def cafter(instruction):
if instruction.address == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
print {k: "0x%x, '%c'" % (v, v) for k, v in getModel(expr).items()}
def cafter(instruction):
if instruction.address == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
models = getModel(expr)
global password
for k, v in models.items():
password.update({getMemoryFromSymVar(k): v})
return
def cafter(instruction):
if instruction.address == 0x40058b:
convertExprToSymVar(getRegSymbolicID(IDREF.REG.RAX), 4)
if instruction.address == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = smt2lib.smtAssert(smt2lib.equal(
zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
print {k: "0x%x, '%c'" % (v, v) for k, v in getModel(expr).items()}
def cafter(instruction):
# [R:1] 0x400798: movsx eax, byte ptr [rcx+rax*1] R:0x7fffb63d610a: 41 (0x41)
# [W:8] 0x40079c: mov qword ptr [rbp-0x50], rax W:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
# [R:8] 0x400891: mov rax, qword ptr [rbp-0x50] R:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
if instruction.getAddress() == 0x400891:
raxId = getRegSymbolicID(IDREF.REG.RAX)
convertExprToSymVar(raxId, 64)
if instruction.getAddress() == 0x400b69:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getFullExpression(getSymExpr(zfId).getAst())
expr = smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue()))
print getModel(expr)
return
def cafter(instruction):
# 0x40058b: movzx eax, byte ptr [rax]
if instruction.address == 0x40058b:
convertRegToSymVar(IDREF.REG.RAX, 32)
# 0x4005ae: cmp ecx, eax
if instruction.address == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getFullExpression(getSymExpr(zfId).getAst())
expr = smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
models = getModel(expr)
global password
for k, v in models.items():
password.update({symVarMem: v})
return
def cafter(instruction):
# 0x40058b: movzx eax, byte ptr [rax]
if instruction.getAddress() == 0x40058b:
v = convertRegToSymVar(IDREF.REG.RAX, IDREF.CPUSIZE.DWORD_BIT)
#print "Concrete value:\t%s\t%c" % (v, v.getConcreteValue())
# 0x4005ae: cmp ecx, eax
if instruction.getAddress() == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getFullExpression(getSymExpr(zfId).getAst())
expr = smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
models = getModel(expr)
global password
for k, v in models.items():
password.update({symVarMem: v})
return
def cafter(instruction):
# 0x40058b: movzx eax, byte ptr [rax]
if instruction.address == 0x40058b:
convertRegToSymVar(IDREF.REG.RAX, 4)
# 0x4005ae: cmp ecx, eax
if instruction.address == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = smt2lib.smtAssert(smt2lib.equal(
zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
models = getModel(expr)
global password
for k, v in models.items():
password.update({symVarMem: v})
return
def cafter(instruction):
# 0x40058b: movzx eax, byte ptr [rax]
if instruction.getAddress() == 0x40058b:
v = convertRegToSymVar(IDREF.REG.RAX, IDREF.CPUSIZE.DWORD_BIT)
#print "Concrete value:\t%s\t%c" % (v, v.getConcreteValue())
# 0x4005ae: cmp ecx, eax
if instruction.getAddress() == 0x4005ae:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getFullExpression(getSymExpr(zfId).getAst())
expr = smt2lib.smtAssert(smt2lib.equal(
zfExpr, smt2lib.bvtrue())) # (assert (= zf True))
models = getModel(expr)
global password
for k, v in models.items():
password.update({symVarMem: v})
return
def cafter(instruction):
print '%#x: %s' %(instruction.address, instruction.assembly)
# [R:1] 0x400798: movsx eax, byte ptr [rcx+rax*1] R:0x7fffb63d610a: 41 (0x41)
# [W:8] 0x40079c: mov qword ptr [rbp-0x50], rax W:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
# [R:8] 0x400891: mov rax, qword ptr [rbp-0x50] R:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
if instruction.address == 0x400891:
raxId = getRegSymbolicID(IDREF.REG.RAX)
convertExprToSymVar(raxId, 8)
if instruction.address == 0x400b69:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = str()
expr += smt2lib.smtAssert(smt2lib.bvugt('SymVar_0', smt2lib.bv(96, 64))) # printable char
expr += smt2lib.smtAssert(smt2lib.bvult('SymVar_0', smt2lib.bv(123, 64))) # printable char
expr += smt2lib.smtAssert(smt2lib.equal(zfExpr, smt2lib.bvtrue())) # (assert (= zf true)
print getModel(expr)
return
def cafter(instruction):
print '%#x: %s' % (instruction.address, instruction.assembly)
# [R:1] 0x400798: movsx eax, byte ptr [rcx+rax*1] R:0x7fffb63d610a: 41 (0x41)
# [W:8] 0x40079c: mov qword ptr [rbp-0x50], rax W:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
# [R:8] 0x400891: mov rax, qword ptr [rbp-0x50] R:0x7fffb63d52b0: 41 00 00 00 00 00 00 00 (0x41)
if instruction.address == 0x400891:
raxId = getRegSymbolicID(IDREF.REG.RAX)
convertExprToSymVar(raxId, 8)
if instruction.address == 0x400b69:
zfId = getRegSymbolicID(IDREF.FLAG.ZF)
zfExpr = getBacktrackedSymExpr(zfId)
expr = str()
expr += smt2lib.smtAssert(smt2lib.bvugt('SymVar_0', smt2lib.bv(
96, 64))) # printable char
expr += smt2lib.smtAssert(
smt2lib.bvult('SymVar_0', smt2lib.bv(123, 64))) # printable char
expr += smt2lib.smtAssert(smt2lib.equal(
zfExpr, smt2lib.bvtrue())) # (assert (= zf true)
print getModel(expr)
return