本文整理汇总了Python中triton.TritonContext.setConcreteRegisterValue方法的典型用法代码示例。如果您正苦于以下问题:Python TritonContext.setConcreteRegisterValue方法的具体用法?Python TritonContext.setConcreteRegisterValue怎么用?Python TritonContext.setConcreteRegisterValue使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类triton.TritonContext的用法示例。
在下文中一共展示了TritonContext.setConcreteRegisterValue方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: TestIR
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestIR(unittest.TestCase):
"""Test IR."""
def emulate(self, pc):
"""
Emulate every opcode from pc.
Process instruction until the end
"""
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
self.assertTrue(self.Triton.processing(instruction))
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return
def load_binary(self, filename):
"""Load in memory every opcode from an elf program."""
import lief
binary = lief.parse(filename)
phdrs = binary.segments
for phdr in phdrs:
size = phdr.physical_size
vaddr = phdr.virtual_address
self.Triton.setConcreteMemoryAreaValue(vaddr, phdr.content)
def test_ir(self):
"""Load binary, setup environment and emulate the ir test suite."""
self.Triton = TritonContext()
# Set arch
self.Triton.setArchitecture(ARCH.X86_64)
# Load the binary
binary_file = os.path.join(os.path.dirname(__file__), "misc", "ir-test-suite.bin")
self.load_binary(binary_file)
# Define a fake stack
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbp, 0x7fffffff)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, 0x6fffffff)
self.emulate(0x40065c)
return示例2: test_7
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())示例3: TestX86ConcreteRegisterValue
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestX86ConcreteRegisterValue(unittest.TestCase):
"""Testing the X86 concrete value api."""
def setUp(self):
"""Define the arch."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
self.ar = self.Triton.getAllRegisters()
self.pr = self.Triton.getParentRegisters()
def test_all_registers(self):
"""Check all registers"""
self.assertEqual(len(self.ar), 110)
def test_parent_registers(self):
"""Check parent registers"""
self.assertEqual(len(self.pr), 89)
def test_set_get_concrete_value(self):
"""Check setting concrete values"""
for r in self.pr:
if r.getBitSize() == 32:
self.Triton.setConcreteRegisterValue(r, 0xdeadbeaf)
elif r.getBitSize() == 64:
self.Triton.setConcreteRegisterValue(r, 0xabcdef0123456789)
elif r.getBitSize() == 128:
self.Triton.setConcreteRegisterValue(r, 0xabcdef01234567899876543210fedcba)
elif r.getBitSize() == 256:
self.Triton.setConcreteRegisterValue(r, 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba)
else:
pass
"""Check getting concrete values"""
for r in self.pr:
if r.getBitSize() == 32:
self.assertEqual(self.Triton.getConcreteRegisterValue(r), 0xdeadbeaf)
elif r.getBitSize() == 64:
self.assertEqual(self.Triton.getConcreteRegisterValue(r), 0xabcdef0123456789)
elif r.getBitSize() == 128:
self.assertEqual(self.Triton.getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcba)
elif r.getBitSize() == 256:
self.assertEqual(self.Triton.getConcreteRegisterValue(r), 0xabcdef01234567899876543210fedcbaabcdef01234567899876543210fedcba)
else:
pass
"""Set everything to zero"""
for r in self.ar:
self.Triton.setConcreteRegisterValue(r, 0)
"""Check if everything is equal to zero"""
for r in self.ar:
self.assertEqual(self.Triton.getConcreteRegisterValue(r), 0)示例4: TestLoadAccess
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestLoadAccess(unittest.TestCase):
"""Testing the LOAD access semantics."""
def test_load_immediate_fs(self):
"""Check load from fs segment with immediate."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov eax, DWORD PTR fs:0xffffffffffffdf98
inst.setOpcode("\x64\x8B\x04\x25\x98\xDF\xFF\xFF")
inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.fs, 0x7fffda8ab700)
self.Triton.processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9698)
self.assertEqual(load.getBitSize(), 32)
def test_load_indirect_fs(self):
"""Check load from fs with indirect address."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov rax, QWORD PTR fs:[rax]
inst.setOpcode("\x64\x48\x8B\x00")
inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.fs, 0x7fffda8ab700)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0xffffffffffffdf90)
self.Triton.processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9690)
self.assertEqual(load.getBitSize(), 64)
def test_load_ds(self):
"""Check load from ds segment."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcode("\x66\xA1\x3C\x21\x40\x00")
self.Triton.processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)示例5: TestRegisterValues
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestRegisterValues(unittest.TestCase):
"""Check register values with hierarchies."""
def setUp(self):
"""Define the arch."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
def test_set_concrete_value(self):
"""Check register value modification."""
for reg in (REG.X86_64.AH, REG.X86_64.AL):
# OK
reg = self.Triton.getRegister(reg)
self.Triton.setConcreteRegisterValue(reg, 0xff)
# Not OK
# TODO : Be more specific on the raise exception type
with self.assertRaises(Exception):
self.Triton.setConcreteRegisterValue(reg, 0xff+1)
reg = self.Triton.registers.zf
self.Triton.setConcreteRegisterValue(reg, 1)
with self.assertRaises(Exception):
self.Triton.setConcreteRegisterValue(reg, 2)
def test_overlap(self):
"""Check register overlapping."""
self.assertTrue(self.Triton.registers.ax.isOverlapWith(self.Triton.registers.eax), "overlap with upper")
self.assertTrue(self.Triton.registers.ax.isOverlapWith(self.Triton.registers.rax), "overlap with parent")
self.assertTrue(self.Triton.registers.rax.isOverlapWith(self.Triton.registers.ax), "overlap with lower")
self.assertFalse(self.Triton.registers.ah.isOverlapWith(self.Triton.registers.al))
self.assertTrue(self.Triton.registers.ah.isOverlapWith(self.Triton.registers.eax))
self.assertTrue(self.Triton.registers.eax.isOverlapWith(self.Triton.registers.ah))
self.assertTrue(self.Triton.registers.ax.isOverlapWith(self.Triton.registers.al))
self.assertTrue(self.Triton.registers.al.isOverlapWith(self.Triton.registers.ax))
self.assertFalse(self.Triton.registers.eax.isOverlapWith(self.Triton.registers.edx))示例6: TestFlags
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestFlags(unittest.TestCase):
"""Testing the concrete flag values."""
def setUp(self):
"""Define the arch."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
def test_set_flags(self):
"""Check flags can be set in any order with a correct output result."""
registers = [REG.X86_64.ZF, REG.X86_64.AF, REG.X86_64.IF, REG.X86_64.CF,
REG.X86_64.DF, REG.X86_64.PF, REG.X86_64.SF, REG.X86_64.OF,
REG.X86_64.TF]
values = [0] * len(registers)
rand_registers = list(registers)
random.shuffle(rand_registers)
# Randomnly set flags registers and check result is the one expected
for reg in rand_registers:
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(reg), 1)
values[registers.index(reg)] = 1
self.assertListEqual([self.Triton.getConcreteRegisterValue(self.Triton.getRegister(r)) for r in registers], values)
def test_unset_flags(self):
"""Check flags can be unset in any order with a correct result."""
registers = [REG.X86_64.ZF, REG.X86_64.AF, REG.X86_64.IF, REG.X86_64.CF,
REG.X86_64.DF, REG.X86_64.PF, REG.X86_64.SF, REG.X86_64.OF,
REG.X86_64.TF]
values = [1] * len(registers)
for reg in registers:
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(reg), 1)
rand_registers = list(registers)
random.shuffle(rand_registers)
# Randomnly unset flags registers and check result is the one expected
for reg in rand_registers:
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(reg), 0)
values[registers.index(reg)] = 0
self.assertListEqual([self.Triton.getConcreteRegisterValue(self.Triton.getRegister(r)) for r in registers], values)示例7: TestInstruction
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestInstruction(unittest.TestCase):
"""Testing the Instruction class."""
def setUp(self):
"""Define and process the instruction to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211)
self.Triton.processing(self.inst)
def test_address(self):
"""Check instruction current and next address."""
self.assertEqual(self.inst.getAddress(), 0x400000)
self.assertEqual(self.inst.getNextAddress(), 0x400003)
def test_memory(self):
"""Check memory access."""
self.assertListEqual(self.inst.getLoadAccess(), [])
self.assertListEqual(self.inst.getStoreAccess(), [])
self.assertFalse(self.inst.isMemoryWrite())
self.assertFalse(self.inst.isMemoryRead())
def test_registers(self):
"""Check register access."""
self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX")
self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF")
def test_taints(self):
"""Check taints attributes."""
self.assertFalse(self.inst.isTainted())
def test_prefix(self):
"""Check prefix data."""
self.assertFalse(self.inst.isPrefixed())
self.assertEqual(self.inst.getPrefix(), PREFIX.INVALID)
def test_control_flow(self):
"""Check control flow flags."""
self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call")
self.assertFalse(self.inst.isBranch(), "It is not a jmp")
def test_condition(self):
"""Check condition flags."""
self.assertFalse(self.inst.isConditionTaken())
def test_opcode(self):
"""Check opcode informations."""
self.assertEqual(self.inst.getOpcode(), "\x48\x01\xd8")
self.assertEqual(self.inst.getType(), OPCODE.ADD)
def test_thread(self):
"""Check threads information."""
self.assertEqual(self.inst.getThreadId(), 0)
def test_operand(self):
"""Check operand information."""
self.assertEqual(len(self.inst.getOperands()), 2)
self.assertEqual(self.inst.getOperands()[0].getName(), "rax")
self.assertEqual(self.inst.getOperands()[1].getName(), "rbx")
with self.assertRaises(Exception):
self.inst.getOperands()[2]
def test_symbolic(self):
"""Check symbolic information."""
self.assertEqual(len(self.inst.getSymbolicExpressions()), 8)
def test_size(self):
"""Check size information."""
self.assertEqual(self.inst.getSize(), 3)
def test_disassembly(self):
"""Check disassembly equivalent."""
self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")示例8: TestIRQemu
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestIRQemu(unittest.TestCase):
"""Test IR based on the qemu test suite."""
def setUp(self):
self.BASE_PLT = 0x10000000
self.BASE_ARGV = 0x20000000
self.RELO = [
['__libc_start_main', self.__libc_start_main, None],
['printf', self.__printf, None],
]
# Simulate the __libc_start_main routine
def __libc_start_main(self):
# Get arguments
main = self.Triton.getConcreteRegisterValue(self.Triton.registers.rdi)
# Push the return value to jump into the main() function
self.Triton.concretizeRegister(self.Triton.registers.rsp)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rsp, self.Triton.getConcreteRegisterValue(self.Triton.registers.rsp)-CPUSIZE.QWORD)
ret2main = MemoryAccess(self.Triton.getConcreteRegisterValue(self.Triton.registers.rsp), CPUSIZE.QWORD)
self.Triton.concretizeMemory(ret2main)
self.Triton.setConcreteMemoryValue(ret2main, main)
# Setup argc / argv
self.Triton.concretizeRegister(self.Triton.registers.rdi)
self.Triton.concretizeRegister(self.Triton.registers.rsi)
# Setup target argvs
argvs = list()
# Define argc / argv
base = self.BASE_ARGV
addrs = list()
index = 0
for argv in argvs:
addrs.append(base)
self.Triton.setConcreteMemoryAreaValue(base, argv+'\x00')
# Tainting argvs
for i in range(len(argv)):
self.Triton.taintMemory(base + i)
base += len(argv)+1
index += 1
argc = len(argvs)
argv = base
for addr in addrs:
self.Triton.setConcreteMemoryValue(MemoryAccess(base, CPUSIZE.QWORD), addr)
base += CPUSIZE.QWORD
self.Triton.setConcreteRegisterValue(self.Triton.registers.rdi, argc)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rsi, argv)
return 0
# Simulate the printf() function
def __printf(self):
return 0
def emulate(self, pc):
"""
Emulate every opcode from pc.
Process instruction until the end
"""
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
ret = self.Triton.processing(instruction)
if instruction.getType() == OPCODE.HLT:
break
self.assertTrue(ret)
self.assertTrue(checkAstIntegrity(instruction))
# Simulate routines
self.hooking_handler()
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return
def hooking_handler(self):
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
for rel in self.RELO:
if rel[2] == pc:
# Emulate the routine and the return value
ret_value = rel[1]()
self.Triton.concretizeRegister(self.Triton.registers.rax)
#.........这里部分代码省略.........
示例9: loadBinary
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
# Perform our own relocations
for rel in binary.pltgot_relocations:
symbolName = rel.symbol.name
symbolRelo = rel.address
for crel in customRelocation:
if symbolName == crel[0]:
print '[+] Hooking %s' %(symbolName)
Triton.setConcreteMemoryValue(MemoryAccess(symbolRelo, CPUSIZE.QWORD), crel[2])
return
if __name__ == '__main__':
# Set the architecture
Triton.setArchitecture(ARCH.X86_64)
# Load the binary
binary = loadBinary(os.path.join(os.path.dirname(__file__), 'samples', 'sample_1'))
# Perform our own relocations
makeRelocation(binary)
# Define a fake stack
Triton.setConcreteRegisterValue(Triton.registers.rbp, 0x7fffffff)
Triton.setConcreteRegisterValue(Triton.registers.rsp, 0x6fffffff)
# Let's emulate the binary from the entry point
emulate(binary.entrypoint)
sys.exit(0)
示例10: initialize
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
def initialize():
triton = TritonContext()
triton.setArchitecture(ARCH.X86_64)
triton.enableMode(MODE.ALIGNED_MEMORY, True)
triton.setConcreteRegisterValue(triton.registers.rsp, 0x7fffffff)
return triton示例11: len
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
# Set the architecture
Triton.setArchitecture(ARCH.X86_64)
# Set a symbolic optimization mode
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
# AST representation as Python syntax
#setAstRepresentationMode(AST_REPRESENTATION.PYTHON)
if len(sys.argv) < 2:
debug('Syntax: %s <elf binary> [arg1, arg2, ...]' %(sys.argv[0]))
sys.exit(1)
# Load the binary
binary = loadBinary(sys.argv[1])
# Perform our own relocations
makeRelocation(binary)
# Define a fake stack
Triton.setConcreteRegisterValue(Triton.registers.rbp, BASE_STACK)
Triton.setConcreteRegisterValue(Triton.registers.rsp, BASE_STACK)
# Let's emulate the binary from the entry point
debug('Starting emulation')
emulate(binary.entrypoint)
debug('Emulation done')
sys.exit(0)
示例12: ord
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
Triton.setConcreteMemoryValue(0x1004, ord('e'))
# Define the serial pointer
Triton.setConcreteMemoryValue(0x601040, 0x00)
Triton.setConcreteMemoryValue(0x601041, 0x00)
Triton.setConcreteMemoryValue(0x601042, 0x90)
# Define the serial context
Triton.setConcreteMemoryValue(0x900000, 0x31)
Triton.setConcreteMemoryValue(0x900001, 0x3e)
Triton.setConcreteMemoryValue(0x900002, 0x3d)
Triton.setConcreteMemoryValue(0x900003, 0x26)
Triton.setConcreteMemoryValue(0x900004, 0x31)
# point rdi on our buffer
Triton.setConcreteRegisterValue(Triton.registers.rdi, 0x1000)
# Setup stack
Triton.setConcreteRegisterValue(Triton.registers.rsp, 0x7fffffff)
Triton.setConcreteRegisterValue(Triton.registers.rbp, 0x7fffffff)
while pc in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[pc])
# Setup Address
inst.setAddress(pc)示例13: TestSymbolicExpression
# 需要导入模块: from triton import TritonContext [as 别名]
# 或者: from triton.TritonContext import setConcreteRegisterValue [as 别名]
class TestSymbolicExpression(unittest.TestCase):
"""Testing symbolic expression."""
def setUp(self):
"""Define the arch."""
self.ctx = TritonContext()
self.ctx.setArchitecture(ARCH.X86_64)
self.inst1 = Instruction("\x48\x31\xd8") # xor rax, rbx
self.ctx.setConcreteRegisterValue(self.ctx.registers.al, 0x10)
self.ctx.setConcreteRegisterValue(self.ctx.registers.bl, 0x55)
self.inst2 = Instruction("\x48\x89\x03") # mov [rbx], rax
self.ctx.processing(self.inst1)
self.ctx.processing(self.inst2)
self.expr1 = self.inst1.getSymbolicExpressions()[0]
self.expr2 = self.inst2.getSymbolicExpressions()[8]
def test_expressions(self):
"""Test expressions"""
self.assertEqual(len(self.inst1.getSymbolicExpressions()), 7)
def test_getAst(self):
"""Test getAst"""
self.assertEqual(self.expr1.getAst().evaluate(), 0x45)
def test_getComment(self):
"""Test getComment"""
self.assertEqual(self.expr1.getComment(), "XOR operation")
def test_getId(self):
"""Test getId"""
self.assertEqual(self.expr1.getId(), 0)
def test_getKind(self):
"""Test getKind"""
self.assertEqual(self.expr1.getKind(), SYMEXPR.REG)
self.assertEqual(self.expr2.getKind(), SYMEXPR.MEM)
def test_getNewAst(self):
"""Test getNewAst"""
self.assertTrue(self.expr1.getAst().equalTo(self.expr1.getNewAst()))
def test_getOrigin(self):
"""Test getOrigin"""
self.assertEqual(self.expr1.getOrigin().getId(), REG.X86_64.RAX)
self.assertEqual(str(self.expr1.getOrigin()), "rax:64 bv[63..0]")
self.assertEqual(str(self.expr2.getOrigin()), "[@0x55]:64 bv[63..0]")
def test_isMemory(self):
"""Test isMemory"""
self.assertFalse(self.expr1.isMemory())
def test_isRegister(self):
"""Test isRegister"""
self.assertTrue(self.expr1.isRegister())
def test_isSymbolized(self):
"""Test isSymbolized"""
self.assertFalse(self.expr1.isSymbolized())
def test_isTainted(self):
"""Test isTainted"""
self.assertFalse(self.expr1.isTainted())
def test_setAst(self):
"""Test setAst"""
self.expr1.setAst(self.ctx.getAstContext().bv(1, 64))
self.assertEqual(str(self.expr1.getAst()), "(_ bv1 64)")
def test_setComment(self):
"""Test setComment"""
self.expr1.setComment("test")
self.assertEqual(self.expr1.getComment(), "test")