def test_set_get_concrete_value(self): """Check setting concrete values""" for r in self.pr: if r.getBitSize() == 32: setConcreteRegisterValue(Register(r, 0xdeadbeaf)) elif r.getBitSize() == 64: setConcreteRegisterValue(Register(r, 0xabcdef0123456789)) elif r.getBitSize() == 128: setConcreteRegisterValue(Register(r, 0xabcdef01234567899876543210fedcba)) elif r.getBitSize() == 256: setConcreteRegisterValue(Register(r, 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba)) else: pass """Check getting concrete values""" for r in self.pr: if r.getBitSize() == 32: self.assertEqual(getConcreteRegisterValue(r), 0xdeadbeaf) elif r.getBitSize() == 64: self.assertEqual(getConcreteRegisterValue(r), 0xabcdef0123456789) elif r.getBitSize() == 128: self.assertEqual(getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcba) elif r.getBitSize() == 256: self.assertEqual(getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba) else: pass """Set everything to zero""" for r in self.ar: setConcreteRegisterValue(Register(r, 0)) """Check if everything is equal to zero""" for r in self.ar: self.assertEqual(getConcreteRegisterValue(r), 0)
def test_backup(self): """ Check Symbolics value are saved when engine is disable. * Also check reseting a disable symbolic engines doesn't crash. """ inst = Instruction() # update RAX inst.setOpcodes("\x48\xFF\xC0") processing(inst) self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1) # This call triton::api.backupSymbolicEngine() enableSymbolicEngine(False) inst = Instruction() # update RAX again inst.setOpcodes("\x48\xFF\xC0") processing(inst) self.assertEqual(getConcreteRegisterValue(REG.RAX), 2, "concrete value is updated") self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1, "Symbolic value is not update") # Try to reset engine after a backup to test if the bug #385 is fixed. resetEngines()
def test_set_get_concrete_value(self): """Check setting concrete values""" for r in self.pr: if r.getBitSize() == 32: setConcreteRegisterValue(Register(r, 0xdeadbeaf)) elif r.getBitSize() == 64: setConcreteRegisterValue(Register(r, 0xabcdef0123456789)) elif r.getBitSize() == 128: setConcreteRegisterValue( Register(r, 0xabcdef01234567899876543210fedcba)) elif r.getBitSize() == 256: setConcreteRegisterValue( Register( r, 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba )) else: pass """Check getting concrete values""" for r in self.pr: if r.getBitSize() == 32: self.assertEqual(getConcreteRegisterValue(r), 0xdeadbeaf) elif r.getBitSize() == 64: self.assertEqual(getConcreteRegisterValue(r), 0xabcdef0123456789) elif r.getBitSize() == 128: self.assertEqual(getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcba) elif r.getBitSize() == 256: self.assertEqual( getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba ) else: pass """Set everything to zero""" for r in self.ar: setConcreteRegisterValue(Register(r, 0)) """Check if everything is equal to zero""" for r in self.ar: self.assertEqual(getConcreteRegisterValue(r), 0)
def test_emulate(self, concretize=False): """Run a dumped simulation and check output registers.""" # Get dumped data dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump") with open(dump) as f: regs, mems = eval(f.read()) # Load memory for mem in mems: start = mem['start'] if mem['memory'] is not None: setConcreteMemoryAreaValue(start, bytearray(mem['memory'])) # setup registers for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp", "rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9", "xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"): setConcreteRegisterValue( Register(getattr(REG, reg_name.upper()), regs[reg_name])) # run the code pc = getConcreteRegisterValue(REG.RIP) while pc != 0x409A18: opcodes = getConcreteMemoryAreaValue(pc, 20) instruction = Instruction() instruction.setOpcodes(opcodes) instruction.setAddress(pc) # Check if triton doesn't supports this instruction self.assertTrue(processing(instruction)) pc = getConcreteRegisterValue(REG.RIP) if concretize: concretizeAllMemory() concretizeAllRegister() rax = getConcreteRegisterValue(REG.RAX) rbx = getConcreteRegisterValue(REG.RBX) rcx = getConcreteRegisterValue(REG.RCX) rdx = getConcreteRegisterValue(REG.RDX) rsi = getConcreteRegisterValue(REG.RSI) self.assertEqual(rax, 0) self.assertEqual(rbx, 0) self.assertEqual(rcx, 0) self.assertEqual(rdx, 0x4d2) self.assertEqual(rsi, 0x3669000000000000)
def test_emulate(self, concretize=False): """Run a dumped simulation and check output registers.""" # Get dumped data dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump") with open(dump) as f: regs, mems = eval(f.read()) # Load memory for mem in mems: start = mem['start'] if mem['memory'] is not None: setConcreteMemoryAreaValue(start, bytearray(mem['memory'])) # setup registers for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp", "rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9", "xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"): setConcreteRegisterValue(Register(getattr(REG, reg_name.upper()), regs[reg_name])) # run the code pc = getConcreteRegisterValue(REG.RIP) while pc != 0x409A18: opcodes = getConcreteMemoryAreaValue(pc, 20) instruction = Instruction() instruction.setOpcodes(opcodes) instruction.setAddress(pc) # Check if triton doesn't supports this instruction self.assertTrue(processing(instruction)) pc = getConcreteRegisterValue(REG.RIP) if concretize: concretizeAllMemory() concretizeAllRegister() rax = getConcreteRegisterValue(REG.RAX) rbx = getConcreteRegisterValue(REG.RBX) rcx = getConcreteRegisterValue(REG.RCX) rdx = getConcreteRegisterValue(REG.RDX) rsi = getConcreteRegisterValue(REG.RSI) self.assertEqual(rax, 0) self.assertEqual(rbx, 0) self.assertEqual(rcx, 0) self.assertEqual(rdx, 0x4d2) self.assertEqual(rsi, 0x3669000000000000)
def test_set_flags(self): """Check flags can be set in any order with a correct output result.""" registers = [ REG.ZF, REG.AF, REG.IF, REG.CF, REG.DF, REG.PF, REG.SF, REG.OF, REG.TF ] values = [0] * len(registers) rand_registers = list(registers) random.shuffle(rand_registers) # Randomnly set flags registers and check result is the one expected for reg in rand_registers: setConcreteRegisterValue(Register(reg, 1)) values[registers.index(reg)] = 1 self.assertListEqual( [getConcreteRegisterValue(r) for r in registers], values)
def _call(s): try: args = s.split() module, command = args[0].split(".") except: # exit slently, this is not for us return Pimp.CMD_NOT_HANDLED try: if module == "pimp": self.handle(command, args[1:]) for r in self.triton_regs: self.r2p.set_flag("regs", r, self.triton_regs[r].getSize(), triton.getConcreteRegisterValue(self.triton_regs[r]) ) return Pimp.CMD_HANDLED # not for us return Pimp.CMD_NOT_HANDLED except Exception as e: # this is an actual pimp error. print e return Pimp.CMD_HANDLED
def emulate(self, pc): """ Emulate every opcodes from pc. * Process instruction until the end and search for constraint resolution on cmp eax, 1 then set the new correct value and keep going. """ while pc: # Fetch opcodes opcodes = getConcreteMemoryAreaValue(pc, 16) # Create the Triton instruction instruction = Instruction() instruction.setOpcodes(opcodes) instruction.setAddress(pc) # Process processing(instruction) # 40078B: cmp eax, 1 # eax must be equal to 1 at each round. if instruction.getAddress() == 0x40078B: # Slice expressions rax = getSymbolicExpressionFromId( getSymbolicRegisterId(REG.RAX)) eax = ast.extract(31, 0, rax.getAst()) # Define constraint cstr = ast.assert_( ast.land(getPathConstraintsAst(), ast.equal(eax, ast.bv(1, 32)))) model = getModel(cstr) solution = str() for k, v in model.items(): value = v.getValue() solution += chr(value) getSymbolicVariableFromId(k).setConcreteValue(value) # Next pc = getConcreteRegisterValue(REG.RIP) return solution
def emulate(self, pc): """ Emulate every opcodes from pc. * Process instruction until the end and search for constraint resolution on cmp eax, 1 then set the new correct value and keep going. """ while pc: # Fetch opcodes opcodes = getConcreteMemoryAreaValue(pc, 16) # Create the Triton instruction instruction = Instruction() instruction.setOpcodes(opcodes) instruction.setAddress(pc) # Process processing(instruction) # 40078B: cmp eax, 1 # eax must be equal to 1 at each round. if instruction.getAddress() == 0x40078B: # Slice expressions rax = getSymbolicExpressionFromId(getSymbolicRegisterId(REG.RAX)) eax = ast.extract(31, 0, rax.getAst()) # Define constraint cstr = ast.assert_(ast.land(getPathConstraintsAst(), ast.equal(eax, ast.bv(1, 32)))) model = getModel(cstr) solution = str() for k, v in model.items(): value = v.getValue() solution += chr(value) getSymbolicVariableFromId(k).setConcreteValue(value) # Next pc = getConcreteRegisterValue(REG.RIP) return solution
def _call(s): try: args = s.split() module, command = args[0].split(".") except: # exit slently, this is not for us return Pimp.CMD_NOT_HANDLED try: if module == "pimp": self.handle(command, args[1:]) for r in self.triton_regs: self.r2p.set_flag( "regs", r, self.triton_regs[r].getSize(), triton.getConcreteRegisterValue( self.triton_regs[r])) return Pimp.CMD_HANDLED # not for us return Pimp.CMD_NOT_HANDLED except Exception as e: # this is an actual pimp error. print e return Pimp.CMD_HANDLED
def get_current_pc(self): return triton.getConcreteRegisterValue(self.pcreg)