本文整理汇总了Python中visgraph.pathcore.getNodeProp函数的典型用法代码示例。如果您正苦于以下问题:Python getNodeProp函数的具体用法?Python getNodeProp怎么用?Python getNodeProp使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了getNodeProp函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: codewalker
def codewalker(ppath, edge, path):
# first, test for the "entry" case
if ppath == None and edge == None:
emu = self.getFuncEmu(fva)
for fname, funccb in self.funccb.items():
emu.addFunctionCallback(fname, funccb)
patheffs = emu.applyEffects(self.preeffects)
pathcons = emu.applyEffects(self.preconstraints)
node = graph.getNode(fva)
effects = node[1].get('symbolik_effects',())
patheffs.extend(emu.applyEffects(effects))
vg_pathcore.setNodeProp(path, 'pathemu', emu)
vg_pathcore.setNodeProp(path, 'pathcons', pathcons )
vg_pathcore.setNodeProp(path, 'patheffs', patheffs )
return True
# we are now in the "walking" case
emu = self.getFuncEmu(fva)
pemu = vg_pathcore.getNodeProp(ppath, 'pathemu')
emu.setSymSnapshot( pemu.getSymSnapshot() )
patheffs = list( vg_pathcore.getNodeProp(ppath, 'patheffs') )
pathcons = list( vg_pathcore.getNodeProp(ppath, 'pathcons') )
vg_pathcore.setNodeProp(path,'pathemu',emu)
vg_pathcore.setNodeProp(path,'patheffs',patheffs)
vg_pathcore.setNodeProp(path,'pathcons',pathcons)
# pick up the edge constraints
newcons = graph.getEdgeProps(edge[0]).get('symbolik_constraints', ())
newcons = emu.applyEffects(newcons)
[ c.reduce(emu=emu) for c in newcons ]
for coneff in newcons:
# bail if the constraint is dorked
if coneff.cons.isDiscrete():
if not coneff.cons.prove():
print('TRIM: %s' % (str(coneff.cons),))
return False
continue
# bail if the constraint is mutex
# FIXME
#if any([ oldconeff.isMutualExclusion( coneff ) for oldconeff in pathcons ]):
#return False
# TODO: collective failed constraints
# (previous constraint "var > 3" and this constraint "var == 2")
patheffs.append( coneff )
pathcons.append( coneff )
# We have survived constraints!
node2 = graph.getNode(edge[2])
neweffs = node2[1].get('symbolik_effects',())
neweffs = emu.applyEffects(neweffs)
patheffs.extend(neweffs)
return True示例2: do_argtrack
def do_argtrack(self, line):
"""
Track input arguments to the given function by name or address.
Usage: argtrack <func_addr_expr> <arg_idx>
"""
if not line:
return self.do_help("argtrack")
argv = e_cli.splitargs(line)
if len(argv) != 2:
return self.do_help("argtrack")
try:
fva = self.parseExpression(argv[0])
except Exception as e:
self.vprint("Invalid Address Expression: %s" % argv[0])
return
try:
idx = self.parseExpression(argv[1])
except Exception as e:
self.vprint("Invalid Index Expression: %s" % argv[1])
return
if self.getFunction(fva) != fva:
self.vprint("Invalid Function Address: (0x%.8x) %s" % (fva, line))
for pleaf in viv_vector.trackArgOrigin(self, fva, idx):
self.vprint('='*80)
path = vg_path.getPathToNode(pleaf)
path.reverse()
for pnode in path:
fva = vg_path.getNodeProp(pnode, 'fva')
argv = vg_path.getNodeProp(pnode, 'argv')
callva = vg_path.getNodeProp(pnode, 'cva')
argidx = vg_path.getNodeProp(pnode, 'argidx')
if callva != None:
aval, amagic = argv[argidx]
arepr = '0x%.8x' % aval
if amagic != None:
arepr = repr(amagic)
frepr = 'UNKNOWN'
if fva != None:
frepr = '0x%.8x' % fva
self.vprint('func: %s calls at: 0x%.8x with his own: %s' % (frepr, callva, arepr))
self.vprint("="*80)示例3: getBranchNode
def getBranchNode(self, node, bva):
'''
If a node exists already for the specified branch, return it. Otherwise,
create a new one and return that...
'''
for knode in vg_path.getNodeKids(node):
if vg_path.getNodeProp(knode, 'bva') == bva:
return knode
return self.newCodePathNode(node, bva)示例4: build_emu_va_map
def build_emu_va_map(node, **kwargs):
res = kwargs.get('res')
emu = kwargs.get('emu')
logtype = kwargs.get('logtype')
if (res is None) or (emu is None) or (logtype is None):
return
#for va in vg_path.getNodeProp(node, 'valist'):
# res[va] = node
#for pc, va, bytes in vg_path.getNodeProp(node, 'writelog'):
for entry in vg_path.getNodeProp(node, logtype):
pc, va, bytes = entry
res[pc] = entry示例5: stepi
def stepi(self):
# NOTE: when we step, we *always* want to be stepping over calls
# (and possibly import emulate them)
starteip = self.getProgramCounter()
# parse out an opcode
op = self.parseOpcode(starteip)
if self.emumon:
self.emumon.prehook(self, op, starteip)
# Execute the opcode
self.executeOpcode(op)
vg_path.getNodeProp(self.curpath, 'valist').append(starteip)
endeip = self.getProgramCounter()
if self.emumon:
self.emumon.posthook(self, op, endeip)
if not self.checkCall(starteip, endeip, op):
self.checkBranches(starteip, endeip, op)示例6: trackArgOrigin
def trackArgOrigin(vw, fva, argidx):
"""
Return an input tree (visgraph path tree) of the trackable inputs
to the specified function.
Each node in the list will be a leaf node for a path leading
down toward a call to the target function. Each node will have
the following path node properties:
fva - The function
argidx - The index of the argument input with this call
cva - The address of the call (to our next) (None on root node)
argv - A list of (<val>,<magic>) tuples for the call args (None on root node)
"""
rootpath = vg_path.newPathNode(fva=fva, cva=None, trackidx=argidx, argidx=None, argv=None)
todo = [rootpath, ]
while len(todo):
path = todo.pop()
fva = vg_path.getNodeProp(path, 'fva')
trackidx = vg_path.getNodeProp(path, 'trackidx')
# Get all of our callers and their arguments to us
for callva, argv in trackFunctionInputs(vw, fva):
newfva = vw.getFunction(callva)
pargs = dict(parent=path, fva=newfva, cva=callva, argidx=trackidx, argv=argv)
newpath = vg_path.newPathNode(**pargs)
aval, amagic = argv[trackidx]
if isinstance(amagic, viv_magic.StackArg) and newfva:
vg_path.setNodeProp(newpath, 'trackidx', amagic.index)
todo.append(newpath)
return vg_path.getLeafNodes(rootpath)示例7: stack_track_visitor
def stack_track_visitor(node, **kwargs):
vw = kwargs.get('vw')
res = kwargs.get('res')
emu = kwargs.get('emu')
agg = kwargs.get('agg')
logger = kwargs.get('logger')
if (vw is None) or (emu is None) or (logger is None):
raise RuntimeError('Bad arguments to stack_track_visitor')
if agg is None:
agg = StringAccumulator()
wlog = vg_path.getNodeProp(node, 'writelog')
for eip, va, bytes in wlog:
# no longer check if it's writing into a stack memory location or not
# this allows us to grab manually constructed strings in .data
# as well
if eip == 0:
#logger.debug('Skipping 0 eip: 0x%08x 0x%08x: %s', eip, va, binascii.hexlify(bytes))
continue
logger.debug('visiting: 0x%08x: *> 0x%08x 0x%x bytes', eip, va, len(bytes))
op = vw.parseOpcode(eip)
if op.getPrefixName().startswith('rep'):
#ignore rep instructions -> never seen used to acutally construct strings,
# and causes lots of FPs
continue
elif op.mnem.startswith('call'):
logger.debug('Aggregating due to call: 0x%08x', eip)
agg.aggregateStack()
elif all([i == '\x00' for i in bytes]):
logger.debug('Adding null at 0x%08x: 0x%08x', eip, va)
agg.addItem((eip, va, bytes))
if op.mnem.startswith('push'):
#aggregating based purely on pushes lead to a lot of FPs
pass
else:
agg.aggregateStack()
elif all( [isAscii(i) for i in bytes]):
agg.addItem((eip, va, bytes))
logger.debug('Adding wlog entry: 0x%08x 0x%08x: %s', eip, va, binascii.hexlify(bytes))
elif all( [isAscii(i) for i in bytes[::2]]) and all([i =='\x00' for i in bytes[1::2]]):
#just looking for wchar strings made of ascii chars
agg.addItem((eip, va, bytes))
logger.debug('Adding possible wchar wlog entry: 0x%08x 0x%08x: %s', eip, va, binascii.hexlify(bytes))
else:
logger.debug('Skipping wlog entry: 0x%08x 0x%08x: %s', eip, va, binascii.hexlify(bytes))
agg.aggregateStack()
if res is not None:
#if we're using a local agg, put the results in res
res.extend(agg.stringDict.values())示例8: writeMemory
def writeMemory(self, va, bytes):
"""
Try to write the bytes to the memory object, otherwise, dont'
complain...
"""
if self.logwrite:
wlog = vg_path.getNodeProp(self.curpath, 'writelog')
wlog.append((self.getProgramCounter(),va,bytes))
self._useVirtAddr( va )
# It's totally ok to write to invalid memory during the
# emulation pass (as long as safe_mem is true...)
probeok = self.probeMemory(va, len(bytes), e_mem.MM_WRITE)
if self._safe_mem and not probeok:
return
return e_mem.MemoryObject.writeMemory(self, va, bytes)示例9: readMemory
def readMemory(self, va, size):
if self.logread:
rlog = vg_path.getNodeProp(self.curpath, 'readlog')
rlog.append((self.getProgramCounter(),va,size))
# If they read an import entry, start a taint...
loc = self.vw.getLocation(va)
if loc != None:
lva, lsize, ltype, ltinfo = loc
if ltype == LOC_IMPORT and lsize == size: # They just read an import.
ret = self.setVivTaint('import', loc)
return e_bits.buildbytes(ret, lsize)
self._useVirtAddr(va)
# Read from the emulator's pages if we havent resolved it yet
probeok = self.probeMemory(va, size, e_mem.MM_READ)
if self._safe_mem and not probeok:
return 'A' * size
return e_mem.MemoryObject.readMemory(self, va, size)示例10: do_chat
except Exception, e:
self.vprint("Invalid Index Expression: %s" % argv[1])
return
if self.getFunction(fva) != fva:
self.vprint("Invalid Function Address: (0x%.8x) %s" % (fva, line))
for pleaf in viv_vector.trackArgOrigin(self, fva, idx):
self.vprint('='*80)
path = vg_path.getPathToNode(pleaf)
path.reverse()
for pnode in path:
fva = vg_path.getNodeProp(pnode, 'fva')
argv = vg_path.getNodeProp(pnode, 'argv')
callva = vg_path.getNodeProp(pnode, 'cva')
argidx = vg_path.getNodeProp(pnode, 'argidx')
if callva != None:
aval, amagic = argv[argidx]
arepr = '0x%.8x' % aval
if amagic != None:
arepr = repr(amagic)
frepr = 'UNKNOWN'
if fva != None:
frepr = '0x%.8x' % fva
self.vprint('func: %s calls at: 0x%.8x with his own: %s' % (frepr, callva, arepr))
self.vprint("="*80)
def do_chat(self, line):示例11: _nodeedgeloop
def _nodeedgeloop(tnode):
nid = vg_pathcore.getNodeProp(tnode, 'nid')
eid = vg_pathcore.getNodeProp(tnode, 'eid')
loop = vg_pathcore.getNodeProp(tnode, 'loops')
return nid,eid,loop示例12: _nodeedge
def _nodeedge(tnode):
nid = vg_pathcore.getNodeProp(tnode, 'nid')
eid = vg_pathcore.getNodeProp(tnode, 'eid')
return nid,eid示例13: walkSymbolikPaths
def walkSymbolikPaths(self, fva, maxpath=1000):
'''
walkSymbolikPaths is a function-focused symbolik path generator, using the
walkCodePaths generator foundation. Symbolik effects are dragged through
each code block, and constraints are evaluated in-process to determine and
trim dead code paths.
Begins first node by applying self.preeffects and self.preconstraints
'''
graph = self.getSymbolikGraph(fva)
# our callback routine for code path walking
def codewalker(ppath, edge, path):
# first, test for the "entry" case
if ppath == None and edge == None:
emu = self.getFuncEmu(fva)
for fname, funccb in self.funccb.items():
emu.addFunctionCallback(fname, funccb)
patheffs = emu.applyEffects(self.preeffects)
pathcons = emu.applyEffects(self.preconstraints)
node = graph.getNode(fva)
effects = node[1].get('symbolik_effects',())
patheffs.extend(emu.applyEffects(effects))
vg_pathcore.setNodeProp(path, 'pathemu', emu)
vg_pathcore.setNodeProp(path, 'pathcons', pathcons )
vg_pathcore.setNodeProp(path, 'patheffs', patheffs )
return True
# we are now in the "walking" case
emu = self.getFuncEmu(fva)
pemu = vg_pathcore.getNodeProp(ppath, 'pathemu')
emu.setSymSnapshot( pemu.getSymSnapshot() )
patheffs = list( vg_pathcore.getNodeProp(ppath, 'patheffs') )
pathcons = list( vg_pathcore.getNodeProp(ppath, 'pathcons') )
vg_pathcore.setNodeProp(path,'pathemu',emu)
vg_pathcore.setNodeProp(path,'patheffs',patheffs)
vg_pathcore.setNodeProp(path,'pathcons',pathcons)
# pick up the edge constraints
newcons = graph.getEdgeProps(edge[0]).get('symbolik_constraints', ())
newcons = emu.applyEffects(newcons)
[ c.reduce(emu=emu) for c in newcons ]
for coneff in newcons:
# bail if the constraint is dorked
if coneff.cons.isDiscrete():
if not coneff.cons.prove():
print('TRIM: %s' % (str(coneff.cons),))
return False
continue
# bail if the constraint is mutex
# FIXME
#if any([ oldconeff.isMutualExclusion( coneff ) for oldconeff in pathcons ]):
#return False
# TODO: collective failed constraints
# (previous constraint "var > 3" and this constraint "var == 2")
patheffs.append( coneff )
pathcons.append( coneff )
# We have survived constraints!
node2 = graph.getNode(edge[2])
neweffs = node2[1].get('symbolik_effects',())
neweffs = emu.applyEffects(neweffs)
patheffs.extend(neweffs)
return True
for pathnode in viv_graph.walkCodePaths(graph, codewalker, maxpath=maxpath):
emu = vg_pathcore.getNodeProp(pathnode, 'pathemu')
patheffs = vg_pathcore.getNodeProp(pathnode, 'patheffs')
yield emu, patheffs示例14: runFunction
def runFunction(self, funcva, stopva=None, maxhit=None, maxloop=None):
"""
This is a utility function specific to WorkspaceEmulation (and impemu) that
will emulate, but only inside the given function. You may specify a stopva
to return once that location is hit.
"""
self.funcva = funcva
# Let the current (should be base also) path know where we are starting
vg_path.setNodeProp(self.curpath, 'bva', funcva)
hits = {}
todo = [(funcva,self.getEmuSnap(),self.path),]
vw = self.vw # Save a dereference many many times
while len(todo):
va,esnap,self.curpath = todo.pop()
self.setEmuSnap(esnap)
self.setProgramCounter(va)
# Check if we are beyond our loop max...
if maxloop != None:
lcount = vg_path.getPathLoopCount(self.curpath, 'bva', va)
if lcount > maxloop:
continue
while True:
starteip = self.getProgramCounter()
if not vw.isValidPointer(starteip):
break
if starteip == stopva:
return
# Check straight hit count...
if maxhit != None:
h = hits.get(starteip, 0)
h += 1
if h > maxhit:
break
hits[starteip] = h
# If we ran out of path (branches that went
# somewhere that we couldn't follow?
if self.curpath == None:
break
try:
# FIXME unify with stepi code...
op = self.parseOpcode(starteip)
self.op = op
if self.emumon:
self.emumon.prehook(self, op, starteip)
if self.emustop:
return
# Execute the opcode
self.executeOpcode(op)
vg_path.getNodeProp(self.curpath, 'valist').append(starteip)
endeip = self.getProgramCounter()
if self.emumon:
self.emumon.posthook(self, op, endeip)
if self.emustop:
return
iscall = self.checkCall(starteip, endeip, op)
if self.emustop:
return
# If it wasn't a call, check for branches, if so, add them to
# the todo list and go around again...
if not iscall:
blist = self.checkBranches(starteip, endeip, op)
if len(blist):
# pc in the snap will be wrong, but over-ridden at restore
esnap = self.getEmuSnap()
for bva,bpath in blist:
todo.append((bva, esnap, bpath))
break
# If we enounter a procedure exit, it doesn't
# matter what EIP is, we're done here.
if op.iflags & envi.IF_RET:
vg_path.setNodeProp(self.curpath, 'cleanret', True)
break
except envi.UnsupportedInstruction, e:
if self.strictops:
break
else:
print 'runFunction continuing after unsupported instruction: 0x%08x %s' % (e.op.va, e.op.mnem)
#.........这里部分代码省略.........
示例15: do_chat
except Exception, e:
self.vprint("Invalid Index Expression: %s" % argv[1])
return
if self.getFunction(fva) != fva:
self.vprint("Invalid Function Address: (0x%.8x) %s" % (fva, line))
for pleaf in viv_vector.trackArgOrigin(self, fva, idx):
self.vprint("=" * 80)
path = vg_path.getPathToNode(pleaf)
path.reverse()
for pnode in path:
fva = vg_path.getNodeProp(pnode, "fva")
argv = vg_path.getNodeProp(pnode, "argv")
callva = vg_path.getNodeProp(pnode, "cva")
argidx = vg_path.getNodeProp(pnode, "argidx")
if callva != None:
aval, amagic = argv[argidx]
arepr = "0x%.8x" % aval
if amagic != None:
arepr = repr(amagic)
frepr = "UNKNOWN"
if fva != None:
frepr = "0x%.8x" % fva
self.vprint("func: %s calls at: 0x%.8x with his own: %s" % (frepr, callva, arepr))
self.vprint("=" * 80)
def do_chat(self, line):