def main(): global workList global seed global blockList if os.path.exists(FILE_PATH + "blocklist.pkl"): with open(FILE_PATH + "blocklist.pkl", "rb") as data: blockList = pickle.load(data) with open(FILE_PATH + "worklist.pkl", "rb") as data: workList = pickle.load(data) seed = heapq.heappop(workList)[1] #thread = threading.Thread(target = computePathConstraint) #thread.start() #thread.join() #concolic.computePathConstraint() #with open("PC.pkl", "rb") as pc: # PC = pickle.load(pc) #pid = os.fork() #if not pid: # computePathConstraint() #else: # os.waitpid(pid, 0) Triton.setArchitecture(triton.ARCH.X86_64) Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True) pintool.startAnalysisFromSymbol("main") pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY, "main") pintool.insertCall(computeBlockCoverage, pintool.INSERT_POINT.BEFORE) pintool.insertCall(expandExecution, pintool.INSERT_POINT.FINI) pintool.runProgram()
def main(): Triton.setArchitecture(triton.ARCH.X86_64) Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True) pintool.startAnalysisFromSymbol('main') pintool.insertCall(hook, pintool.INSERT_POINT.BEFORE) pintool.insertCall(read_hook, pintool.INSERT_POINT.ROUTINE_EXIT, 'read') pintool.runProgram()
def main(): Triton.setArchitecture(triton.ARCH.X86_64) Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True) pintool.startAnalysisFromSymbol('main') pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY, 'main') pintool.insertCall(hook_icall, pintool.INSERT_POINT.BEFORE) pintool.runProgram()
def main(): global blockList with open("/media/sf_SharedFolder/Generational-Search/blocklist.pkl", "rb") as data: blockList = pickle.load(data) Triton.setArchitecture(triton.ARCH.X86_64) Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True) pintool.startAnalysisFromSymbol("main") pintool.insertCall(computeScore, pintool.INSERT_POINT.BEFORE) pintool.insertCall(outputScore, pintool.INSERT_POINT.FINI) pintool.runProgram()
def main(): # Tritonアーキテクチャを設定 # x86-64にハードコード Triton.setArchitecture(triton.ARCH.X86_64) # ALIGNED_MEMORY最適化を有効 Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True) # 'main'という関数から計装開始 # シンボルが使えない時はpintool.startAnalysisFromAddressでアドレスを指定 pintool.startAnalysisFromSymbol('main') # mainでユーザからの入力をシンボル化 pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY, 'main') # 全てののパスを通る入力を見つける。 pintool.insertCall(hook_cmp, pintool.INSERT_POINT.BEFORE) pintool.runProgram()
unsuportedSemantics[mnemonic] += 1 else: print(instruction) unsuportedSemantics.update({mnemonic: 1}) return def cafter(instruction): Triton.reset() return def cfini(): l = list(unsuportedSemantics.items()) l.sort(key=itemgetter(1), reverse=True) print('=============================================================') print('Unsuported Semantics') print('=============================================================') for i in l: print('%s: %d' %(i[0].lower(), i[1])) print('=============================================================') return if __name__ == '__main__': startAnalysisFromEntry() insertCall(cbefore, INSERT_POINT.BEFORE) insertCall(cafter, INSERT_POINT.AFTER) insertCall(cfini, INSERT_POINT.FINI) runProgram()
if nativeAddress != astAddress: good = False print("[%sKO%s] %#x: %s (%smemory error%s)" % (RED, ENDC, instruction.getAddress(), instruction.getDisassembly(), RED, ENDC)) print(" Native address : %016x" % (nativeAddress)) print(" Symbolic address : %016x" % (astAddress)) if len(instruction.getSymbolicExpressions()) == 0: print("[%s??%s] %#x: %s" % (BLUE, ENDC, instruction.getAddress(), instruction.getDisassembly())) return if good: print("[%sOK%s] %#x: %s" % (GREEN, ENDC, instruction.getAddress(), instruction.getDisassembly())) return else: #time.sleep(2) sys.exit(-1) return if __name__ == '__main__': Pintool.startAnalysisFromEntry() Pintool.startAnalysisFromSymbol('check') Pintool.insertCall(cafter, Pintool.INSERT_POINT.AFTER) Pintool.insertCall(sbefore, Pintool.INSERT_POINT.BEFORE_SYMPROC) Pintool.runProgram()
for w in bad: dump += '\n Register : %s' %(w['reg']) dump += '\n Symbolic Value : %016x' %(w['svalue']) dump += '\n Concrete Value : %016x' %(w['cvalue']) dump += '\n Expression : %s' %(w['expr']) print dump with open('./semantics_issues', 'a') as fd: fd.write(dump+'\n') if len(instruction.getSymbolicExpressions()) == 0: dump = '[unsupported] %#x: %s' %(instruction.getAddress(), instruction.getDisassembly()) print dump with open('./semantics_issues', 'a') as fd: fd.write(dump+'\n') return # Reset everything Triton.resetEngines() return if __name__ == '__main__': Triton.setArchitecture(ARCH.X86_64) Pintool.setupImageWhitelist(['qemu-test-x86_64']) Pintool.startAnalysisFromSymbol('main') Pintool.insertCall(cafter, Pintool.INSERT_POINT.AFTER) Pintool.insertCall(sbefore, Pintool.INSERT_POINT.BEFORE_SYMPROC) Pintool.runProgram()
else: print instruction unsuportedSemantics.update({mnemonic: 1}) return def cafter(instruction): Triton.resetEngines() return def cfini(): l = unsuportedSemantics.items() l.sort(key=itemgetter(1), reverse=True) print '=============================================================' print 'Unsuported Semantics' print '=============================================================' for i in l: print '%s: %d' %(i[0].lower(), i[1]) print '=============================================================' return if __name__ == '__main__': Triton.setArchitecture(ARCH.X86_64) startAnalysisFromEntry() insertCall(cbefore, INSERT_POINT.BEFORE) insertCall(cafter, INSERT_POINT.AFTER) insertCall(cfini, INSERT_POINT.FINI) runProgram()