本文整理汇总了Python中claripy.BVV属性的典型用法代码示例。如果您正苦于以下问题:Python claripy.BVV属性的具体用法?Python claripy.BVV怎么用?Python claripy.BVV使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类claripy的用法示例。
在下文中一共展示了claripy.BVV属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: raw
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def raw(self, arch=None):
register = self.register
value = self.value
ip = self.pc
if isinstance(value, int):
value = claripy.BVV(value, 32)
if isinstance(ip, int):
ip = claripy.BVV(ip, 32)
try:
code_row = [claripy.BVV(x) for x in self.codes[register]]
except KeyError:
raise ValueError("register '%s' does not exist" % register)
return claripy.Concat(code_row[0], value.reversed, code_row[1], ip.reversed, code_row[2]) 示例2: apply
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def apply(self, **kwargs):
min_chain = None
chosen_register = None
value_var = claripy.BVV(0xc0debabe, self.crash.project.arch.bits)
for register in self.target_registers:
try:
chain = self.rop.set_regs(**{register: value_var})
if min_chain is None or chain.payload_bv().size() < min_chain.payload_bv().size():
chosen_register = register
min_chain = chain
except angrop.errors.RopException:
l.debug("no rop chains which set register %s", register)
if min_chain is not None:
return self.set_register(chosen_register, min_chain, value_var)
raise CannotExploit("no register setting chains") 示例3: amd64g_check_ldmxcsr
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def amd64g_check_ldmxcsr(state, mxcsr):
rmode = state.solver.LShR(mxcsr, 13) & 3
ew = state.solver.If(
(mxcsr & 0x1F80) != 0x1F80,
state.solver.BVV(EmWarn_X86_sseExns, 64),
state.solver.If(
mxcsr & (1 << 15) != 0,
state.solver.BVV(EmWarn_X86_fz, 64),
state.solver.If(
mxcsr & (1 << 6) != 0,
state.solver.BVV(EmWarn_X86_daz, 64),
state.solver.BVV(EmNote_NONE, 64)
)
)
)
return (ew << 32) | rmode, ()
# see canonical implementation of this in guest_amd64_helpers.c 示例4: x86g_dirtyhelper_loadF80le
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def x86g_dirtyhelper_loadF80le(state, addr):
tbyte = state.memory.load(addr, size=10, endness='Iend_LE')
sign = tbyte[79]
exponent = tbyte[78:64]
mantissa = tbyte[62:0]
normalized_exponent = exponent[10:0] - 16383 + 1023
zero_exponent = state.solver.BVV(0, 11)
inf_exponent = state.solver.BVV(-1, 11)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = tbyte[62:11]
zero_mantissa = claripy.BVV(0, 52)
inf_mantissa = claripy.BVV(-1, 52)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
qword = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(qword) == 64
return qword, [] 示例5: x86g_dirtyhelper_storeF80le
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def x86g_dirtyhelper_storeF80le(state, addr, qword):
sign = qword[63]
exponent = qword[62:52]
mantissa = qword[51:0]
normalized_exponent = exponent.zero_extend(4) - 1023 + 16383
zero_exponent = state.solver.BVV(0, 15)
inf_exponent = state.solver.BVV(-1, 15)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = claripy.Concat(claripy.BVV(1, 1), mantissa, claripy.BVV(0, 11))
zero_mantissa = claripy.BVV(0, 64)
inf_mantissa = claripy.BVV(-1, 64)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
tbyte = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(tbyte) == 80
state.memory.store(addr, tbyte, endness='Iend_LE')
return None, [] 示例6: amd64g_calculate_RCR
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def amd64g_calculate_RCR(state, arg, rot_amt, eflags_in, sz):
if sz.op != 'BVV':
raise SimError('Hit a symbolic "sz" in an x86 rotate with carry instruction. Panic.')
want_flags = claripy.SLT(sz, 0).is_true()
if want_flags: sz = -sz
carry_bit_in = eflags_in[data['AMD64']['CondBitOffsets']['G_CC_SHIFT_C']]
carry_bit_out, overflow_bit_out, arg_out = generic_rotate_with_carry(state, False, arg, rot_amt, carry_bit_in, sz)
if want_flags:
cf = carry_bit_out.zero_extend(63)
of = overflow_bit_out.zero_extend(63)
eflags_out = eflags_in
eflags_out &= ~(data['AMD64']['CondBitMasks']['G_CC_MASK_C'] | data['AMD64']['CondBitMasks']['G_CC_MASK_O'])
eflags_out |= (cf << data['AMD64']['CondBitOffsets']['G_CC_SHIFT_C']) | \
(of << data['AMD64']['CondBitOffsets']['G_CC_SHIFT_O'])
return eflags_out
else:
return arg_out 示例7: amd64g_check_ldmxcsr
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def amd64g_check_ldmxcsr(state, mxcsr):
rmode = claripy.LShR(mxcsr, 13) & 3
ew = claripy.If(
(mxcsr & 0x1F80) != 0x1F80,
claripy.BVV(EmWarn_X86_sseExns, 64),
claripy.If(
mxcsr & (1<<15) != 0,
claripy.BVV(EmWarn_X86_fz, 64),
claripy.If(
mxcsr & (1<<6) != 0,
claripy.BVV(EmWarn_X86_daz, 64),
claripy.BVV(EmNote_NONE, 64)
)
)
)
return (ew << 32) | rmode
#################
### ARM Flags ###
################# 示例8: _concat_flags
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def _concat_flags(nbits, flags_vec):
"""
Concatenate different flag BVs to a single BV. Currently used for ARM, X86
and AMD64.
:param nbits : platform size in bits.
:param flags_vec: vector of flag BVs and their offset in the resulting BV.
:type nbits : int
:type flags_vec : list
:return : the resulting flag BV.
:rtype : claripy.BVV
"""
result = claripy.BVV(0, 0)
for offset, bit in flags_vec:
current_position = nbits - 1 - result.length
result = result.concat(claripy.BVV(0, current_position - offset), bit)
result = result.concat(claripy.BVV(0, nbits - result.length))
return result 示例9: generic_compare
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def generic_compare(self, args, comparison):
if self._vector_size is not None:
res_comps = []
for i in reversed(range(self._vector_count)):
a_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[0])
b_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[1])
res_comps.append(claripy.If(comparison(a_comp, b_comp),
claripy.BVV(-1, self._vector_size),
claripy.BVV(0, self._vector_size)))
return claripy.Concat(*res_comps)
else:
return claripy.If(comparison(args[0], args[1]), claripy.BVV(1, 1), claripy.BVV(0, 1)) 示例10: _op_generic_QAdd
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def _op_generic_QAdd(self, args):
"""
Saturating add.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a + b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((~(top_a ^ top_b)) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(-1, self._vector_size)
cap_cond = claripy.ULT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components) 示例11: _op_generic_QSub
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def _op_generic_QSub(self, args):
"""
Saturating subtract.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a - b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((top_a ^ top_b) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(0, self._vector_size)
cap_cond = claripy.UGT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components) 示例12: _op_generic_pack_StoU_saturation
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def _op_generic_pack_StoU_saturation(self, args, src_size, dst_size):
"""
Generic pack with unsigned saturation.
Split args in chunks of src_size signed bits and in pack them into unsigned saturated chunks of dst_size bits.
Then chunks are concatenated resulting in a BV of len(args)*dst_size//src_size*len(args[0]) bits.
"""
if src_size <= 0 or dst_size <= 0:
raise SimOperationError("Can't pack from or to zero or negative size" % self.name)
result = None
max_value = claripy.BVV(-1, dst_size).zero_extend(src_size - dst_size) #max value for unsigned saturation
min_value = claripy.BVV(0, src_size) #min unsigned value always 0
for v in args:
for src_value in v.chop(src_size):
dst_value = self._op_generic_StoU_saturation(src_value, min_value, max_value)
dst_value = dst_value.zero_extend(dst_size - src_size)
if result is None:
result = dst_value
else:
result = self._op_concat((result, dst_value))
return result 示例13: extract
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def extract(self, state, addr, concrete=False):
if self.length is None:
out = None
last_byte = state.memory.load(addr, 1)
# if we try to extract a symbolic string, it's likely that we are going to be trapped in a very large loop.
if state.solver.symbolic(last_byte):
raise ValueError("Trying to extract a symbolic string at %#x" % state.solver.eval(addr))
addr += 1
while not (claripy.is_true(last_byte == 0) or state.solver.symbolic(last_byte)):
out = last_byte if out is None else out.concat(last_byte)
last_byte = state.memory.load(addr, 1)
addr += 1
else:
out = state.memory.load(addr, self.length)
if not concrete:
return out if out is not None else claripy.BVV(0, 0)
else:
return state.solver.eval(out, cast_to=bytes) if out is not None else '' 示例14: init_state
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def init_state(self):
super().init_state()
assert self.state.memory.mem._page_size == PAGE_SIZE
self._LE_FMT = self.state.arch.struct_fmt(endness='Iend_LE')
self._BE_FMT = self.state.arch.struct_fmt(endness='Iend_BE')
# ignore CLE pages
for i in range(0, self.state.project.loader.kernel_object.map_size, PAGE_SIZE):
self.ignore_target_pages.add((self.state.project.loader.kernel_object.mapped_base+i)//PAGE_SIZE)
for i in range(0, self.state.project.loader.extern_object.map_size, PAGE_SIZE):
self.ignore_target_pages.add((self.state.project.loader.extern_object.mapped_base+i)//PAGE_SIZE)
self.state.inspect.make_breakpoint('memory_page_map', when=self.state.inspect.BP_BEFORE, action=_page_map_cb)
self.state.inspect.make_breakpoint('mem_write', when=self.state.inspect.BP_BEFORE, action=_mem_write_cb)
#self.state.inspect.make_breakpoint('mem_read', when=self.state.inspect.BP_BEFORE, action=_mem_read_cb)
#self.state.inspect.make_breakpoint('reg_write', when=self.state.inspect.BP_BEFORE, action=_reg_write_cb)
#self.state.inspect.make_breakpoint('reg_read', when=self.state.inspect.BP_BEFORE, action=_reg_read_cb)
self._zero = claripy.BVV(0, self.state.arch.bytes) 示例15: set_regs
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import BVV [as 别名]
def set_regs(self, regs_dump):
"""
Initialize register values within the state
:param regs_dump: The output of ``info registers`` in gdb.
"""
if self.real_stack_top == 0 and self.adjust_stack is True:
raise SimStateError("You need to set the stack first, or set"
"adjust_stack to False. Beware that in this case, sp and bp won't be updated")
data = self._read_data(regs_dump)
rdata = re.split(b"\n", data)
for r in rdata:
if r == b"":
continue
reg = re.split(b" +", r)[0].decode()
val = int(re.split(b" +", r)[1],16)
try:
self.state.registers.store(reg, claripy.BVV(val, self.state.arch.bits))
# Some registers such as cs, ds, eflags etc. aren't supported in angr
except KeyError as e:
l.warning("Reg %s was not set", e)
self._adjust_regs()