def main():
global workList
global seed
global blockList
if os.path.exists(FILE_PATH + "blocklist.pkl"):
with open(FILE_PATH + "blocklist.pkl", "rb") as data:
blockList = pickle.load(data)
with open(FILE_PATH + "worklist.pkl", "rb") as data:
workList = pickle.load(data)
seed = heapq.heappop(workList)[1]
#thread = threading.Thread(target = computePathConstraint)
#thread.start()
#thread.join()
#concolic.computePathConstraint()
#with open("PC.pkl", "rb") as pc:
# PC = pickle.load(pc)
#pid = os.fork()
#if not pid:
# computePathConstraint()
#else:
# os.waitpid(pid, 0)
Triton.setArchitecture(triton.ARCH.X86_64)
Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True)
pintool.startAnalysisFromSymbol("main")
pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY, "main")
pintool.insertCall(computeBlockCoverage, pintool.INSERT_POINT.BEFORE)
pintool.insertCall(expandExecution, pintool.INSERT_POINT.FINI)
pintool.runProgram()
def main():
Triton.setArchitecture(triton.ARCH.X86_64)
Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True)
pintool.startAnalysisFromSymbol('main')
pintool.insertCall(hook, pintool.INSERT_POINT.BEFORE)
pintool.insertCall(read_hook, pintool.INSERT_POINT.ROUTINE_EXIT, 'read')
pintool.runProgram()
def main():
Triton.setArchitecture(triton.ARCH.X86_64)
Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True)
pintool.startAnalysisFromSymbol('main')
pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY,
'main')
pintool.insertCall(hook_icall, pintool.INSERT_POINT.BEFORE)
pintool.runProgram()
def main():
global blockList
with open("/media/sf_SharedFolder/Generational-Search/blocklist.pkl",
"rb") as data:
blockList = pickle.load(data)
Triton.setArchitecture(triton.ARCH.X86_64)
Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True)
pintool.startAnalysisFromSymbol("main")
pintool.insertCall(computeScore, pintool.INSERT_POINT.BEFORE)
pintool.insertCall(outputScore, pintool.INSERT_POINT.FINI)
pintool.runProgram()
def main():
# Tritonアーキテクチャを設定
# x86-64にハードコード
Triton.setArchitecture(triton.ARCH.X86_64)
# ALIGNED_MEMORY最適化を有効
Triton.enableMode(triton.MODE.ALIGNED_MEMORY, True)
# 'main'という関数から計装開始
# シンボルが使えない時はpintool.startAnalysisFromAddressでアドレスを指定
pintool.startAnalysisFromSymbol('main')
# mainでユーザからの入力をシンボル化
pintool.insertCall(symbolize_inputs, pintool.INSERT_POINT.ROUTINE_ENTRY, 'main')
# 全てののパスを通る入力を見つける。
pintool.insertCall(hook_cmp, pintool.INSERT_POINT.BEFORE)
pintool.runProgram()
unsuportedSemantics[mnemonic] += 1
else:
print(instruction)
unsuportedSemantics.update({mnemonic: 1})
return
def cafter(instruction):
Triton.reset()
return
def cfini():
l = list(unsuportedSemantics.items())
l.sort(key=itemgetter(1), reverse=True)
print('=============================================================')
print('Unsuported Semantics')
print('=============================================================')
for i in l:
print('%s: %d' %(i[0].lower(), i[1]))
print('=============================================================')
return
if __name__ == '__main__':
startAnalysisFromEntry()
insertCall(cbefore, INSERT_POINT.BEFORE)
insertCall(cafter, INSERT_POINT.AFTER)
insertCall(cfini, INSERT_POINT.FINI)
runProgram()
if nativeAddress != astAddress:
good = False
print("[%sKO%s] %#x: %s (%smemory error%s)" %
(RED, ENDC, instruction.getAddress(),
instruction.getDisassembly(), RED, ENDC))
print(" Native address : %016x" % (nativeAddress))
print(" Symbolic address : %016x" % (astAddress))
if len(instruction.getSymbolicExpressions()) == 0:
print("[%s??%s] %#x: %s" % (BLUE, ENDC, instruction.getAddress(),
instruction.getDisassembly()))
return
if good:
print("[%sOK%s] %#x: %s" % (GREEN, ENDC, instruction.getAddress(),
instruction.getDisassembly()))
return
else:
#time.sleep(2)
sys.exit(-1)
return
if __name__ == '__main__':
Pintool.startAnalysisFromEntry()
Pintool.startAnalysisFromSymbol('check')
Pintool.insertCall(cafter, Pintool.INSERT_POINT.AFTER)
Pintool.insertCall(sbefore, Pintool.INSERT_POINT.BEFORE_SYMPROC)
Pintool.runProgram()
for w in bad:
dump += '\n Register : %s' %(w['reg'])
dump += '\n Symbolic Value : %016x' %(w['svalue'])
dump += '\n Concrete Value : %016x' %(w['cvalue'])
dump += '\n Expression : %s' %(w['expr'])
print dump
with open('./semantics_issues', 'a') as fd:
fd.write(dump+'\n')
if len(instruction.getSymbolicExpressions()) == 0:
dump = '[unsupported] %#x: %s' %(instruction.getAddress(), instruction.getDisassembly())
print dump
with open('./semantics_issues', 'a') as fd:
fd.write(dump+'\n')
return
# Reset everything
Triton.resetEngines()
return
if __name__ == '__main__':
Triton.setArchitecture(ARCH.X86_64)
Pintool.setupImageWhitelist(['qemu-test-x86_64'])
Pintool.startAnalysisFromSymbol('main')
Pintool.insertCall(cafter, Pintool.INSERT_POINT.AFTER)
Pintool.insertCall(sbefore, Pintool.INSERT_POINT.BEFORE_SYMPROC)
Pintool.runProgram()
else:
print instruction
unsuportedSemantics.update({mnemonic: 1})
return
def cafter(instruction):
Triton.resetEngines()
return
def cfini():
l = unsuportedSemantics.items()
l.sort(key=itemgetter(1), reverse=True)
print '============================================================='
print 'Unsuported Semantics'
print '============================================================='
for i in l:
print '%s: %d' %(i[0].lower(), i[1])
print '============================================================='
return
if __name__ == '__main__':
Triton.setArchitecture(ARCH.X86_64)
startAnalysisFromEntry()
insertCall(cbefore, INSERT_POINT.BEFORE)
insertCall(cafter, INSERT_POINT.AFTER)
insertCall(cfini, INSERT_POINT.FINI)
runProgram()
