本文整理汇总了Python中triton.Instruction类的典型用法代码示例。如果您正苦于以下问题:Python Instruction类的具体用法?Python Instruction怎么用?Python Instruction使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Instruction类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: emulate
def emulate(Triton, pc):
global variables
global goodBranches
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
# End of the CheckSolution() function
if pc == 0x4025E6:
break
if pc == 0x4025CC:
print '[+] Win'
break
if pc in goodBranches:
astCtxt = Triton.getAstContext()
# Slice expressions
rax = Triton.getSymbolicExpressionFromId(Triton.getSymbolicRegisterId(Triton.registers.rax))
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([
Triton.getPathConstraintsAst(),
astCtxt.equal(eax, astCtxt.bv(goodBranches[pc], 32))
])
print '[+] Asking for a model, please wait...'
model = Triton.getModel(cstr)
# Save new state
for k, v in model.items():
print '[+]', v
variables[k] = v.getValue()
# Go deeper
del goodBranches[pc]
# Restart emulation with a good input.
Triton = initialize()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return示例2: test_1
def test_1(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, False)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), False)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), True)
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getSymbolicExpressions()), 0)
self.assertEqual(len(inst.getReadRegisters()), 0)
self.assertEqual(len(inst.getReadImmediates()), 0)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例3: test_load_ds
def test_load_ds(self):
"""Check load from ds segment."""
setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00")
processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)示例4: test_7
def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())示例5: test_3
def test_3(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
self.assertEqual(len(inst.getLoadAccess()), 1)
self.assertEqual(len(inst.getStoreAccess()), 0)示例6: test_known_issues
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))示例7: test_known_issues
def test_known_issues(self):
"""Check tainting result after processing."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86)
Triton.taintRegister(Triton.registers.eax)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcode("\x8D\x04\x06")
Triton.processing(inst)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax))
self.assertFalse(Triton.isRegisterTainted(Triton.registers.ebx))示例8: test_emulate
def test_emulate(self, concretize=False):
"""Run a dumped simulation and check output registers."""
# Get dumped data
dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump")
with open(dump) as f:
regs, mems = eval(f.read())
# Load memory
for mem in mems:
start = mem['start']
if mem['memory'] is not None:
self.Triton.setConcreteMemoryAreaValue(start, bytearray(mem['memory']))
# self.Triton.setup registers
for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp",
"rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13",
"r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3",
"xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9",
"xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"):
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(getattr(REG.X86_64, reg_name.upper())), regs[reg_name])
# run the code
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
while pc != 0x409A18:
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 20)
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Check if triton doesn't supports this instruction
self.assertTrue(self.Triton.processing(instruction))
self.assertTrue(checkAstIntegrity(instruction))
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
if concretize:
self.Triton.concretizeAllMemory()
self.Triton.concretizeAllRegister()
rax = self.Triton.getConcreteRegisterValue(self.Triton.registers.rax)
rbx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rbx)
rcx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rcx)
rdx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rdx)
rsi = self.Triton.getConcreteRegisterValue(self.Triton.registers.rsi)
self.assertEqual(rax, 0)
self.assertEqual(rbx, 0)
self.assertEqual(rcx, 0)
self.assertEqual(rdx, 0x4d2)
self.assertEqual(rsi, 0x3669000000000000)示例9: test_2
def test_2(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
ctx.taintRegister(ctx.registers.rax)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例10: test_4
def test_4(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.convertRegisterToSymbolicVariable(ctx.registers.rax)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例11: setUp
def setUp(self):
"""Define the arch."""
self.ctx = TritonContext()
self.ctx.setArchitecture(ARCH.X86_64)
self.inst1 = Instruction("\x48\x31\xd8") # xor rax, rbx
self.ctx.setConcreteRegisterValue(self.ctx.registers.al, 0x10)
self.ctx.setConcreteRegisterValue(self.ctx.registers.bl, 0x55)
self.inst2 = Instruction("\x48\x89\x03") # mov [rbx], rax
self.ctx.processing(self.inst1)
self.ctx.processing(self.inst2)
self.expr1 = self.inst1.getSymbolicExpressions()[0]
self.expr2 = self.inst2.getSymbolicExpressions()[8]示例12: test_trace
def test_trace(trace):
Triton.setArchitecture(ARCH.X86)
symbolization_init()
astCtxt = Triton.getAstContext()
for opcode in trace:
instruction = Instruction()
instruction.setOpcode(opcode)
Triton.processing(instruction)
print instruction.getDisassembly()
if instruction.isBranch():
# Opaque Predicate AST
op_ast = Triton.getPathConstraintsAst()
# Try another model
model = Triton.getModel(astCtxt.lnot(op_ast))
if model:
print "not an opaque predicate"
else:
if instruction.isConditionTaken():
print "opaque predicate: always taken"
else:
print "opaque predicate: never taken"
print '----------------------------------'
return示例13: test_pop_esp
def test_pop_esp(self):
"""Check pop on esp processing."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction('\xBC\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst2 = Instruction('\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [esp]
inst3 = Instruction('\x8F\x04\x24')
self.Triton.processing(inst1)
self.Triton.processing(inst2)
self.Triton.processing(inst3)
self.assertEqual(inst3.getOperands()[0].getAddress(), 0x19fe04, "esp has been poped")
self.assertEqual(inst3.getStoreAccess()[0][0].getAddress(), 0x19fe04, "inst3 set the value in 0x19fe04")
self.assertEqual(inst3.getStoreAccess()[0][1].evaluate(), 0x11111111, "And this value is 0x11111111")示例14: setUp
def setUp(self):
"""Define and process the instruction to test."""
setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcodes("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.inst.updateContext(Register(REG.RAX, 0x1122334455667788))
self.inst.updateContext(Register(REG.RBX, 0x8877665544332211))
processing(self.inst)示例15: setUp
def setUp(self):
"""Define and process the instruction to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211)
self.Triton.processing(self.inst)