本文整理汇总了Python中triton.Instruction.setOpcode方法的典型用法代码示例。如果您正苦于以下问题:Python Instruction.setOpcode方法的具体用法?Python Instruction.setOpcode怎么用?Python Instruction.setOpcode使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类triton.Instruction的用法示例。
在下文中一共展示了Instruction.setOpcode方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_trace
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_trace(trace):
Triton.setArchitecture(ARCH.X86)
symbolization_init()
astCtxt = Triton.getAstContext()
for opcode in trace:
instruction = Instruction()
instruction.setOpcode(opcode)
Triton.processing(instruction)
print instruction.getDisassembly()
if instruction.isBranch():
# Opaque Predicate AST
op_ast = Triton.getPathConstraintsAst()
# Try another model
model = Triton.getModel(astCtxt.lnot(op_ast))
if model:
print "not an opaque predicate"
else:
if instruction.isConditionTaken():
print "opaque predicate: always taken"
else:
print "opaque predicate: never taken"
print '----------------------------------'
return示例2: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(self, pc):
"""
Emulate every opcode from pc.
Process instruction until the end
"""
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
ret = self.Triton.processing(instruction)
if instruction.getType() == OPCODE.HLT:
break
self.assertTrue(ret)
self.assertTrue(checkAstIntegrity(instruction))
# Simulate routines
self.hooking_handler()
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return示例3: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(pc):
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
if instruction.getType() == OPCODE.HLT:
break
# Simulate routines
hookingHandler()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return示例4: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(pc):
count = 0
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
count += 1
#print instruction
if instruction.getType() == OPCODE.HLT:
break
# Simulate routines
hookingHandler()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
debug('Instruction executed: %d' %(count))
return示例5: test_backup
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_backup(self):
"""
Check Symbolics value are saved when engine is disable.
* Also check reseting a disable symbolic engines doesn't crash.
"""
inst = Instruction()
# update RAX
inst.setOpcode("\x48\xFF\xC0")
self.Triton.processing(inst)
self.assertEqual(self.Triton.getSymbolicRegisterValue(self.Triton.registers.rax), 1)
# This call triton::api.backupSymbolicEngine()
self.Triton.enableSymbolicEngine(False)
inst = Instruction()
# update RAX again
inst.setOpcode("\x48\xFF\xC0")
self.Triton.processing(inst)
self.assertEqual(self.Triton.getConcreteRegisterValue(self.Triton.registers.rax), 2, "concrete value is updated")
self.assertEqual(self.Triton.getSymbolicRegisterValue(self.Triton.registers.rax), 1)
self.assertEqual(self.Triton.getSymbolicRegisterValue(self.Triton.registers.rax), 1, "Symbolic value is not update")
# Try to reset engine after a backup to test if the bug #385 is fixed.
self.Triton.resetEngines()示例6: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(Triton, pc):
global variables
global goodBranches
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
# End of the CheckSolution() function
if pc == 0x4025E6:
break
if pc == 0x4025CC:
print '[+] Win'
break
if pc in goodBranches:
astCtxt = Triton.getAstContext()
# Slice expressions
rax = Triton.getSymbolicExpressionFromId(Triton.getSymbolicRegisterId(Triton.registers.rax))
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([
Triton.getPathConstraintsAst(),
astCtxt.equal(eax, astCtxt.bv(goodBranches[pc], 32))
])
print '[+] Asking for a model, please wait...'
model = Triton.getModel(cstr)
# Save new state
for k, v in model.items():
print '[+]', v
variables[k] = v.getValue()
# Go deeper
del goodBranches[pc]
# Restart emulation with a good input.
Triton = initialize()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return示例7: test_load_ds
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_load_ds(self):
"""Check load from ds segment."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcode("\x66\xA1\x3C\x21\x40\x00")
self.Triton.processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)示例8: test_known_issues
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_known_issues(self):
"""Check tainting result after processing."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86)
Triton.taintRegister(Triton.registers.eax)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcode("\x8D\x04\x06")
Triton.processing(inst)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax))
self.assertFalse(Triton.isRegisterTainted(Triton.registers.ebx))示例9: test_emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_emulate(self, concretize=False):
"""Run a dumped simulation and check output registers."""
# Get dumped data
dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump")
with open(dump) as f:
regs, mems = eval(f.read())
# Load memory
for mem in mems:
start = mem['start']
if mem['memory'] is not None:
self.Triton.setConcreteMemoryAreaValue(start, bytearray(mem['memory']))
# self.Triton.setup registers
for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp",
"rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13",
"r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3",
"xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9",
"xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"):
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(getattr(REG.X86_64, reg_name.upper())), regs[reg_name])
# run the code
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
while pc != 0x409A18:
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 20)
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Check if triton doesn't supports this instruction
self.assertTrue(self.Triton.processing(instruction))
self.assertTrue(checkAstIntegrity(instruction))
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
if concretize:
self.Triton.concretizeAllMemory()
self.Triton.concretizeAllRegister()
rax = self.Triton.getConcreteRegisterValue(self.Triton.registers.rax)
rbx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rbx)
rcx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rcx)
rdx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rdx)
rsi = self.Triton.getConcreteRegisterValue(self.Triton.registers.rsi)
self.assertEqual(rax, 0)
self.assertEqual(rbx, 0)
self.assertEqual(rcx, 0)
self.assertEqual(rdx, 0x4d2)
self.assertEqual(rsi, 0x3669000000000000)示例10: test_load_immediate_fs
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_load_immediate_fs(self):
"""Check load from fs segment with immediate."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov eax, DWORD PTR fs:0xffffffffffffdf98
inst.setOpcode("\x64\x8B\x04\x25\x98\xDF\xFF\xFF")
inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.fs, 0x7fffda8ab700)
self.Triton.processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9698)
self.assertEqual(load.getBitSize(), 32)示例11: test_load_indirect_fs
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def test_load_indirect_fs(self):
"""Check load from fs with indirect address."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov rax, QWORD PTR fs:[rax]
inst.setOpcode("\x64\x48\x8B\x00")
inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.fs, 0x7fffda8ab700)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0xffffffffffffdf90)
self.Triton.processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9690)
self.assertEqual(load.getBitSize(), 64)示例12: run
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def run(ip):
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
Triton.processing(inst)
# Display instruction
#print inst
# Next instruction
ip = Triton.getRegisterAst(Triton.registers.rip).evaluate()
return示例13: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(self, pc):
"""
Emulate every opcode from pc.
* Process instruction until the end and search for constraint
resolution on cmp eax, 1 then self.Triton.set the new correct value and keep going.
"""
astCtxt = self.Triton.getAstContext()
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
self.Triton.processing(instruction)
self.assertTrue(checkAstIntegrity(instruction))
# 40078B: cmp eax, 1
# eax must be equal to 1 at each round.
if instruction.getAddress() == 0x40078B:
# Slice expressions
rax = self.Triton.getSymbolicRegister(self.Triton.registers.rax)
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([self.Triton.getPathConstraintsAst(), astCtxt.equal(eax, astCtxt.bv(1, 32))])
model = self.Triton.getModel(cstr)
solution = str()
for k, v in model.items():
value = v.getValue()
solution += chr(value)
self.Triton.setConcreteVariableValue(self.Triton.getSymbolicVariableFromId(k), value)
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return solution示例14: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def emulate(pc):
astCtxt = Triton.getAstContext()
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
# 40078B: cmp eax, 1
# eax must be equal to 1 at each round.
if instruction.getAddress() == 0x40078B:
# Slice expressions
rax = Triton.getSymbolicRegister(Triton.registers.rax)
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([
Triton.getPathConstraintsAst(),
astCtxt.equal(eax, astCtxt.bv(1, 32))
])
print '[+] Asking for a model, please wait...'
model = Triton.getModel(cstr)
for k, v in model.items():
value = v.getValue()
Triton.setConcreteVariableValue(Triton.getSymbolicVariableFromId(k), value)
print '[+] Symbolic variable %02d = %02x (%c)' %(k, value, chr(value))
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return示例15: run
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcode [as 别名]
def run(ip):
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
Triton.processing(inst)
# Display instruction
print 'Curr ip:', inst
# Next instruction
ip = Triton.buildSymbolicRegister(Triton.registers.rip).evaluate()
print 'Next ip:', hex(ip)
print
return