def test_7(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337) inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337) self.assertIsNone(inst.getOperands()[1].getLeaAst())
def test_7(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337) inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337) self.assertIsNone(inst.getOperands()[1].getLeaAst())
def test_8(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337) ctx.convertRegisterToSymbolicVariable(ctx.registers.rax) ctx.convertMemoryToSymbolicVariable(MemoryAccess(0, CPUSIZE.QWORD)) inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337) self.assertIsNotNone(inst.getOperands()[1].getLeaAst())
def test_pop_esp(self): """Check pop on esp processing.""" setArchitecture(ARCH.X86) # mov esp, 0x19fe00 inst1 = Instruction('\xBC\x00\xFE\x19\x00') # mov dword ptr [esp], 0x11111111 inst2 = Instruction('\xC7\x04\x24\x11\x11\x11\x11') # pop dword ptr [esp] inst3 = Instruction('\x8F\x04\x24') processing(inst1) processing(inst2) processing(inst3) self.assertEqual(inst3.getOperands()[0].getAddress(), 0x19fe04, "esp has been poped") self.assertEqual(inst3.getOperands()[0].getConcreteValue(), 0x11111111, "new value is still 0x11111111") self.assertEqual(inst3.getStoreAccess()[0][0].getAddress(), 0x19fe04, "inst3 set the value in 0x19fe04") self.assertEqual(inst3.getStoreAccess()[0][1].evaluate(), 0x11111111, "And this value is 0x11111111")
def test_load_ds(self): """Check load from ds segment.""" setArchitecture(ARCH.X86) inst = Instruction() # mov ax, ds:word_40213C inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00") processing(inst) self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C) self.assertEqual(inst.getOperands()[1].getBitSize(), 16)
def test_pop(self): """Check the pop instruction processing.""" setArchitecture(ARCH.X86) # mov esp, 0x19fe00 inst1 = Instruction('\xBC\x00\xFE\x19\x00') # mov edi, 0x19fe00 inst2 = Instruction('\xBF\x00\xFE\x19\x00') # mov dword ptr [esp], 0x11111111 inst3 = Instruction('\xC7\x04\x24\x11\x11\x11\x11') # pop dword ptr [edi] inst4 = Instruction('\x8F\x07') processing(inst1) processing(inst2) processing(inst3) processing(inst4) self.assertEqual(inst4.getOperands()[0].getAddress(), 0x19fe00, "poping edi doesn't change it") self.assertEqual(inst4.getOperands()[0].getConcreteValue(), 0x11111111, "pointed value in edi is the previously pointed value by esp") self.assertEqual(inst4.getStoreAccess()[0][0].getAddress(), 0x19fe00, "inst4 store the new value in 0x19fe00 (edi value)") self.assertEqual(inst4.getStoreAccess()[0][1].evaluate(), 0x11111111, "The stored value is 0x11111111")
class TestInstruction(unittest.TestCase): """Testing the Instruction class.""" def setUp(self): """Define and process the instruction to test.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.inst = Instruction() self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx self.inst.setAddress(0x400000) self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788) self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211) self.Triton.processing(self.inst) def test_address(self): """Check instruction current and next address.""" self.assertEqual(self.inst.getAddress(), 0x400000) self.assertEqual(self.inst.getNextAddress(), 0x400003) def test_memory(self): """Check memory access.""" self.assertListEqual(self.inst.getLoadAccess(), []) self.assertListEqual(self.inst.getStoreAccess(), []) self.assertFalse(self.inst.isMemoryWrite()) self.assertFalse(self.inst.isMemoryRead()) def test_registers(self): """Check register access.""" self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX") self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF") def test_taints(self): """Check taints attributes.""" self.assertFalse(self.inst.isTainted()) def test_prefix(self): """Check prefix data.""" self.assertFalse(self.inst.isPrefixed()) self.assertEqual(self.inst.getPrefix(), PREFIX.INVALID) def test_control_flow(self): """Check control flow flags.""" self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call") self.assertFalse(self.inst.isBranch(), "It is not a jmp") def test_condition(self): """Check condition flags.""" self.assertFalse(self.inst.isConditionTaken()) def test_opcode(self): """Check opcode informations.""" self.assertEqual(self.inst.getOpcode(), "\x48\x01\xd8") self.assertEqual(self.inst.getType(), OPCODE.ADD) def test_thread(self): """Check threads information.""" self.assertEqual(self.inst.getThreadId(), 0) def test_operand(self): """Check operand information.""" self.assertEqual(len(self.inst.getOperands()), 2) self.assertEqual(self.inst.getOperands()[0].getName(), "rax") self.assertEqual(self.inst.getOperands()[1].getName(), "rbx") with self.assertRaises(Exception): self.inst.getOperands()[2] def test_symbolic(self): """Check symbolic information.""" self.assertEqual(len(self.inst.getSymbolicExpressions()), 8) def test_size(self): """Check size information.""" self.assertEqual(self.inst.getSize(), 3) def test_disassembly(self): """Check disassembly equivalent.""" self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")
class TestInstruction(unittest.TestCase): """Testing the Instruction class.""" def setUp(self): """Define and process the instruction to test.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.inst = Instruction() self.inst.setOpcode(b"\x48\x01\xd8") # add rax, rbx self.inst.setAddress(0x400000) self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788) self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211) self.Triton.processing(self.inst) def test_address(self): """Check instruction current and next address.""" self.assertEqual(self.inst.getAddress(), 0x400000) self.assertEqual(self.inst.getNextAddress(), 0x400003) inst = Instruction() inst.setAddress(-1) self.assertEqual(inst.getAddress(), 0xffffffffffffffff) inst.setAddress(-2) self.assertEqual(inst.getAddress(), 0xfffffffffffffffe) inst.setAddress(-3) self.assertEqual(inst.getAddress(), 0xfffffffffffffffd) def test_memory(self): """Check memory access.""" self.assertListEqual(self.inst.getLoadAccess(), []) self.assertListEqual(self.inst.getStoreAccess(), []) self.assertFalse(self.inst.isMemoryWrite()) self.assertFalse(self.inst.isMemoryRead()) def test_registers(self): """Check register access.""" self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX") self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF") def test_taints(self): """Check taints attributes.""" self.assertFalse(self.inst.isTainted()) def test_prefix(self): """Check prefix data.""" self.assertFalse(self.inst.isPrefixed()) self.assertEqual(self.inst.getPrefix(), PREFIX.X86.INVALID) def test_control_flow(self): """Check control flow flags.""" self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call") self.assertFalse(self.inst.isBranch(), "It is not a jmp") def test_condition(self): """Check condition flags.""" self.assertFalse(self.inst.isConditionTaken()) def test_opcode(self): """Check opcode informations.""" self.assertEqual(self.inst.getOpcode(), b"\x48\x01\xd8") self.assertEqual(self.inst.getType(), OPCODE.X86.ADD) def test_thread(self): """Check threads information.""" self.assertEqual(self.inst.getThreadId(), 0) def test_operand(self): """Check operand information.""" self.assertEqual(len(self.inst.getOperands()), 2) self.assertEqual(self.inst.getOperands()[0].getName(), "rax") self.assertEqual(self.inst.getOperands()[1].getName(), "rbx") with self.assertRaises(Exception): self.inst.getOperands()[2] def test_symbolic(self): """Check symbolic information.""" self.assertEqual(len(self.inst.getSymbolicExpressions()), 8) def test_size(self): """Check size information.""" self.assertEqual(self.inst.getSize(), 3) def test_disassembly(self): """Check disassembly equivalent.""" self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")
# Setup opcode inst.setOpcode(opcode) # Setup Address inst.setAddress(addr) # Process everything Triton.processing(inst) # Display instruction print inst print ' ---------------' print ' Is memory read :', inst.isMemoryRead() print ' Is memory write:', inst.isMemoryWrite() print ' ---------------' for op in inst.getOperands(): print ' Operand:', op if op.getType() == OPERAND.MEM: print ' - segment :', op.getSegmentRegister() print ' - base :', op.getBaseRegister() print ' - index :', op.getIndexRegister() print ' - scale :', op.getScale() print ' - disp :', op.getDisplacement() print ' ---------------' print sys.exit(0)
# Process everything Triton.processing(inst) # Display instruction print inst # Display symbolic expressions for expr in inst.getSymbolicExpressions(): print '\t', expr print print 'Display emulated information' print '~~~~~~~~~~~~~~~~~~~~~~~~~~~~' write = inst.getOperands()[0].getAddress() print 'Instruction :', inst.getDisassembly() print 'Write at :', hex(write) print 'Content :', hex(Triton.getConcreteMemoryValue(MemoryAccess(write+4, CPUSIZE.DWORD))) print 'RAX value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rax)) print 'RSI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rsi)) print 'RDI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rdi)) print print 'Symbolic registers information' print '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' for k, v in Triton.getSymbolicRegisters().items(): print Triton.getRegister(k), v print
# Process everything Triton.processing(inst) # Display instruction print(inst) # Display symbolic expressions for expr in inst.getSymbolicExpressions(): print('\t', expr) print() print('Display emulated information') print('~~~~~~~~~~~~~~~~~~~~~~~~~~~~') write = inst.getOperands()[0].getAddress() print('Instruction :', inst.getDisassembly()) print('Write at :', hex(write)) print( 'Content :', hex( Triton.getConcreteMemoryValue( MemoryAccess(write + 4, CPUSIZE.DWORD)))) print('RAX value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rax))) print('RSI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rsi))) print('RDI value :', hex(Triton.getConcreteRegisterValue(Triton.registers.rdi))) print()
inst = Instruction() # Setup opcode inst.setOpcode(opcode) # Setup Address inst.setAddress(addr) # Process everything Triton.processing(inst) # Display instruction print(inst) print(' ---------------') print(' Is memory read :', inst.isMemoryRead()) print(' Is memory write:', inst.isMemoryWrite()) print(' ---------------') for op in inst.getOperands(): print(' Operand:', op) if op.getType() == OPERAND.MEM: print(' - segment :', op.getSegmentRegister()) print(' - base :', op.getBaseRegister()) print(' - index :', op.getIndexRegister()) print(' - scale :', op.getScale()) print(' - disp :', op.getDisplacement()) print(' ---------------') print() sys.exit(0)