def _menuAction_evaluate_upto_buffer(self, buffer_id):
buff = self.current_state.symbolic_buffers[buffer_id][0]
n_eval = get_int_input("How many values (upto) ?", "Number of distinct values")
r = ""
for i, v in enumerate(self.current_state.solver.evaluate_upto(buff, n_eval)):
r += "solution %d: %s\n" % (i, hex(v.value))
show_message_box("%s evaluate" % buff.name, r)
def on_doubleClick(self, item):
row_idx = item.row()
if self.index_to_reg[row_idx] == self.arch.getip_reg():
return
old_expr = getattr(self.current_state.regs, self.index_to_reg[row_idx])
new_val = get_int_input("value for %s" % self.index_to_reg[row_idx], "Set Reg")
if new_val is None:
return
new_expr = BVV(new_val, old_expr.size)
setattr(self.current_state.regs, self.index_to_reg[row_idx], new_expr)
self.set_reg_value(self.index_to_reg[row_idx], new_expr, RegisterView.dirty_color)
def on_monitor_button_click(self):
if self.current_state is None:
return
address = get_int_input("Memory address", "Set Memory Monitor")
if address is None: return
self.hexWidget.setEnabled(True)
self.address_start = address
self.size = 512
self.current_state.mem.register_store_hook(self._monitor_changes)
self.update_mem(self.current_state)
def _evaluate_upto_with_solver(self, address, expr):
val = ""
if not self.current_state.solver.symbolic(expr):
new_expr = self.current_state.solver.evaluate(expr)
self.current_state.mem.store(address, new_expr)
self.changes.add(
(address - self.address_start,
address - self.address_start + new_expr.size // 8))
self.update_mem_delta(self.current_state)
show_message_box("Expression at %s" % hex(address),
"The value was indeed concrete! State modified")
else:
n_eval = get_int_input("How many values (upto) ?",
"Number of distinct values")
r = ""
for i, v in enumerate(
self.current_state.solver.evaluate_upto(expr, n_eval)):
r += "solution %d: %s\n" % (i, hex(v.value))
show_message_box("Value at %s (with solver):" % hex(address), r)
def on_customContextMenuRequested(self, pos):
item = self._table.itemAt(pos)
if item is None:
return
row_idx = item.row()
if self.index_to_reg[row_idx] == self.arch.getip_reg():
return
expr = getattr(self.current_state.regs, self.index_to_reg[row_idx])
menu = QMenu()
show_reg_expr = menu.addAction(
"Show reg expression") if not isinstance(expr, BVV) else None
make_reg_symb = menu.addAction("Make reg symbolic") if isinstance(
expr, BVV) else None
set_reg_value = menu.addAction("Set reg value")
eval_with_sol = menu.addAction(
"Evaluate with solver") if not isinstance(expr, BVV) else None
eval_upto_with_sol = menu.addAction(
"Evaluate upto with solver") if not isinstance(expr, BVV) else None
concretize = menu.addAction("Concretize") if not isinstance(
expr, BVV) else None
copy = menu.addAction("Copy to clipboard") if not isinstance(
expr, BVS) else None
bind_to_buffer = menu.addAction("Bind to symbolic buffer")
action = menu.exec_(self._table.viewport().mapToGlobal(pos))
if action is None:
return
if action == bind_to_buffer:
buffer_names = [
b[0].name for b in self.current_state.symbolic_buffers
]
if len(buffer_names) == 0:
return
buff_id = get_choice_input("Select a buffer", "choices",
buffer_names)
address = self.current_state.symbolic_buffers[buff_id][1]
buff_p = BVV(address, self.current_state.arch.bits())
setattr(self.current_state.regs, self.index_to_reg[row_idx],
buff_p)
self.set_reg_value(self.index_to_reg[row_idx], buff_p,
RegisterView.dirty_color)
if action == show_reg_expr:
show_message_box("Reg Expression", str(expr.z3obj.sexpr()))
if action == make_reg_symb:
new_expr = BVS('symb_injected_through_ui_%d' % self.symb_idx,
expr.size)
setattr(self.current_state.regs, self.index_to_reg[row_idx],
new_expr)
self.set_reg_value(self.index_to_reg[row_idx], new_expr,
RegisterView.dirty_color)
self.symb_idx += 1
if action == set_reg_value:
self.on_doubleClick(item)
if action == eval_with_sol:
expr = getattr(self.current_state.regs, self.index_to_reg[row_idx])
if not self.current_state.solver.symbolic(expr):
new_expr = self.current_state.solver.evaluate(expr)
setattr(self.current_state.regs, self.index_to_reg[row_idx],
new_expr)
self.set_reg_value(self.index_to_reg[row_idx], new_expr,
RegisterView.dirty_color)
show_message_box(
"Reg Value (with solver)",
"The value was indeed concrete! State modified")
else:
show_message_box(
"Reg Value (with solver)",
hex(self.current_state.solver.evaluate(expr).value))
if action == eval_upto_with_sol:
expr = getattr(self.current_state.regs, self.index_to_reg[row_idx])
if not self.current_state.solver.symbolic(expr):
new_expr = self.current_state.solver.evaluate(expr)
setattr(self.current_state.regs, self.index_to_reg[row_idx],
new_expr)
self.set_reg_value(self.index_to_reg[row_idx], new_expr,
RegisterView.dirty_color)
show_message_box(
"Reg Value (with solver)",
"The value was indeed concrete! State modified")
else:
n_eval = get_int_input("How many values (upto) ?",
"Number of distinct values")
r = ""
for i, v in enumerate(
self.current_state.solver.evaluate_upto(expr, n_eval)):
r += "solution %d: %s\n" % (i, hex(v.value))
show_message_box("Reg Value (with solver)", r)
if action == concretize:
expr = getattr(self.current_state.regs, self.index_to_reg[row_idx])
new_expr = self.current_state.solver.evaluate(expr)
res = get_choice_input(
"Concretize %s to %s?" %
(self.index_to_reg[row_idx], hex(new_expr.value)),
"Concretize", ["Yes", "No"])
if res == 0:
setattr(self.current_state.regs, self.index_to_reg[row_idx],
new_expr)
self.current_state.solver.add_constraints(expr == new_expr)
self.set_reg_value(self.index_to_reg[row_idx], new_expr,
RegisterView.dirty_color)
if action == copy:
mime = QMimeData()
if isinstance(expr, BVV):
mime.setText(hex(expr.value))
else:
mime.setText(str(expr.z3obj.sexpr()))
QApplication.clipboard().setMimeData(mime)