def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())
def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())
def test_8(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
ctx.convertRegisterToSymbolicVariable(ctx.registers.rax)
ctx.convertMemoryToSymbolicVariable(MemoryAccess(0, CPUSIZE.QWORD))
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNotNone(inst.getOperands()[1].getLeaAst())
def test_pop_esp(self):
"""Check pop on esp processing."""
setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction('\xBC\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst2 = Instruction('\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [esp]
inst3 = Instruction('\x8F\x04\x24')
processing(inst1)
processing(inst2)
processing(inst3)
self.assertEqual(inst3.getOperands()[0].getAddress(), 0x19fe04, "esp has been poped")
self.assertEqual(inst3.getOperands()[0].getConcreteValue(), 0x11111111, "new value is still 0x11111111")
self.assertEqual(inst3.getStoreAccess()[0][0].getAddress(), 0x19fe04, "inst3 set the value in 0x19fe04")
self.assertEqual(inst3.getStoreAccess()[0][1].evaluate(), 0x11111111, "And this value is 0x11111111")
def test_load_ds(self):
"""Check load from ds segment."""
setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00")
processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)
def test_pop(self):
"""Check the pop instruction processing."""
setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction('\xBC\x00\xFE\x19\x00')
# mov edi, 0x19fe00
inst2 = Instruction('\xBF\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst3 = Instruction('\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [edi]
inst4 = Instruction('\x8F\x07')
processing(inst1)
processing(inst2)
processing(inst3)
processing(inst4)
self.assertEqual(inst4.getOperands()[0].getAddress(), 0x19fe00, "poping edi doesn't change it")
self.assertEqual(inst4.getOperands()[0].getConcreteValue(), 0x11111111, "pointed value in edi is the previously pointed value by esp")
self.assertEqual(inst4.getStoreAccess()[0][0].getAddress(), 0x19fe00, "inst4 store the new value in 0x19fe00 (edi value)")
self.assertEqual(inst4.getStoreAccess()[0][1].evaluate(), 0x11111111, "The stored value is 0x11111111")
class TestInstruction(unittest.TestCase):
"""Testing the Instruction class."""
def setUp(self):
"""Define and process the instruction to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211)
self.Triton.processing(self.inst)
def test_address(self):
"""Check instruction current and next address."""
self.assertEqual(self.inst.getAddress(), 0x400000)
self.assertEqual(self.inst.getNextAddress(), 0x400003)
def test_memory(self):
"""Check memory access."""
self.assertListEqual(self.inst.getLoadAccess(), [])
self.assertListEqual(self.inst.getStoreAccess(), [])
self.assertFalse(self.inst.isMemoryWrite())
self.assertFalse(self.inst.isMemoryRead())
def test_registers(self):
"""Check register access."""
self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX")
self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF")
def test_taints(self):
"""Check taints attributes."""
self.assertFalse(self.inst.isTainted())
def test_prefix(self):
"""Check prefix data."""
self.assertFalse(self.inst.isPrefixed())
self.assertEqual(self.inst.getPrefix(), PREFIX.INVALID)
def test_control_flow(self):
"""Check control flow flags."""
self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call")
self.assertFalse(self.inst.isBranch(), "It is not a jmp")
def test_condition(self):
"""Check condition flags."""
self.assertFalse(self.inst.isConditionTaken())
def test_opcode(self):
"""Check opcode informations."""
self.assertEqual(self.inst.getOpcode(), "\x48\x01\xd8")
self.assertEqual(self.inst.getType(), OPCODE.ADD)
def test_thread(self):
"""Check threads information."""
self.assertEqual(self.inst.getThreadId(), 0)
def test_operand(self):
"""Check operand information."""
self.assertEqual(len(self.inst.getOperands()), 2)
self.assertEqual(self.inst.getOperands()[0].getName(), "rax")
self.assertEqual(self.inst.getOperands()[1].getName(), "rbx")
with self.assertRaises(Exception):
self.inst.getOperands()[2]
def test_symbolic(self):
"""Check symbolic information."""
self.assertEqual(len(self.inst.getSymbolicExpressions()), 8)
def test_size(self):
"""Check size information."""
self.assertEqual(self.inst.getSize(), 3)
def test_disassembly(self):
"""Check disassembly equivalent."""
self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")
class TestInstruction(unittest.TestCase):
"""Testing the Instruction class."""
def setUp(self):
"""Define and process the instruction to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcode(b"\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211)
self.Triton.processing(self.inst)
def test_address(self):
"""Check instruction current and next address."""
self.assertEqual(self.inst.getAddress(), 0x400000)
self.assertEqual(self.inst.getNextAddress(), 0x400003)
inst = Instruction()
inst.setAddress(-1)
self.assertEqual(inst.getAddress(), 0xffffffffffffffff)
inst.setAddress(-2)
self.assertEqual(inst.getAddress(), 0xfffffffffffffffe)
inst.setAddress(-3)
self.assertEqual(inst.getAddress(), 0xfffffffffffffffd)
def test_memory(self):
"""Check memory access."""
self.assertListEqual(self.inst.getLoadAccess(), [])
self.assertListEqual(self.inst.getStoreAccess(), [])
self.assertFalse(self.inst.isMemoryWrite())
self.assertFalse(self.inst.isMemoryRead())
def test_registers(self):
"""Check register access."""
self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX")
self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF")
def test_taints(self):
"""Check taints attributes."""
self.assertFalse(self.inst.isTainted())
def test_prefix(self):
"""Check prefix data."""
self.assertFalse(self.inst.isPrefixed())
self.assertEqual(self.inst.getPrefix(), PREFIX.X86.INVALID)
def test_control_flow(self):
"""Check control flow flags."""
self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call")
self.assertFalse(self.inst.isBranch(), "It is not a jmp")
def test_condition(self):
"""Check condition flags."""
self.assertFalse(self.inst.isConditionTaken())
def test_opcode(self):
"""Check opcode informations."""
self.assertEqual(self.inst.getOpcode(), b"\x48\x01\xd8")
self.assertEqual(self.inst.getType(), OPCODE.X86.ADD)
def test_thread(self):
"""Check threads information."""
self.assertEqual(self.inst.getThreadId(), 0)
def test_operand(self):
"""Check operand information."""
self.assertEqual(len(self.inst.getOperands()), 2)
self.assertEqual(self.inst.getOperands()[0].getName(), "rax")
self.assertEqual(self.inst.getOperands()[1].getName(), "rbx")
with self.assertRaises(Exception):
self.inst.getOperands()[2]
def test_symbolic(self):
"""Check symbolic information."""
self.assertEqual(len(self.inst.getSymbolicExpressions()), 8)
def test_size(self):
"""Check size information."""
self.assertEqual(self.inst.getSize(), 3)
def test_disassembly(self):
"""Check disassembly equivalent."""
self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")
# Setup opcode
inst.setOpcode(opcode)
# Setup Address
inst.setAddress(addr)
# Process everything
Triton.processing(inst)
# Display instruction
print inst
print ' ---------------'
print ' Is memory read :', inst.isMemoryRead()
print ' Is memory write:', inst.isMemoryWrite()
print ' ---------------'
for op in inst.getOperands():
print ' Operand:', op
if op.getType() == OPERAND.MEM:
print ' - segment :', op.getSegmentRegister()
print ' - base :', op.getBaseRegister()
print ' - index :', op.getIndexRegister()
print ' - scale :', op.getScale()
print ' - disp :', op.getDisplacement()
print ' ---------------'
print
sys.exit(0)
# Process everything
Triton.processing(inst)
# Display instruction
print inst
# Display symbolic expressions
for expr in inst.getSymbolicExpressions():
print '\t', expr
print
print 'Display emulated information'
print '~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
write = inst.getOperands()[0].getAddress()
print 'Instruction :', inst.getDisassembly()
print 'Write at :', hex(write)
print 'Content :', hex(Triton.getConcreteMemoryValue(MemoryAccess(write+4, CPUSIZE.DWORD)))
print 'RAX value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rax))
print 'RSI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rsi))
print 'RDI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rdi))
print
print 'Symbolic registers information'
print '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
for k, v in Triton.getSymbolicRegisters().items():
print Triton.getRegister(k), v
print
# Process everything
Triton.processing(inst)
# Display instruction
print(inst)
# Display symbolic expressions
for expr in inst.getSymbolicExpressions():
print('\t', expr)
print()
print('Display emulated information')
print('~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
write = inst.getOperands()[0].getAddress()
print('Instruction :', inst.getDisassembly())
print('Write at :', hex(write))
print(
'Content :',
hex(
Triton.getConcreteMemoryValue(
MemoryAccess(write + 4, CPUSIZE.DWORD))))
print('RAX value :',
hex(Triton.getConcreteRegisterValue(Triton.registers.rax)))
print('RSI value :',
hex(Triton.getConcreteRegisterValue(Triton.registers.rsi)))
print('RDI value :',
hex(Triton.getConcreteRegisterValue(Triton.registers.rdi)))
print()
inst = Instruction()
# Setup opcode
inst.setOpcode(opcode)
# Setup Address
inst.setAddress(addr)
# Process everything
Triton.processing(inst)
# Display instruction
print(inst)
print(' ---------------')
print(' Is memory read :', inst.isMemoryRead())
print(' Is memory write:', inst.isMemoryWrite())
print(' ---------------')
for op in inst.getOperands():
print(' Operand:', op)
if op.getType() == OPERAND.MEM:
print(' - segment :', op.getSegmentRegister())
print(' - base :', op.getBaseRegister())
print(' - index :', op.getIndexRegister())
print(' - scale :', op.getScale())
print(' - disp :', op.getDisplacement())
print(' ---------------')
print()
sys.exit(0)
