#!/usr/bin/env python2 ## -*- coding: utf-8 -*- import sys import triton import pintool post_call_to_check_license = 0x4007bf # the instruction after check_license() returns I.E. mov DWORD PTR [rbp-0x1c],eax target = 0x4007cd # main's call to printf(License check passed\n") Triton = pintool.getTritonContext() def symbolize_inputs(tid): rsi = pintool.getCurrentRegisterValue(Triton.registers.rsi) # argv addr = pintool.getCurrentMemoryValue(rsi + (triton.CPUSIZE.QWORD), triton.CPUSIZE.QWORD) # argv[1] # symbolize each character in argv[1], i.e the serial (including the terminating NULL) c = None s = '' while c != 0: c = pintool.getCurrentMemoryValue(addr) s += chr(c) Triton.setConcreteMemoryValue(addr, c) Triton.convertMemoryToSymbolicVariable( triton.MemoryAccess(addr, triton.CPUSIZE.BYTE)).setComment( 'argv[1][%d]' % (len(s) - 1)) addr += 1 print 'Symbolized argv[1]: %s' % (s)
# $ ./triton ./src/testers/qemu-test-x86_64.py ./src/samples/ir_test_suite/qemu-test-x86_64 from triton import ARCH, SYMEXPR, OPCODE import pintool as Pintool # Get the Triton context over the pintool Triton = Pintool.getTritonContext() def sbefore(instruction): Triton.concretizeAllMemory() Triton.concretizeAllRegister() return def cafter(instruction): ofIgnored = [ OPCODE.RCL, OPCODE.RCR, OPCODE.ROL, OPCODE.ROR, OPCODE.SAR, OPCODE.SHL, OPCODE.SHLD, OPCODE.SHR, OPCODE.SHRD, ] bad = list() regs = Triton.getParentRegisters()
# Note: Display the list of unsuported semantics from __future__ import print_function from operator import itemgetter from triton import ARCH from pintool import getTritonContext, startAnalysisFromEntry, runProgram, insertCall, INSERT_POINT unsuportedSemantics = dict() Triton = getTritonContext() def cbefore(instruction): if len(instruction.getSymbolicExpressions()) == 0: mnemonic = instruction.getDisassembly().split(' ')[0] if mnemonic in unsuportedSemantics: unsuportedSemantics[mnemonic] += 1 else: print(instruction) unsuportedSemantics.update({mnemonic: 1}) return def cafter(instruction): Triton.reset() return def cfini(): l = list(unsuportedSemantics.items())
# Note: Display the list of unsuported semantics from operator import itemgetter from triton import ARCH from pintool import getTritonContext, startAnalysisFromEntry, runProgram, insertCall, INSERT_POINT unsuportedSemantics = dict() Triton = getTritonContext() def cbefore(instruction): if len(instruction.getSymbolicExpressions()) == 0: mnemonic = instruction.getDisassembly().split(' ')[0] if mnemonic in unsuportedSemantics: unsuportedSemantics[mnemonic] += 1 else: print instruction unsuportedSemantics.update({mnemonic: 1}) return def cafter(instruction): Triton.resetEngines() return def cfini(): l = unsuportedSemantics.items()