def do_run_test(state, apis, test):
"""Run an individual test case."""
state.cpu.PC = test.ea
m = manticore.Manticore(state, sys.argv[1:])
m.verbosity(1)
state = m.initial_state
mc = DeepManticore(state)
mc.begin_test(test)
del mc
m.add_hook(apis['IsSymbolicUInt'], hook(hook_IsSymbolicUInt))
m.add_hook(apis['ConcretizeData'], hook(hook_ConcretizeData))
m.add_hook(apis['ConcretizeCStr'], hook(hook_ConcretizeCStr))
m.add_hook(apis['MinUInt'], hook(hook_MinUInt))
m.add_hook(apis['MaxUInt'], hook(hook_MaxUInt))
m.add_hook(apis['Assume'], hook(hook_Assume))
m.add_hook(apis['Pass'], hook(hook_Pass))
m.add_hook(apis['Crash'], hook(hook_Crash))
m.add_hook(apis['Fail'], hook(hook_Fail))
m.add_hook(apis['SoftFail'], hook(hook_SoftFail))
m.add_hook(apis['Abandon'], hook(hook_Abandon))
m.add_hook(apis['Log'], hook(hook_Log))
m.add_hook(apis['StreamInt'], hook(hook_StreamInt))
m.add_hook(apis['StreamFloat'], hook(hook_StreamFloat))
m.add_hook(apis['StreamString'], hook(hook_StreamString))
m.add_hook(apis['ClearStream'], hook(hook_ClearStream))
m.add_hook(apis['LogStream'], hook(hook_LogStream))
m.subscribe('will_terminate_state', done_test)
m.run()
def main():
args = DeepManticore.parse_args()
try:
m = manticore.Manticore(args.binary)
except Exception as e:
L.critical("Cannot create Manticore instance on binary {}: {}".format(
args.binary, e))
return 1
m.verbosity(1)
# Hack to get around current broken _get_symbol_address
m._binary_type = 'not elf'
m._binary_obj = m._initial_state.platform.elf
if args.take_over:
return main_takeover(m, args, 'DeepState_TakeOver')
elif args.klee:
return main_takeover(m, args, 'main')
else:
return main_unit_test(m, args)
def do_run_test(state, apis, test, hook_test=False):
"""Run an individual test case."""
state.cpu.PC = test.ea
m = manticore.Manticore(state, sys.argv[1:])
m.verbosity(1)
state = m.initial_state
mc = DeepManticore(state)
# Tell the system that we're using symbolic execution.
mc.write_uint32_t(apis["UsingSymExec"], 8589934591)
mc.begin_test(test)
del mc
m.add_hook(apis['IsSymbolicUInt'], hook(hook_IsSymbolicUInt))
m.add_hook(apis['ConcretizeData'], hook(hook_ConcretizeData))
m.add_hook(apis['ConcretizeCStr'], hook(hook_ConcretizeCStr))
m.add_hook(apis['MinUInt'], hook(hook_MinUInt))
m.add_hook(apis['MaxUInt'], hook(hook_MaxUInt))
m.add_hook(apis['Assume'], hook(hook_Assume))
m.add_hook(apis['Pass'], hook(hook_Pass))
m.add_hook(apis['Crash'], hook(hook_Crash))
m.add_hook(apis['Fail'], hook(hook_Fail))
m.add_hook(apis['SoftFail'], hook(hook_SoftFail))
m.add_hook(apis['Abandon'], hook(hook_Abandon))
m.add_hook(apis['Log'], hook(hook_Log))
m.add_hook(apis['StreamInt'], hook(hook_StreamInt))
m.add_hook(apis['StreamFloat'], hook(hook_StreamFloat))
m.add_hook(apis['StreamString'], hook(hook_StreamString))
m.add_hook(apis['ClearStream'], hook(hook_ClearStream))
m.add_hook(apis['LogStream'], hook(hook_LogStream))
if hook_test:
m.add_hook(test.ea, hook(hook_TakeOver))
m.subscribe('will_terminate_state', done_test)
m.run()
def main():
args = DeepManticore.parse_args()
try:
m = manticore.Manticore(args.binary)
except Exception as e:
L.critical("Cannot create Manticore instance on binary {}: {}".format(
args.binary, e))
return 1
m.verbosity(1)
# Hack to get around current broken _get_symbol_address
m._binary_type = 'not elf'
m._binary_obj = m._initial_state.platform.elf
setup_ea = find_symbol_ea(m, 'DeepState_Setup')
if not setup_ea:
L.critical(
"Cannot find symbol `DeepState_Setup` in binary `{}`".format(
args.binary))
return 1
setup_state = m._initial_state
mc = DeepManticore(setup_state)
ea_of_api_table = find_symbol_ea(m, 'DeepState_API')
if not ea_of_api_table:
L.critical("Could not find API table in binary `{}`".format(
args.binary))
return 1
apis = mc.read_api_table(ea_of_api_table)
del mc
m.add_hook(setup_ea, lambda state: run_tests(args, state, apis))
m.run()