class TestRAXBitvector(unittest.TestCase): """Testing the Bitvector class.""" def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.bv = self.Triton.registers.rax.getBitvector() def test_high(self): """Check the highest bit.""" self.assertEqual(self.bv.getHigh(), 63) def test_low(self): """Check the lower bit.""" self.assertEqual(self.bv.getLow(), 0) def test_size(self): """Check the vector size.""" self.assertEqual(self.bv.getVectorSize(), 64) def test_maxValue(self): """Check the max value of the vector.""" self.assertEqual(self.bv.getMaxValue(), 0xffffffffffffffff)
class TestImmediate64(unittest.TestCase): """Testing the Immediate class.""" def setUp(self): """Define the arch and Immediate to test.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.imm = Immediate(0x0123456789abcdef, CPUSIZE.QWORD) def test_bit_size(self): """Check the bitsize.""" self.assertEqual(self.imm.getBitSize(), 64) def test_size(self): """Check the size.""" self.assertEqual(self.imm.getSize(), 8) def test_value(self): """Check immediate value with different size.""" self.assertEqual(self.imm.getValue(), 0x0123456789abcdef) def test_type(self): """Check immadiate type.""" self.assertEqual(self.imm.getType(), OPERAND.IMM)
class TestNegativeImmediate(unittest.TestCase): """Testing the Immediate class.""" def setUp(self): self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) def test_value(self): """Check immediate value with different size.""" self.imm = Immediate(-4, CPUSIZE.BYTE) self.assertEqual(self.imm.getValue(), 0xfc) self.imm = Immediate(-4, CPUSIZE.WORD) self.assertEqual(self.imm.getValue(), 0xfffc) self.imm = Immediate(-4, CPUSIZE.DWORD) self.assertEqual(self.imm.getValue(), 0xfffffffc) self.imm = Immediate(-4, CPUSIZE.QWORD) self.assertEqual(self.imm.getValue(), 0xfffffffffffffffc) self.imm = Immediate(0x7123456789abcdef, CPUSIZE.QWORD) self.assertEqual(self.imm.getValue(), 0x7123456789abcdef) self.imm = Immediate(0x8123456789abcdef, CPUSIZE.QWORD) self.assertEqual(self.imm.getValue(), 0x8123456789abcdef)
class TestSymbolicEngineAligned(BaseTestSimulation, unittest.TestCase): """Testing the symbolic emulation engine with ALIGNED_MEMORY.""" def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ALIGNED_MEMORY, True) super(TestSymbolicEngineAligned, self).setUp()
def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ALIGNED_MEMORY, True) self.Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) self.Triton.enableMode(MODE.AST_OPTIMIZATIONS, True) super(TestSymbolicEngineAlignedOnlySymbolizedSymOpti, self).setUp()
class TestSymbolicEngineSymOpti(BaseTestSimulation, unittest.TestCase): """Testing the symbolic emulation engine without optimization.""" def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.AST_OPTIMIZATIONS, True) super(TestSymbolicEngineSymOpti, self).setUp()
class TestSymbolicEngineConstantFolding(BaseTestSimulation, unittest.TestCase): """Testing the symbolic emulation engine with CONSTANT_FOLDING.""" def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.setMode(MODE.CONSTANT_FOLDING, True) super(TestSymbolicEngineConstantFolding, self).setUp()
class TestArchitecture(unittest.TestCase): """Testing the architectures.""" def test_modify_arch(self): """Check we can change arch at anytime.""" self.ctx = TritonContext() for _ in xrange(10): self.ctx.setArchitecture( random.choice((ARCH.X86_64, ARCH.X86, ARCH.AARCH64)))
class TestSymbolicEngineOnlySymbolized(BaseTestSimulation, unittest.TestCase): """Testing the symbolic emulation engine with ONLY_ON_SYMBOLIZED.""" def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) super(TestSymbolicEngineOnlySymbolized, self).setUp()
class TestSymbolicEngineNoOptim(BaseTestSimulation, unittest.TestCase): """Testing the symbolic emulation engine without optimization.""" def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) super(TestSymbolicEngineNoOptim, self).setUp()
class TestArchitecture(unittest.TestCase): """Testing the architectures.""" def test_modify_arch(self): """Check we can change arch at anytime.""" self.Triton = TritonContext() for _ in xrange(10): self.Triton.setArchitecture(random.choice((ARCH.X86_64, ARCH.X86)))
def test_taint_set_memory(self): """Set taint memory""" Triton = TritonContext() Triton.setArchitecture(ARCH.X86_64) self.assertFalse(Triton.isMemoryTainted(0x1000)) Triton.setTaintMemory(MemoryAccess(0x1000, 1), True) self.assertTrue(Triton.isMemoryTainted(0x1000)) Triton.setTaintMemory(MemoryAccess(0x1000, 1), False) self.assertFalse(Triton.isMemoryTainted(0x1000))
def test_taint_set_register(self): """Set taint register""" Triton = TritonContext() Triton.setArchitecture(ARCH.X86_64) self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax)) Triton.setTaintRegister(Triton.registers.rax, True) self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax)) Triton.setTaintRegister(Triton.registers.rax, False) self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
def setUp(self): """Define and process the instruction to test.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.inst = Instruction() self.inst.setOpcode(b"\x48\x01\xd8") # add rax, rbx self.inst.setAddress(0x400000) self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788) self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211) self.Triton.processing(self.inst)
class TestIR(unittest.TestCase): """Test IR.""" def emulate(self, pc): """ Emulate every opcode from pc. Process instruction until the end """ while pc: # Fetch opcode opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16) # Create the Triton instruction instruction = Instruction() instruction.setOpcode(opcode) instruction.setAddress(pc) # Process self.assertTrue(self.Triton.processing(instruction)) # Next pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip) return def load_binary(self, filename): """Load in memory every opcode from an elf program.""" import lief #lief.Logger.disable() binary = lief.parse(filename) phdrs = binary.segments for phdr in phdrs: size = phdr.physical_size vaddr = phdr.virtual_address self.Triton.setConcreteMemoryAreaValue(vaddr, phdr.content) def test_ir(self): """Load binary, setup environment and emulate the ir test suite.""" self.Triton = TritonContext() # Set arch self.Triton.setArchitecture(ARCH.X86_64) # Load the binary binary_file = os.path.join(os.path.dirname(__file__), "misc", "ir-test-suite.bin") self.load_binary(binary_file) # Define a fake stack self.Triton.setConcreteRegisterValue(self.Triton.registers.rbp, 0x7fffffff) self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, 0x6fffffff) self.emulate(0x40065c) return
def test_taint_assignement_register_immediate(self): """Check tainting assignment register <- immediate.""" Triton = TritonContext() Triton.setArchitecture(ARCH.X86_64) self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax)) Triton.taintRegister(Triton.registers.rax) self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax)) Triton.taintAssignmentRegisterImmediate(Triton.registers.rax) self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
class TestSymbolicVariable(unittest.TestCase): """Testing symbolic variable.""" def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.v0 = self.Triton.newSymbolicVariable(8) self.v1 = self.Triton.newSymbolicVariable(16) self.v2 = self.Triton.newSymbolicVariable(32, "test com") def test_id(self): """Test IDs""" self.assertEqual(self.v0.getId(), 0) self.assertEqual(self.v1.getId(), 1) self.assertEqual(self.v2.getId(), 2) def test_kind(self): """Test kind""" self.assertEqual(self.v0.getKind(), SYMEXPR.UNDEF) self.assertEqual(self.v1.getKind(), SYMEXPR.UNDEF) self.assertEqual(self.v2.getKind(), SYMEXPR.UNDEF) def test_name(self): """Test name""" self.assertEqual(self.v0.getName(), "SymVar_0") self.assertEqual(self.v1.getName(), "SymVar_1") self.assertEqual(self.v2.getName(), "SymVar_2") def test_bitsize(self): """Test name""" self.assertEqual(self.v0.getBitSize(), 8) self.assertEqual(self.v1.getBitSize(), 16) self.assertEqual(self.v2.getBitSize(), 32) def test_comment(self): """Test comment""" self.assertEqual(self.v0.getComment(), "") self.assertEqual(self.v1.getComment(), "") self.assertEqual(self.v2.getComment(), "test com") self.v0.setComment("test v0") self.v1.setComment("test v1") self.assertEqual(self.v0.getComment(), "test v0") self.assertEqual(self.v1.getComment(), "test v1") self.assertEqual(self.v2.getComment(), "test com") def test_str(self): """Test variable representation""" self.assertEqual(str(self.v0), "SymVar_0:8") self.assertEqual(str(self.v1), "SymVar_1:16") self.assertEqual(str(self.v2), "SymVar_2:32")
def test_3(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 2) self.assertEqual(len(inst.getLoadAccess()), 1) self.assertEqual(len(inst.getStoreAccess()), 0)
class TestIR(unittest.TestCase): """Test IR.""" def emulate(self, pc): """ Emulate every opcode from pc. Process instruction until the end """ while pc: # Fetch opcode opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16) # Create the Triton instruction instruction = Instruction() instruction.setOpcode(opcode) instruction.setAddress(pc) # Process self.assertTrue(self.Triton.processing(instruction)) # Next pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip) return def load_binary(self, filename): """Load in memory every opcode from an elf program.""" import lief binary = lief.parse(filename) phdrs = binary.segments for phdr in phdrs: size = phdr.physical_size vaddr = phdr.virtual_address self.Triton.setConcreteMemoryAreaValue(vaddr, phdr.content) def test_ir(self): """Load binary, setup environment and emulate the ir test suite.""" self.Triton = TritonContext() # Set arch self.Triton.setArchitecture(ARCH.X86_64) # Load the binary binary_file = os.path.join(os.path.dirname(__file__), "misc", "ir-test-suite.bin") self.load_binary(binary_file) # Define a fake stack self.Triton.setConcreteRegisterValue(self.Triton.registers.rbp, 0x7fffffff) self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, 0x6fffffff) self.emulate(0x40065c) return
class TestSymbolicEngineAst(BaseTestSimulation, unittest.TestCase): """Testing the symbolic engine with AST Dictionnary.""" def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.AST_DICTIONARIES, True) super(TestSymbolicEngineAst, self).setUp() @unittest.skip("segfault") def test_defcamp_2015(self): pass
def test_method_callback_removal(self): # regression test for #809 import sys self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) cb = self.method_callback.__func__ cb_initial_refcnt = sys.getrefcount(cb) self.Triton.addCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.method_callback) self.Triton.removeCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.method_callback) self.assertTrue(cb_initial_refcnt == sys.getrefcount(cb))
def test_3(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 2) self.assertEqual(len(inst.getLoadAccess()), 1) self.assertEqual(len(inst.getStoreAccess()), 0)
def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.astCtxt = self.Triton.getAstContext() self.sv1 = self.Triton.newSymbolicVariable(8) self.sv2 = self.Triton.newSymbolicVariable(8) self.v1 = self.astCtxt.variable(self.sv1) self.v2 = self.astCtxt.variable(self.sv2)
def test_load_ds(self): """Check load from ds segment.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86) inst = Instruction() # mov ax, ds:word_40213C inst.setOpcode(b"\x66\xA1\x3C\x21\x40\x00") self.Triton.processing(inst) self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C) self.assertEqual(inst.getOperands()[1].getBitSize(), 16)
def test_known_issues(self): """Check tainting result after processing.""" Triton = TritonContext() Triton.setArchitecture(ARCH.X86) Triton.taintRegister(Triton.registers.eax) inst = Instruction() # lea eax,[esi+eax*1] inst.setOpcode(b"\x8D\x04\x06") Triton.processing(inst) self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax)) self.assertFalse(Triton.isRegisterTainted(Triton.registers.ebx))
def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.astCtxt = self.Triton.getAstContext() self.sv1 = self.Triton.newSymbolicVariable(8) self.sv2 = self.Triton.newSymbolicVariable(8) self.v1 = self.astCtxt.variable(self.sv1) self.v2 = self.astCtxt.variable(self.sv2) self.Triton.setConcreteSymbolicVariableValue(self.sv1, 0xaa) self.Triton.setConcreteSymbolicVariableValue(self.sv2, 0x55) self.node = [ # Overloaded operators (self.v1 & self.v2), (self.v1 + self.v2), (self.v1 - self.v2), (self.v1 ^ self.v2), (self.v1 | self.v2), (self.v1 * self.v2), (self.v1 << self.v2), (self.v1 >> self.v2), (~self.v1), (-self.v1), (self.v1 == self.v2), (self.v1 != self.v2), (self.v1 <= self.v2), (self.v1 >= self.v2), (self.v1 < self.v2), (self.v1 > self.v2), # AST API self.astCtxt.bvashr(self.v1, self.v2), self.astCtxt.bvnand(self.v1, self.v2), self.astCtxt.bvnor(self.v1, self.v2), self.astCtxt.bvrol(3, self.v1), self.astCtxt.bvror(2, self.v2), self.astCtxt.distinct(self.v1, self.v2), self.astCtxt.equal(self.v1, self.v2), self.astCtxt.sx(8, self.v1), self.astCtxt.zx(8, self.v1), # recent z3 version #bvsdiv(self.v1, self.v2), #bvsmod(self.v1, self.v2), #bvsrem(self.v1, self.v2), #bvudiv(self.v1, self.v2), #bvurem(self.v1, self.v2), ]
class TestRegisterObject(unittest.TestCase): """Test register object""" def setUp(self): """Define the arch.""" self.x86 = TritonContext(ARCH.X86) self.x64 = TritonContext(ARCH.X86_64) self.arm = TritonContext(ARCH.ARM32) self.aarch = TritonContext(ARCH.AARCH64) def test_object(self): self.assertEqual(self.x86.registers.eax, self.x86.getRegister('eax')) self.assertEqual(self.x64.registers.rax, self.x64.getRegister('RaX')) self.assertEqual(self.arm.registers.r0, self.arm.getRegister('R0')) self.assertEqual(self.aarch.registers.x9, self.aarch.getRegister('x9'))
def send_to_fuzz(entrypoint, exploration_memory, exploration_registers, from_memory_addr, dst_addr, q): """send a request to the fuzzer :param dst_addr (int): The destination address you wishe to reach """ fuzz = Fuzz(exploration_memory, exploration_registers, from_memory_addr, dst_addr, q) fuzzer = Tracer(program_name, False) # set triton parameter ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ALIGNED_MEMORY, True) ctx.setAstRepresentationMode(AST_REPRESENTATION.PYTHON) fuzzer.tracer_init(ctx) # add fuzz callback fuzzer.add_start_callback(fuzz.start) fuzzer.add_instruction_callback(fuzz.get_instruction) fuzzer.add_end_callback(fuzz.end) fuzzer.add_memory_callback(fuzz.fuzz_memory) fuzzer.add_register_callback(fuzz.fuzz_register) p = multiprocessing.Process(target=fuzzer.start, args=(ctx, 30, entrypoint)) # return [p,ctx,fuzzer, exploration_memory] return p
class TestAstDictionaries(unittest.TestCase): """Testing the AST_DICTIONARIES.""" def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.AST_DICTIONARIES, True) self.astCtxt = self.Triton.getAstContext() def test_dictionaries(self): # d is empty d = self.Triton.getAstDictionariesStats() for k, v in d.items(): self.assertEqual(v, 0) bv1 = self.astCtxt.bv(1, 8) bv2 = self.astCtxt.bv(2, 8) d = self.Triton.getAstDictionariesStats() self.assertEqual(d['bv'], 2) self.assertEqual(d['decimal'], 3) self.assertEqual(d['allocatedDictionaries'], 5) self.assertEqual(d['allocatedNodes'], 6) # Same allocation bv1 = self.astCtxt.bv(1, 8) bv2 = self.astCtxt.bv(2, 8) d = self.Triton.getAstDictionariesStats() self.assertEqual(d['bv'], 2) self.assertEqual(d['decimal'], 3) self.assertEqual(d['allocatedDictionaries'], 5) self.assertEqual(d['allocatedNodes'], 12)
def test_6(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.convertRegisterToSymbolicVariable(ctx.registers.rax) ctx.convertMemoryToSymbolicVariable(MemoryAccess(0, CPUSIZE.QWORD)) inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 1) self.assertEqual(len(inst.getLoadAccess()), 1) self.assertEqual(len(inst.getStoreAccess()), 0)
def test_7(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337) inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337) self.assertIsNone(inst.getOperands()[1].getLeaAst())
def setUp(self): """Define the arch.""" self.ctx = TritonContext() self.ctx.setArchitecture(ARCH.X86_64) self.inst1 = Instruction("\x48\x31\xd8") # xor rax, rbx self.ctx.setConcreteRegisterValue(self.ctx.registers.al, 0x10) self.ctx.setConcreteRegisterValue(self.ctx.registers.bl, 0x55) self.inst2 = Instruction("\x48\x89\x03") # mov [rbx], rax self.ctx.processing(self.inst1) self.ctx.processing(self.inst2) self.expr1 = self.inst1.getSymbolicExpressions()[0] self.expr2 = self.inst2.getSymbolicExpressions()[8]
def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ALIGNED_MEMORY, True) self.Triton.enableMode(MODE.TAINT_THROUGH_POINTERS, True) super(TestSymbolicEngineAlignedAndTaintPtr, self).setUp()
def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ALIGNED_MEMORY, True) self.Triton.enableMode(MODE.AST_DICTIONARIES, True) super(TestSymbolicEngineAlignedAst, self).setUp()
def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableMode(MODE.ALIGNED_MEMORY, True) self.Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) super(TestSymbolicEngineAlignedOnlySymbolized, self).setUp()
def setUp(self): """Define the arch.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.v0 = self.Triton.newSymbolicVariable(8) self.v1 = self.Triton.newSymbolicVariable(16) self.v2 = self.Triton.newSymbolicVariable(32, "test com")
def test_get_concrete_register_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) # Remove all callbacks flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeAllCallbacks() self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag)
def test_get_concrete_memory_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertFalse(flag)
def test_ir(self): """Load binary, setup environment and emulate the ir test suite.""" self.Triton = TritonContext() # Set arch self.Triton.setArchitecture(ARCH.X86_64) # Load the binary binary_file = os.path.join(os.path.dirname(__file__), "misc", "ir-test-suite.bin") self.load_binary(binary_file) # Define a fake stack self.Triton.setConcreteRegisterValue(self.Triton.registers.rbp, 0x7fffffff) self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, 0x6fffffff) self.emulate(0x40065c) return
class TestSymbolicEngineDisable(BaseTestSimulation, unittest.TestCase): """Testing the emulation with the symbolic engine disabled.""" def setUp(self): """Define the arch and modes.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.enableSymbolicEngine(False) super(TestSymbolicEngineDisable, self).setUp() @unittest.skip("Not possible") def test_seed_coverage(self): pass @unittest.skip("Not possible") def test_defcamp_2015(self): pass
def main(): code = [(0x1000, "\x83\xc4\x08"), (0x1003, "\x5b"), (0x1004, "\xc3")] ctxt = TritonContext() ctxt.setArchitecture(ARCH.X86) #load instructions for (addr, opcode) in code: inst = Instruction() inst.setOpcode(opcode) inst.setAddress(addr) if not ctxt.processing(inst): print "Fail an instruction" print inst expr = inst.getSymbolicExpressions()[0] print expr
def test_known_issues(self): """Check tainting result after processing.""" Triton = TritonContext() Triton.setArchitecture(ARCH.X86) Triton.taintRegister(Triton.registers.eax) inst = Instruction() # lea eax,[esi+eax*1] inst.setOpcode("\x8D\x04\x06") Triton.processing(inst) self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax)) self.assertFalse(Triton.isRegisterTainted(Triton.registers.ebx))
def test_4(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.convertRegisterToSymbolicVariable(ctx.registers.rax) inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 0) self.assertEqual(len(inst.getLoadAccess()), 0) self.assertEqual(len(inst.getStoreAccess()), 0)
class TestAHRegister(unittest.TestCase): """Testing the Register class with AH.""" def setUp(self): """Define arch and register to check.""" self.ctx = TritonContext() self.ctx.setArchitecture(ARCH.X86_64) self.reg = self.ctx.registers.ah def test_size(self): """Check register size.""" self.assertEqual(self.reg.getSize(), 1) def test_bitvector(self): """Check bitvector information.""" self.assertEqual(self.reg.getBitvector().getHigh(), 15) self.assertEqual(self.reg.getBitvector().getLow(), 8) self.assertEqual(self.reg.getBitvector().getVectorSize(), 8) def test_parent(self): """Check parent register on multiple arch.""" self.assertEqual(self.ctx.getParentRegister(self.reg).getName(), "rax") self.ctx.setArchitecture(ARCH.X86) self.reg = self.ctx.registers.ah self.assertEqual(self.ctx.getParentRegister(self.reg).getName(), "eax") self.assertEqual(self.ctx.getParentRegister(self.reg).getBitSize(), 32)
class TestAHRegister(unittest.TestCase): """Testing the Register class with AH.""" def setUp(self): """Define arch and register to check.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.reg = self.Triton.registers.ah def test_size(self): """Check register size.""" self.assertEqual(self.reg.getSize(), 1) def test_bitvector(self): """Check bitvector information.""" self.assertEqual(self.reg.getBitvector().getHigh(), 15) self.assertEqual(self.reg.getBitvector().getLow(), 8) self.assertEqual(self.reg.getBitvector().getVectorSize(), 8) def test_parent(self): """Check parent register on multiple arch.""" self.assertEqual(self.Triton.getParentRegister(self.reg).getName(), "rax") self.Triton.setArchitecture(ARCH.X86) self.reg = self.Triton.registers.ah self.assertEqual(self.Triton.getParentRegister(self.reg).getName(), "eax") self.assertEqual(self.Triton.getParentRegister(self.reg).getBitSize(), 32)
def test_5(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.setMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.symbolizeMemory(MemoryAccess(0, CPUSIZE.QWORD)) inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 0) self.assertEqual(len(inst.getWrittenRegisters()), 1) self.assertEqual(len(inst.getLoadAccess()), 1) self.assertEqual(len(inst.getStoreAccess()), 0)
def test_2(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.setMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.symbolizeRegister(ctx.registers.rax) inst = Instruction(b"\x48\x89\xc3") # mov rbx, rax self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 1) self.assertEqual(len(inst.getLoadAccess()), 0) self.assertEqual(len(inst.getStoreAccess()), 0)
def test_2(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), False) ctx.enableMode(MODE.ONLY_ON_TAINTED, True) self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), True) ctx.taintRegister(ctx.registers.rax) inst = Instruction("\x48\x89\xc3") # mov rbx, rax self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(len(inst.getReadRegisters()), 1) self.assertEqual(len(inst.getWrittenRegisters()), 2) self.assertEqual(len(inst.getLoadAccess()), 0) self.assertEqual(len(inst.getStoreAccess()), 0)
def setUp(self): """Define and process the instruction to test.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.inst = Instruction() self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx self.inst.setAddress(0x400000) self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788) self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211) self.Triton.processing(self.inst)
def test_7(self): ctx = TritonContext() ctx.setArchitecture(ARCH.X86_64) ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337) inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax] self.assertTrue(ctx.processing(inst)) self.assertTrue(checkAstIntegrity(inst)) self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337) self.assertIsNone(inst.getOperands()[1].getLeaAst())
def test5(): Triton = TritonContext() Triton.setArchitecture(ARCH.X86) astCtxt = Triton.getAstContext() # rax is now symbolic Triton.convertRegisterToSymbolicVariable(Triton.registers.eax) # process instruction Triton.processing(Instruction("\x83\xc0\x07")) # add eax, 0x7 # get rax ast eaxAst = Triton.getSymbolicRegister(Triton.registers.eax).getAst() # constraint c = eaxAst ^ 0x11223344 == 0xdeadbeaf print 'Test 5:', Triton.getModel(c)[0] return
def test_load_ds(self): """Check load from ds segment.""" self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86) inst = Instruction() # mov ax, ds:word_40213C inst.setOpcode("\x66\xA1\x3C\x21\x40\x00") self.Triton.processing(inst) self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C) self.assertEqual(inst.getOperands()[1].getBitSize(), 16)