Python cmp_path示例，tools.cmp_path Python示例

示例#1

0

显示文件

def check_unconstrained(state):
    hists = state.history.bbl_addrs.hardcopy
    bp_error_paths = state.globals['bp_error_paths']
    sp_error_paths = state.globals['sp_error_paths']
    pc_error_paths = state.globals['pc_error_paths']
    limit = state.globals['limit']
    paths, print_paths = ct.deal_history(state, hists)
    if ct.cmp_path(paths, bp_error_paths, limit) or ct.cmp_path(
            paths, sp_error_paths, limit) or ct.cmp_path(
                paths, pc_error_paths, limit):

        path_dir = {'unknow_error_result': {}}
        path_dir['unknow_error_result']['stdin'] = str(state.posix.dumps(0))
        path_dir['unknow_error_result']['stdout'] = str(state.posix.dumps(1))
        path_dir['unknow_error_result']['chain'] = print_paths

        if 'argv' in state.globals:
            argv = state.globals['argv']
            argv_ret = []
            # print("[PC]inputs",len(argv),"args:")
            for x in argv:
                # print(state.solver.eval(x,cast_to=bytes))
                argv_ret.append(str(state.solver.eval(x, cast_to=bytes)))
            path_dir['unknow_error_result']['argv'] = argv_ret

        fp = open("resgs.json", "a")
        json_str = json.dumps(path_dir)
        fp.write(json_str + "\n")
        fp.close()
        state.regs.rip = state.solver.BVV(0xdeadbeef, 64)

示例#2

0

显示文件

def Check_UAF_W(state):
    if "has_free" not in state.globals:
        # before_free=[]
        if "before_free" in state.globals:
            before_free = state.globals["before_free"]
        else:
            state.globals["before_free"] = []
            before_free = state.globals["before_free"]
        action_now = reversed(state.history.actions.hardcopy)
        for act in action_now:
            if act not in before_free:
                before_free.append(act)

    else:
        before_free = state.globals["before_free"]
        action_now = reversed(state.history.actions.hardcopy)

        action = [i for i in action_now if i not in before_free]

        malloc_dir = state.globals["has_malloc"]
        free_dir = state.globals["has_free"]

        for act in action:
            if act.type == 'mem' and act.action == 'write':
                addr = check_addr(state, act)
                if addr == 0:
                    print("error:", act.addr)
                    break

                for f in free_dir:
                    if f == addr:
                        hists = state.history.bbl_addrs.hardcopy
                        paths, print_paths = ct.deal_history(state, hists)
                        uaf_write_paths = state.globals['uaf_write_paths']
                        limit = state.globals['limit']
                        if ct.cmp_path(paths, uaf_write_paths, limit):
                            path_dir = {'uaf_W_result': {}}
                            path_dir['uaf_W_result']['stdin'] = str(
                                state.posix.dumps(0))
                            path_dir['uaf_W_result']['stdout'] = str(
                                state.posix.dumps(1))
                            path_dir['uaf_W_result']['chain'] = print_paths

                            if 'argv' in state.globals:
                                argv = state.globals['argv']
                                argv_ret = []
                                for x in argv:
                                    argv_ret.append(
                                        str(state.solver.eval(x,
                                                              cast_to=bytes)))
                                path_dir['uaf_W_result']['argv'] = argv_ret

                            fp = open("heap.json", "a")
                            json_str = json.dumps(path_dir)
                            fp.write(json_str + "\n")
                            fp.close()

                            state.globals["uaf_write"] = True

                        break

示例#3

0

显示文件

文件： ArbRW.py 项目： woods1060/MAKARA

def Check_arbitrary_W(state):
    action = reversed(state.history.actions.hardcopy)

    for act in action:
        if act.type == 'mem' and act.action == 'write' and check_addr_sym(
                state, act):
            hists = state.history.bbl_addrs.hardcopy
            paths, print_paths = ct.deal_history(state, hists)
            arbitrary_write_paths = state.globals['arbitrary_write_paths']
            limit = state.globals['limit']
            if ct.cmp_path(paths, arbitrary_write_paths, limit):
                path_dir = {'arbitrary_W_result': {}}
                path_dir['arbitrary_W_result']['stdin'] = str(
                    state.posix.dumps(0))
                path_dir['arbitrary_W_result']['stdout'] = str(
                    state.posix.dumps(1))
                path_dir['arbitrary_W_result']['chain'] = print_paths

                if 'argv' in state.globals:
                    argv = state.globals['argv']
                    argv_ret = []
                    for x in argv:
                        argv_ret.append(
                            str(state.solver.eval(x, cast_to=bytes)))
                    path_dir['arbitrary_W_result']['argv'] = argv_ret

                fp = open("ArbRW.json", "a")
                json_str = json.dumps(path_dir)
                fp.write(json_str + "\n")
                fp.close()

            break