本文整理汇总了Python中triton.Instruction.setOpcodes方法的典型用法代码示例。如果您正苦于以下问题:Python Instruction.setOpcodes方法的具体用法?Python Instruction.setOpcodes怎么用?Python Instruction.setOpcodes使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类triton.Instruction的用法示例。
在下文中一共展示了Instruction.setOpcodes方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_backup
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_backup(self):
"""
Check Symbolics value are saved when engine is disable.
* Also check reseting a disable symbolic engines doesn't crash.
"""
inst = Instruction()
# update RAX
inst.setOpcodes("\x48\xFF\xC0")
processing(inst)
self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1)
# This call triton::api.backupSymbolicEngine()
enableSymbolicEngine(False)
inst = Instruction()
# update RAX again
inst.setOpcodes("\x48\xFF\xC0")
processing(inst)
self.assertEqual(getConcreteRegisterValue(REG.RAX), 2, "concrete value is updated")
self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1, "Symbolic value is not update")
# Try to reset engine after a backup to test if the bug #385 is fixed.
resetEngines()示例2: test_load_ds
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_load_ds(self):
"""Check load from ds segment."""
setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00")
processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)示例3: test_known_issues
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))示例4: test_emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_emulate(self, concretize=False):
"""Run a dumped simulation and check output registers."""
# Get dumped data
dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump")
with open(dump) as f:
regs, mems = eval(f.read())
# Load memory
for mem in mems:
start = mem['start']
if mem['memory'] is not None:
setConcreteMemoryAreaValue(start, bytearray(mem['memory']))
# setup registers
for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp",
"rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13",
"r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3",
"xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9",
"xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"):
setConcreteRegisterValue(Register(getattr(REG, reg_name.upper()), regs[reg_name]))
# run the code
pc = getConcreteRegisterValue(REG.RIP)
while pc != 0x409A18:
opcodes = getConcreteMemoryAreaValue(pc, 20)
instruction = Instruction()
instruction.setOpcodes(opcodes)
instruction.setAddress(pc)
# Check if triton doesn't supports this instruction
self.assertTrue(processing(instruction))
pc = getConcreteRegisterValue(REG.RIP)
if concretize:
concretizeAllMemory()
concretizeAllRegister()
rax = getConcreteRegisterValue(REG.RAX)
rbx = getConcreteRegisterValue(REG.RBX)
rcx = getConcreteRegisterValue(REG.RCX)
rdx = getConcreteRegisterValue(REG.RDX)
rsi = getConcreteRegisterValue(REG.RSI)
self.assertEqual(rax, 0)
self.assertEqual(rbx, 0)
self.assertEqual(rcx, 0)
self.assertEqual(rdx, 0x4d2)
self.assertEqual(rsi, 0x3669000000000000)示例5: test_load_immediate_fs
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_load_immediate_fs(self):
"""Check load from fs segment with immediate."""
setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov eax, DWORD PTR fs:0xffffffffffffdf98
inst.setOpcodes("\x64\x8B\x04\x25\x98\xDF\xFF\xFF")
inst.setAddress(0x400000)
setConcreteRegisterValue(Register(REG.FS, 0x7fffda8ab700))
processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9698)
self.assertEqual(load.getBitSize(), 32)示例6: test_load_indirect_fs
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def test_load_indirect_fs(self):
"""Check load from fs with indirect address."""
setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov rax, QWORD PTR fs:[rax]
inst.setOpcodes("\x64\x48\x8B\x00")
inst.setAddress(0x400000)
setConcreteRegisterValue(Register(REG.FS, 0x7fffda8ab700))
setConcreteRegisterValue(Register(REG.RAX, 0xffffffffffffdf90))
processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9690)
self.assertEqual(load.getBitSize(), 64)示例7: emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def emulate(self, pc):
"""
Emulate every opcodes from pc.
* Process instruction until the end and search for constraint
resolution on cmp eax, 1 then set the new correct value and keep going.
"""
while pc:
# Fetch opcodes
opcodes = getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcodes(opcodes)
instruction.setAddress(pc)
# Process
processing(instruction)
# 40078B: cmp eax, 1
# eax must be equal to 1 at each round.
if instruction.getAddress() == 0x40078B:
# Slice expressions
rax = getSymbolicExpressionFromId(getSymbolicRegisterId(REG.RAX))
eax = ast.extract(31, 0, rax.getAst())
# Define constraint
cstr = ast.assert_(ast.land(getPathConstraintsAst(), ast.equal(eax, ast.bv(1, 32))))
model = getModel(cstr)
solution = str()
for k, v in model.items():
value = v.getValue()
solution += chr(value)
getSymbolicVariableFromId(k).setConcreteValue(value)
# Next
pc = getConcreteRegisterValue(REG.RIP)
return solution示例8: seed_emulate
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
def seed_emulate(self, ip):
"""Emulate one run of the function with already setup memory."""
function = {
# <serial> function
# push rbp
0x40056d: "\x55",
# mov rbp,rsp
0x40056e: "\x48\x89\xe5",
# mov QWORD PTR [rbp-0x18],rdi
0x400571: "\x48\x89\x7d\xe8",
# mov DWORD PTR [rbp-0x4],0x0
0x400575: "\xc7\x45\xfc\x00\x00\x00\x00",
# jmp 4005bd <check+0x50>
0x40057c: "\xeb\x3f",
# mov eax,DWORD PTR [rbp-0x4]
0x40057e: "\x8b\x45\xfc",
# movsxd rdx,eax
0x400581: "\x48\x63\xd0",
# mov rax,QWORD PTR [rbp-0x18]
0x400584: "\x48\x8b\x45\xe8",
# add rax,rdx
0x400588: "\x48\x01\xd0",
# movzx eax,BYTE PTR [rax]
0x40058b: "\x0f\xb6\x00",
# movsx eax,al
0x40058e: "\x0f\xbe\xc0",
# sub eax,0x1
0x400591: "\x83\xe8\x01",
# xor eax,0x55
0x400594: "\x83\xf0\x55",
# mov ecx,eax
0x400597: "\x89\xc1",
# mov rdx,QWORD PTR [rip+0x200aa0] # 601040 <serial>
0x400599: "\x48\x8b\x15\xa0\x0a\x20\x00",
# mov eax,DWORD PTR [rbp-0x4]
0x4005a0: "\x8b\x45\xfc",
# cdqe
0x4005a3: "\x48\x98",
# add rax,rdx
0x4005a5: "\x48\x01\xd0",
# movzx eax,BYTE PTR [rax]
0x4005a8: "\x0f\xb6\x00",
# movsx eax,al
0x4005ab: "\x0f\xbe\xc0",
# cmp ecx,eax
0x4005ae: "\x39\xc1",
# je 4005b9 <check+0x4c>
0x4005b0: "\x74\x07",
# mov eax,0x1
0x4005b2: "\xb8\x01\x00\x00\x00",
# jmp 4005c8 <check+0x5b>
0x4005b7: "\xeb\x0f",
# add DWORD PTR [rbp-0x4],0x1
0x4005b9: "\x83\x45\xfc\x01",
# cmp DWORD PTR [rbp-0x4],0x4
0x4005bd: "\x83\x7d\xfc\x04",
# jle 40057e <check+0x11>
0x4005c1: "\x7e\xbb",
# mov eax,0x0
0x4005c3: "\xb8\x00\x00\x00\x00",
# pop rbp
0x4005c8: "\x5d",
# ret
0x4005c9: "\xc3",
}
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcodes
inst.setOpcodes(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
processing(inst)
# Next instruction
ip = buildSymbolicRegister(REG.RIP).evaluate()示例9: TestInstruction
# 需要导入模块: from triton import Instruction [as 别名]
# 或者: from triton.Instruction import setOpcodes [as 别名]
class TestInstruction(unittest.TestCase):
"""Testing the Instruction class."""
def setUp(self):
"""Define and process the instruction to test."""
setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcodes("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.inst.updateContext(Register(REG.RAX, 0x1122334455667788))
self.inst.updateContext(Register(REG.RBX, 0x8877665544332211))
processing(self.inst)
def test_address(self):
"""Check instruction current and next address."""
self.assertEqual(self.inst.getAddress(), 0x400000)
self.assertEqual(self.inst.getNextAddress(), 0x400003)
def test_memory(self):
"""Check memory access."""
self.assertListEqual(self.inst.getLoadAccess(), [])
self.assertListEqual(self.inst.getStoreAccess(), [])
self.assertFalse(self.inst.isMemoryWrite())
self.assertFalse(self.inst.isMemoryRead())
def test_registers(self):
"""Check register access."""
self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX")
self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF")
def test_taints(self):
"""Check taints attributes."""
self.assertFalse(self.inst.isTainted())
def test_prefix(self):
"""Check prefix data."""
self.assertFalse(self.inst.isPrefixed())
self.assertEqual(self.inst.getPrefix(), PREFIX.INVALID)
def test_control_flow(self):
"""Check control flow flags."""
self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call")
self.assertFalse(self.inst.isBranch(), "It is not a jmp")
def test_condition(self):
"""Check condition flags."""
self.assertFalse(self.inst.isConditionTaken())
def test_opcode(self):
"""Check opcode informations."""
self.assertEqual(self.inst.getOpcodes(), "\x48\x01\xd8")
self.assertEqual(self.inst.getType(), OPCODE.ADD)
def test_thread(self):
"""Check threads information."""
self.assertEqual(self.inst.getThreadId(), 0)
def test_operand(self):
"""Check operand information."""
self.assertEqual(len(self.inst.getOperands()), 2)
self.assertEqual(self.inst.getFirstOperand().getName(), "rax")
self.assertEqual(self.inst.getSecondOperand().getName(), "rbx")
with self.assertRaises(Exception):
self.inst.getThirdOperand()
def test_symbolic(self):
"""Check symbolic information."""
self.assertEqual(len(self.inst.getSymbolicExpressions()), 8)
def test_size(self):
"""Check size information."""
self.assertEqual(self.inst.getSize(), 3)
def test_disassembly(self):
"""Check disassembly equivalent."""
self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")