def state_blank(self, fs=None, concrete_fs=False, chroot=None, **kwargs): state = super(SimLinux, self).state_blank(**kwargs) #pylint:disable=invalid-name if self.proj.loader.tls_object is not None: if isinstance(state.arch, ArchAMD64): state.regs.fs = self.proj.loader.tls_object.user_thread_pointer elif isinstance(state.arch, ArchX86): state.regs.gs = self.proj.loader.tls_object.user_thread_pointer >> 16 elif isinstance(state.arch, (ArchMIPS32, ArchMIPS64)): state.regs.ulr = self.proj.loader.tls_object.user_thread_pointer elif isinstance(state.arch, ArchPPC32): state.regs.r2 = self.proj.loader.tls_object.user_thread_pointer elif isinstance(state.arch, ArchPPC64): state.regs.r13 = self.proj.loader.tls_object.user_thread_pointer elif isinstance(state.arch, ArchAArch64): state.regs.tpidr_el0 = self.proj.loader.tls_object.user_thread_pointer state.register_plugin( 'posix', SimStateSystem(fs=fs, concrete_fs=concrete_fs, chroot=chroot)) if self.proj.loader.main_bin.is_ppc64_abiv1: state.libc.ppc64_abiv = 'ppc64_1' return state
def state_blank(self, fs=None, **kwargs): # Set CGC-specific options # In this way those options can still be removed by "remove_options" argument all_options = set() if 'options' in kwargs: all_options |= kwargs['options'] if 'add_options' in kwargs: all_options |= kwargs['add_options'] if (o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY not in all_options): # s.options.add(o.CGC_NO_SYMBOLIC_RECEIVE_LENGTH) kwargs['add_options'] = kwargs[ 'add_options'] if 'add_options' in kwargs else set() kwargs['add_options'].add(o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY) s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name # Special stack base for CGC binaries to work with Shellphish CRS s.regs.sp = 0xbaff0000 s.register_plugin('posix', SimStateSystem(fs=fs)) # Create the CGC plugin s.get_plugin('cgc') return s
def state_blank(self, fs=None, **kwargs): s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name s.register_plugin('posix', SimStateSystem(fs=fs)) # Create the CGC plugin s.get_plugin('cgc') # Set CGC-specific options #s.options.add(o.CGC_NO_SYMBOLIC_RECEIVE_LENGTH) s.options.add(o.CGC_ZERO_FILL_UNCONSTRAINED_MEMORY) return s
def state_blank(self, fs=None, **kwargs): state = super(SimLinux, self).state_blank(**kwargs) #pylint:disable=invalid-name if self.proj.loader.tls_object is not None: if isinstance(state.arch, ArchAMD64): state.regs.fs = self.proj.loader.tls_object.thread_pointer elif isinstance(state.arch, ArchX86): state.regs.gs = self.proj.loader.tls_object.thread_pointer >> 16 elif isinstance(state.arch, ArchMIPS32): state.regs.ulr = self.proj.loader.tls_object.thread_pointer state.register_plugin('posix', SimStateSystem(fs=fs)) if self.proj.loader.main_bin.is_ppc64_abiv1: state.libc.ppc64_abiv = 'ppc64_1' return state
def state_blank(self, fs=None, **kwargs): s = super(SimCGC, self).state_blank(**kwargs) # pylint:disable=invalid-name # Special stack base for CGC binaries to work with Shellphish CRS s.regs.sp = 0xbaaaaffc # Map the special cgc memory if o.ABSTRACT_MEMORY not in s.options: s.memory.mem._preapproved_stack = IRange( 0xbaaab000 - 1024 * 1024 * 8, 0xbaaab000) s.memory.map_region(0x4347c000, 4096, 1) s.register_plugin('posix', SimStateSystem(fs=fs)) # Create the CGC plugin s.get_plugin('cgc') # set up the address for concrete transmits s.unicorn.transmit_addr = self.syscall_table[2].pseudo_addr return s