def astEquals(self, ast, v): if self.use_expr: e = tritonast2arybo(ast, use_exprs=True, use_esf=False) e = eval_expr(e, use_esf=False) v = expand_esf_inplace(v) v = simplify_inplace(v) else: e = tritonast2arybo(ast, use_exprs=False, use_esf=True) self.assertEqual(e, v)
def test_mba(self): # x^y = (x+y) - ((x&y)<<1) e = TAst.bvsub( TAst.bvadd(self.x8_t, self.y8_t), TAst.bvshl(TAst.bvand(self.x8_t, self.y8_t), TAst.bv(1, 8))) ea = tritonast2arybo(e, use_exprs=False, use_esf=True) simplify_inplace(expand_esf_inplace(ea)) self.assertEqual(ea, self.x8 ^ self.y8)
def test_urem(self): code = [ "\xbf\xAB\x00\x00\x00", # mov edi, 0xAB "\xf7\xff", # idiv edi "\x83\xfa\x00" # cmp edx, 0x00 ] TT.setArchitecture(TT.ARCH.X86_64) rax = TT.convertRegisterToSymbolicVariable(TT.REG.RAX) rax = tritonast2arybo(TAst.variable(rax)) rdx = TT.convertRegisterToSymbolicVariable(TT.REG.RDX) rdx = tritonast2arybo(TAst.variable(rdx)) for opcodes in code: inst = TT.Instruction(opcodes) TT.processing(inst) exprs = TT.sliceExpressions(TT.getSymbolicRegisters()[TT.REG.RDX]) e = tritonexprs2arybo(exprs) to_llvm_function(e, [rax.v, rdx.v])
import triton as TT from arybo.tools import tritonast2arybo TT.setArchitecture(TT.ARCH.X86_64) TT.convertRegisterToSymbolicVariable(TT.REG.RAX) TT.convertRegisterToSymbolicVariable(TT.REG.RBX) inst = TT.Instruction() inst.setOpcodes("\x48\x31\xd8") # xor rax, rbx TT.processing(inst) rax_ast = TT.buildSymbolicRegister(TT.REG.RAX) rax_ast = TT.getFullAst(rax_ast) print(rax_ast) e = tritonast2arybo(rax_ast) print(e)
def test_exprs_xor_5C(self): # Based on djo's example # This is the xor_5C example compiled with optimisations for x86-4 code = [ "\x41\xB8\xE5\xFF\xFF\xFF", "\x89\xF8", "\xBA\x26\x00\x00\x00", "\x41\x0F\xAF\xC0", "\xB9\xED\xFF\xFF\xFF", "\x89\xC7", "\x89\xD0", "\x83\xEF\x09", "\x0F\xAF\xC7", "\x89\xC2", "\x89\xF8", "\x0F\xAF\xC1", "\xB9\x4B\x00\x00\x00", "\x8D\x44\x02\x2A", "\x0F\xB6\xC0", "\x89\xC2", "\xF7\xDA", "\x8D\x94\x12\xFF\x00\x00\x00", "\x81\xE2\xFE\x00\x00\x00", "\x01\xD0", "\x8D\x14\x00", "\x8D\x54\x02\x4D", "\x0F\xB6\xF2", "\x6B\xF6\x56", "\x83\xC6\x24", "\x83\xE6\x46", "\x89\xF0", "\x0F\xAF\xC1", "\xB9\xE7\xFF\xFF\xFF", "\x89\xC6", "\x89\xD0", "\xBA\x3A\x00\x00\x00", "\x0F\xAF\xC1", "\x89\xC1", "\x89\xD0", "\x8D\x4C\x0E\x76", "\xBE\x63\x00\x00\x00", "\x0F\xAF\xC1", "\x89\xC2", "\x89\xC8", "\x0F\xAF\xC6", "\x83\xEA\x51", "\xBE\x2D\x00\x00\x00", "\x83\xE2\xF4", "\x89\xC1", "\x8D\x4C\x0A\x2E", "\x89\xC8", "\x25\x94\x00\x00\x00", "\x01\xC0", "\x29\xC8", "\xB9\x67\x00\x00\x00", "\x0F\xAF\xC1", "\x8D\x48\x0D", "\x0F\xB6\xD1", "\x69\xD2\xAE\x00\x00\x00", "\x83\xCA\x22", "\x89\xD0", "\x41\x0F\xAF\xC0", "\x89\xC2", "\x89\xC8", "\x0F\xAF\xC6", "\x8D\x44\x02\xC2", "\x0F\xB6\xC0", "\x2D\xF7\x00\x00\x00", "\x69\xC0\xED\x00\x00\x00", "\x0F\xB6\xC0", ] TT.setArchitecture(TT.ARCH.X86_64) rdi = TT.convertRegisterToSymbolicVariable(TT.REG.RDI) rdi = tritonast2arybo(TAst.variable(rdi), use_exprs=False) for opcodes in code: inst = TT.Instruction(opcodes) TT.processing(inst) rax_ast = TT.buildSymbolicRegister(TT.REG.RAX) rax_ast = TT.getFullAst(rax_ast) rax_ast = TT.simplify(rax_ast, True) # Check that this gives a xor 5C e = tritonast2arybo(rax_ast, use_exprs=self.use_expr, use_esf=False) if self.use_expr: e = eval_expr(e) self.assertEqual(e, ((rdi & 0xff) ^ 0x5C).vec)
def test_logical(self): e = TAst.equal(self.x8_t, self.y8_t) ea = tritonast2arybo(e, use_exprs=True, use_esf=False) ea = eval_expr(ea, use_esf=False) self.assertEqual(ea.nbits, 1)