\xB9\x67\x00\x00\x00",
            "\x0F\xAF\xC1",
            "\x8D\x48\x0D",
            "\x0F\xB6\xD1",
            "\x69\xD2\xAE\x00\x00\x00",
            "\x83\xCA\x22",
            "\x89\xD0",
            "\x41\x0F\xAF\xC0",
            "\x89\xC2",
            "\x89\xC8",
            "\x0F\xAF\xC6",
            "\x8D\x44\x02\xC2",
            "\x0F\xB6\xC0",
            "\x2D\xF7\x00\x00\x00",
            "\x69\xC0\xED\x00\x00\x00",
            "\x0F\xB6\xC0",
        ]

        TT.setArchitecture(TT.ARCH.X86_64)

        rdi = TT.convertRegisterToSymbolicVariable(TT.REG.RDI)
        rdi = tritonast2arybo(TAst.variable(rdi), use_exprs=False)

        for opcodes in code:
            inst = TT.Instruction(opcodes)
            TT.processing(inst)

        rax_ast = TT.buildSymbolicRegister(TT.REG.RAX)
        rax_ast = TT.getFullAst(rax_ast)
        rax_ast = TT.simplify(rax_ast, True)
        # Check that this gives a xor 5C
        e = tritonast2arybo(rax_ast, use_exprs=self.use_expr, use_esf=False)
        if self.use_expr:
            e = eval_expr(e)
        self.assertEqual(e, ((rdi & 0xff) ^ 0x5C).vec)
Exemple #6
0
 def test_logical(self):
     e = TAst.equal(self.x8_t, self.y8_t)
     ea = tritonast2arybo(e, use_exprs=True, use_esf=False)
     ea = eval_expr(ea, use_esf=False)
     self.assertEqual(ea.nbits, 1)
Exemple #7
0
    use_exprs = int(sys.argv[1])


def f(x):
    v0 = x * 0xe5 + 0xF7
    v0 = v0 & 0xFF
    v3 = (((((v0 * 0x26) + 0x55) & 0xFE) + (v0 * 0xED) + 0xD6) & 0xFF)
    v4 = ((((((-(v3 * 0x2)) + 0xFF) & 0xFE) + v3) * 0x03) + 0x4D)
    v5 = (((((v4 * 0x56) + 0x24) & 0x46) * 0x4B) + (v4 * 0xE7) + 0x76)
    v7 = ((((v5 * 0x3A) + 0xAF) & 0xF4) + (v5 * 0x63) + 0x2E)
    v6 = (v7 & 0x94)
    v8 = ((((v6 + v6 + (-(v7 & 0xFF))) * 0x67) + 0xD))
    res = ((v8 * 0x2D) + (((v8 * 0xAE) | 0x22) * 0xE5) + 0xC2) & 0xFF
    return (0xed * (res - 0xF7)) & 0xff


mba8 = MBA(8)
X = mba8.var('X')
if use_exprs:
    X = EX.ExprBV(X)
res = f(X)
if use_exprs:
    res = EX.eval_expr(res, use_esf=False)
print(res)
if use_exprs:
    X = X.v
VD = res.vectorial_decomp([X])

print("====")
print("Cst = " + hex(VD.cst().get_int_be()))
Exemple #8
0
 def check(self, e, ref):
     app = e.vectorial_decomp([self.x])
     eid = identify(app,"x")
     self.assertEqual(EX.eval_expr(eid), EX.eval_expr(ref))