本文整理汇总了Python中triton.TritonContext.enableMode方法的典型用法代码示例。如果您正苦于以下问题:Python TritonContext.enableMode方法的具体用法?Python TritonContext.enableMode怎么用?Python TritonContext.enableMode使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类triton.TritonContext的用法示例。
在下文中一共展示了TritonContext.enableMode方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: TestAstDictionaries
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
class TestAstDictionaries(unittest.TestCase):
"""Testing the AST_DICTIONARIES."""
def setUp(self):
"""Define the arch."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.AST_DICTIONARIES, True)
self.astCtxt = self.Triton.getAstContext()
def test_dictionaries(self):
# d is empty
d = self.Triton.getAstDictionariesStats()
for k, v in d.items():
self.assertEqual(v, 0)
bv1 = self.astCtxt.bv(1, 8)
bv2 = self.astCtxt.bv(2, 8)
d = self.Triton.getAstDictionariesStats()
self.assertEqual(d['bv'], 2)
self.assertEqual(d['decimal'], 3)
self.assertEqual(d['allocatedDictionaries'], 5)
self.assertEqual(d['allocatedNodes'], 6)
# Same allocation
bv1 = self.astCtxt.bv(1, 8)
bv2 = self.astCtxt.bv(2, 8)
d = self.Triton.getAstDictionariesStats()
self.assertEqual(d['bv'], 2)
self.assertEqual(d['decimal'], 3)
self.assertEqual(d['allocatedDictionaries'], 5)
self.assertEqual(d['allocatedNodes'], 12)示例2: test_1
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def test_1(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, False)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), False)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), True)
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getSymbolicExpressions()), 0)
self.assertEqual(len(inst.getReadRegisters()), 0)
self.assertEqual(len(inst.getReadImmediates()), 0)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例3: TestSymbolicEngineOnlySymbolized
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
class TestSymbolicEngineOnlySymbolized(BaseTestSimulation, unittest.TestCase):
"""Testing the symbolic emulation engine with ONLY_ON_SYMBOLIZED."""
def setUp(self):
"""Define the arch and modes."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
super(TestSymbolicEngineOnlySymbolized, self).setUp()示例4: TestSymbolicEngineAligned
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
class TestSymbolicEngineAligned(BaseTestSimulation, unittest.TestCase):
"""Testing the symbolic emulation engine with ALIGNED_MEMORY."""
def setUp(self):
"""Define the arch and modes."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.ALIGNED_MEMORY, True)
super(TestSymbolicEngineAligned, self).setUp()示例5: test_7
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())示例6: TestSymbolicEngineAst
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
class TestSymbolicEngineAst(BaseTestSimulation, unittest.TestCase):
"""Testing the symbolic engine with AST Dictionnary."""
def setUp(self):
"""Define the arch and modes."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.AST_DICTIONARIES, True)
super(TestSymbolicEngineAst, self).setUp()
@unittest.skip("segfault")
def test_defcamp_2015(self):
pass示例7: test_2
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def test_2(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
ctx.taintRegister(ctx.registers.rax)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例8: test_4
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def test_4(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.convertRegisterToSymbolicVariable(ctx.registers.rax)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)示例9: initialize
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def initialize():
Triton = TritonContext()
# Define the target architecture
Triton.setArchitecture(ARCH.X86_64)
# Define symbolic optimizations
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Define internal callbacks.
Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION)
# Load the meory dump
load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump"))
# Symbolize user inputs
symbolizeInputs(Triton)
return Triton示例10: TestSymbolicEngineConcreteAst
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
class TestSymbolicEngineConcreteAst(BaseTestSimulation, unittest.TestCase):
"""Testing the symbolic engine with AST Dictionnary and concretization."""
def setUp(self):
"""Define the arch and modes."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.AST_DICTIONARIES, True)
super(TestSymbolicEngineConcreteAst, self).setUp()
def test_emulate(self):
super(TestSymbolicEngineConcreteAst, self).test_emulate(False)
@unittest.skip("No seed coverage with concretization.")
def test_seed_coverage(self):
pass
@unittest.skip("No defcamp with concretization")
def test_defcamp_2015(self):
pass示例11: list
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
Triton.concretizeAllRegister()
Triton.concretizeAllMemory()
for address, value in seed.items():
Triton.setConcreteMemoryValue(address, value)
Triton.convertMemoryToSymbolicVariable(MemoryAccess(address, CPUSIZE.BYTE))
Triton.convertMemoryToSymbolicVariable(MemoryAccess(address+1, CPUSIZE.BYTE))
return
if __name__ == '__main__':
# Set the architecture
Triton.setArchitecture(ARCH.X86_64)
# Symbolic optimization
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
# Define entry point
ENTRY = 0x40056d
# We start the execution with a random value located at 0x1000.
lastInput = list()
worklist = list([{0x1000:1}])
while worklist:
# Take the first seed
seed = worklist[0]
print 'Seed injected:', seed
# Symbolize inputs示例12: TestIRQemu
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
#.........这里部分代码省略.........
def __printf(self):
return 0
def emulate(self, pc):
"""
Emulate every opcode from pc.
Process instruction until the end
"""
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
ret = self.Triton.processing(instruction)
if instruction.getType() == OPCODE.HLT:
break
self.assertTrue(ret)
self.assertTrue(checkAstIntegrity(instruction))
# Simulate routines
self.hooking_handler()
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return
def hooking_handler(self):
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
for rel in self.RELO:
if rel[2] == pc:
# Emulate the routine and the return value
ret_value = rel[1]()
self.Triton.concretizeRegister(self.Triton.registers.rax)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, ret_value)
# Get the return address
ret_addr = self.Triton.getConcreteMemoryValue(MemoryAccess(self.Triton.getConcreteRegisterValue(self.Triton.registers.rsp), CPUSIZE.QWORD))
# Hijack RIP to skip the call
self.Triton.concretizeRegister(self.Triton.registers.rip)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rip, ret_addr)
# Restore RSP (simulate the ret)
self.Triton.concretizeRegister(self.Triton.registers.rsp)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, self.Triton.getConcreteRegisterValue(self.Triton.registers.rsp)+CPUSIZE.QWORD)
return
def load_binary(self, filename):
"""Load in memory every opcode from an elf program."""
import lief
binary = lief.parse(filename)
phdrs = binary.segments
for phdr in phdrs:
size = phdr.physical_size
vaddr = phdr.virtual_address
self.Triton.setConcreteMemoryAreaValue(vaddr, phdr.content)
return binary
def make_relocation(self, binary):
# Setup plt
for pltIndex in range(len(self.RELO)):
self.RELO[pltIndex][2] = self.BASE_PLT + pltIndex
# Perform our own relocations
for rel in binary.pltgot_relocations:
symbolName = rel.symbol.name
symbolRelo = rel.address
for crel in self.RELO:
if symbolName == crel[0]:
self.Triton.setConcreteMemoryValue(MemoryAccess(symbolRelo, CPUSIZE.QWORD), crel[2])
break
return
def test_ir(self):
"""Load binary, setup environment and emulate the ir test suite."""
self.Triton = TritonContext()
# Set arch
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Load the binary
binary_file = os.path.join(os.path.dirname(__file__), "misc", "qemu", "ir-test-suite-qemu.bin")
binary = self.load_binary(binary_file)
self.make_relocation(binary)
# Define a fake stack
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbp, 0x7fffffff)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, 0x6fffffff)
self.emulate(binary.entrypoint)
return示例13: initialize
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def initialize():
triton = TritonContext()
triton.setArchitecture(ARCH.X86_64)
triton.enableMode(MODE.ALIGNED_MEMORY, True)
triton.setConcreteRegisterValue(triton.registers.rsp, 0x7fffffff)
return triton示例14: test_taint_through_pointers
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
def test_taint_through_pointers(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, False)
ctx.taintRegister(ctx.registers.rax)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rax))
inst = Instruction("\x48\x0F\xB6\x18") # movzx rbx,BYTE PTR [rax]
inst.setAddress(0)
ctx.processing(inst)
self.assertFalse(ctx.isRegisterTainted(ctx.registers.rbx))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintRegister(ctx.registers.rax)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rax))
inst = Instruction("\x48\x0F\xB6\x18") # movzx rbx,BYTE PTR [rax]
inst.setAddress(0)
ctx.processing(inst)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rbx))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintRegister(ctx.registers.rax)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rax))
inst = Instruction("\x48\x89\x18") # mov [rax], rbx
inst.setAddress(0x1000)
ctx.processing(inst)
self.assertFalse(ctx.isMemoryTainted(0))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintRegister(ctx.registers.rbx)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rbx))
inst = Instruction("\x48\x89\x18") # mov [rax], rbx
inst.setAddress(0x1000)
ctx.processing(inst)
self.assertTrue(ctx.isMemoryTainted(0))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintRegister(ctx.registers.rax)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rax))
inst = Instruction("\x48\x31\x18") # xor [rax], rbx
inst.setAddress(0x1000)
ctx.processing(inst)
self.assertFalse(ctx.isMemoryTainted(0))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintRegister(ctx.registers.rbx)
self.assertTrue(ctx.isRegisterTainted(ctx.registers.rbx))
inst = Instruction("\x48\x31\x18") # xor [rax], rbx
inst.setAddress(0x1000)
ctx.processing(inst)
self.assertTrue(ctx.isMemoryTainted(0))
###########
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.TAINT_THROUGH_POINTERS, True)
ctx.taintMemory(0)
inst = Instruction("\x48\x31\x18") # xor [rax], rbx
inst.setAddress(0x1000)
ctx.processing(inst)
#.........这里部分代码省略.........
示例15: loadBinary
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import enableMode [as 别名]
binary = lief.parse(path)
phdrs = binary.segments
for phdr in phdrs:
size = phdr.physical_size
vaddr = phdr.virtual_address
print '[+] Loading 0x%06x - 0x%06x' %(vaddr, vaddr+size)
Triton.setConcreteMemoryAreaValue(vaddr, phdr.content)
return
if __name__ == '__main__':
# Define the target architecture
Triton.setArchitecture(ARCH.X86_64)
# Define symbolic optimizations
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Load the binary
loadBinary(os.path.join(os.path.dirname(__file__), 'r100.bin'))
# Define a fake stack
Triton.setConcreteRegisterValue(Triton.registers.rbp, 0x7fffffff)
Triton.setConcreteRegisterValue(Triton.registers.rsp, 0x6fffffff)
# Define an user input
Triton.setConcreteRegisterValue(Triton.registers.rdi, 0x10000000)
# Symbolize user inputs (30 bytes)
for index in range(30):
Triton.convertMemoryToSymbolicVariable(MemoryAccess(0x10000000+index, CPUSIZE.BYTE))