本文整理汇总了Python中claripy.And方法的典型用法代码示例。如果您正苦于以下问题:Python claripy.And方法的具体用法?Python claripy.And怎么用?Python claripy.And使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类claripy的用法示例。
在下文中一共展示了claripy.And方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_same_length_constraints
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def get_same_length_constraints(self):
constraints = []
for str_var, int_var in self.str_to_int_pairs:
int_var_name = list(int_var.variables)[0]
base = int(int_var_name.split("_")[1], 10)
original_len = str_var.size()//8
abs_max = (1 << int_var.size())-1
if str_var.cache_key in self.allows_negative_bvs:
abs_max = (1 << (int_var.size()-1))-1
max_val = base**(original_len)-1
min_val = 0
if str_var.cache_key in self.allows_negative_bvs and original_len > 1:
min_val = -(base**(original_len-1)-1)
max_val = min(max_val, abs_max)
min_val = max(min_val, -abs_max)
constraints.append(claripy.And(int_var.SGE(min_val), int_var <= max_val))
return constraints 示例2: _load_num_with_prefix
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _load_num_with_prefix(prefix, addr, region, state, base, signed, read_length=None):
"""
loads a number from addr, and returns a condition that addr must start with the prefix
"""
length = len(prefix)
read_length = (read_length-length) if read_length else None
condition, value, num_bytes = strtol._string_to_int(addr+length, state, region, base, signed, read_length)
# the prefix must match
if len(prefix) > 0:
loaded_prefix = region.load(addr, length)
condition = state.solver.And(loaded_prefix == state.solver.BVV(prefix), condition)
total_num_bytes = num_bytes + length
# negatives
if prefix.startswith(b"-"):
value = state.solver.BVV(0, state.arch.bits) - value
return condition, value, total_num_bytes 示例3: _make_condition_nodes
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _make_condition_nodes(self, seq):
# make all conditionally-reachable nodes ConditionNodes
for i in range(len(seq.nodes)):
node = seq.nodes[i]
if isinstance(node, CodeNode):
if isinstance(node.node, SequenceNode):
self._make_condition_nodes(node.node)
if node.reaching_condition is not None and not claripy.is_true(node.reaching_condition):
if isinstance(node.node, ConditionalBreakNode):
# Put conditions together and simplify them
cond = claripy.And(node.reaching_condition, node.node.condition)
new_node = CodeNode(ConditionalBreakNode(node.node.addr, cond, node.node.target), None)
else:
new_node = ConditionNode(node.addr, None, node.reaching_condition, node,
None)
seq.nodes[i] = new_node 示例4: test_canonical
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def test_canonical():
x1 = claripy.BVS('x', 32)
b1 = claripy.BoolS('b')
c1 = claripy.BoolS('c')
x2 = claripy.BVS('x', 32)
b2 = claripy.BoolS('b')
c2 = claripy.BoolS('c')
assert x1.canonicalize()[-1] is x2.canonicalize()[-1]
y1 = claripy.If(claripy.And(b1, c1), x1, ((x1+x1)*x1)+1)
y2 = claripy.If(claripy.And(b2, c2), x2, ((x2+x2)*x2)+1)
one_names = frozenset.union(x1.variables, b1.variables, c1.variables)
two_names = frozenset.union(x2.variables, b2.variables, c2.variables)
assert frozenset.union(*[a.variables for a in y1.recursive_leaf_asts]) == one_names
assert frozenset.union(*[a.variables for a in y2.recursive_leaf_asts]) == two_names
assert y1.canonicalize()[-1] is y2.canonicalize()[-1] 示例5: check_overlap
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def check_overlap(self, malloc_dict, addr, req_size):
for dst in list(malloc_dict.keys()):
alloc = malloc_dict[dst][1]
condition1 = self.state.solver.And(alloc < addr, alloc + malloc_dict[dst][0] > addr)
condition2 = self.state.solver.And(alloc > addr, addr + req_size > alloc)
if self.state.solver.satisfiable(extra_constraints=[condition1]):
logger.info('Found overlapping allocation')
self.state.add_constraints(condition1)
self.state.heaphopper.vulnerable = True
self.state.heaphopper.vuln_type = 'malloc_allocated'
self.state.heaphopper.vuln_state = self.state.copy()
return True
if self.state.solver.satisfiable(extra_constraints=[condition2]):
logger.info('Found overlapping allocation')
self.state.add_constraints(condition2)
self.state.heaphopper.vulnerable = True
self.state.heaphopper.vuln_type = 'malloc_allocated'
self.state.heaphopper.vuln_state = self.state.copy()
return True
return False 示例6: check_write
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def check_write(state):
# If we found an arb_write we're done
if state.heaphopper.vuln_type.startswith('arbitrary_write'):
return
# Check if we have an arbitrary_write
addr = state.inspect.mem_write_address
val = state.inspect.mem_write_expr
#logger.debug('check_write: addr: %s' % addr)
#logger.debug('check_write: val: %s' % val)
constr = claripy.And(addr >= state.heaphopper.wtarget[0],
addr < state.heaphopper.wtarget[0] + state.heaphopper.wtarget[1])
if state.solver.satisfiable(extra_constraints=[constr]):
#logger.debug('check_write: Found arbitrary write')
state.add_constraints(constr)
state.heaphopper.vuln_state = state.copy()
state.heaphopper.arb_write_info = dict(instr=state.addr, addr=addr, val=val)
state.heaphopper.vuln_type = 'arbitrary_write'
state.heaphopper.stack_trace = get_libc_stack_trace(state) 示例7: run
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def run(self):
self.log_signal.emit("Start of ConcreteRunner!")
# Make sure the CFG is built
build_cfg(self.plugin, self.ida_func, self.log_signal)
try:
# Run the function concretely to get a 'trace'
addr_trace = self.run_function_concrete()
# And send the results back to the GUI thread
self.result_signal.emit(addr_trace)
except:
self.result_signal.emit([])
self.log_signal.emit("End of ConcreteRunner!") 示例8: constrainToAddress
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def constrainToAddress(state,sym_val,addr,endian='little'):
bits = state.arch.bits
padded_addr = 0
if bits == 32:
padded_addr = p32(addr,endian=endian)
elif bits == 64:
botAddr = addr & 0xFFFFFFFF
topAddr = (addr >> 32) & 0xFFFFFFFF
padded_addr = p32(topAddr,endian=endian) + p32(botAddr,endian=endian)
constraints = []
for i in range(bits / 8):
curr_byte = sym_val.get_byte(i)
constraint = claripy.And(curr_byte == padded_addr[i])
if state.se.satisfiable(extra_constraints=[constraint]):
constraints.append(constraint)
return constraints
#TODO move filters out of this file 示例9: _get_circumstantial_constraints
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _get_circumstantial_constraints(self, state, rop_uncontrolled):
# for those registers which are uncontrolled by rop, can we control it
# circumstantially?
constraints = [ ]
for register in rop_uncontrolled:
# if it's eax we can't control with rop, make sure it can be 2
if register == "eax":
constraints.append(state.regs.eax == 2)
# if it's ebx we need to make sure it can stdout
if register == "ebx":
constraints.append(state.regs.ebx == 1)
if register == "ecx":
constraints.append(state.regs.ecx >= 0x4347c000)
constraints.append(state.regs.ecx <= (0x4347d000 - 4))
# if it's edx, we need to be able to set it to just above 4 bytes
if register == "edx":
constraints.append(state.regs.edx > 0x4)
# if it's esi, we need to point to NULL or a writable page
# TODO support setting to a writable page
if register == "esi":
or_cons = [ ]
for page_start, page_end in self._get_writable_pages(state):
or_cons.append(claripy.And(state.regs.esi >= page_start, state.regs.esi <= (page_end - 4)))
combine_cons = or_cons[0]
for con in or_cons[1:]:
combine_cons = claripy.Or(combine_cons, con)
constraints.append(combine_cons)
return constraints 示例10: _perform_vex_stmt_Exit
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _perform_vex_stmt_Exit(self, guard, target, jumpkind):
cont_state = None
exit_state = None
guard = guard != 0
if o.COPY_STATES not in self.state.options:
# very special logic to try to minimize copies
# first, check if this branch is impossible
if guard.is_false():
cont_state = self.state
elif o.LAZY_SOLVES not in self.state.options and not self.state.solver.satisfiable(extra_constraints=(guard,)):
cont_state = self.state
# then, check if it's impossible to continue from this branch
elif guard.is_true():
exit_state = self.state
elif o.LAZY_SOLVES not in self.state.options and not self.state.solver.satisfiable(extra_constraints=(claripy.Not(guard),)):
exit_state = self.state
else:
exit_state = self.state.copy()
cont_state = self.state
else:
exit_state = self.state.copy()
cont_state = self.state
if exit_state is not None:
self.successors.add_successor(exit_state, target, guard, jumpkind,
exit_stmt_idx=self.stmt_idx, exit_ins_addr=self.state.scratch.ins_addr)
if cont_state is None:
raise VEXEarlyExit
# Do our bookkeeping on the continuing self.state
cont_condition = ~guard
cont_state.add_constraints(cont_condition)
cont_state.scratch.guard = claripy.And(cont_state.scratch.guard, cont_condition) 示例11: check_array_bounds
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def check_array_bounds(idx, array, state):
# a valid idx fullfills the constraint
# 0 <= idx < length
zero = state.solver.BVV(0, 32)
length = array.size
bound_constraint = state.solver.And(
length.SGT(idx), zero.SLE(idx),
)
# evaluate the constraint
# Note: if index and/or the array length are symbolic, the result
# can be True and False and the same time
idx_stays_within_bounds = state.solver.eval_upto(bound_constraint, 2)
# There are 3 cases:
# 1) idx has only valid solutions
# 2) idx has only invalid solutions
# TODO: raise a java.lang.ArrayIndexOutOfBoundsException
# 3) idx has some valid and some invalid solutions
# TODO: split current SimState into two successors:
# --> one w/ all valid indexes
# --> one w/ all invalid indexes and a raised exception
#
# For now we just constraint the index to stay within the bounds
# raise exception, if index is *always* invalid
if not True in idx_stays_within_bounds:
raise SimEngineError("Access of %s[%s] (length %s) is always invalid. "
"Cannot continue w/o raising java.lang.ArrayIndexOutOfBoundsException."
"" % (array.id, idx, length))
# bound index and/or length, if there are *some* invalid values
if False in idx_stays_within_bounds:
l.warning("Possible out-of-bounds access! Index and/or length gets constraint to "
"valid values. (%s[%s], length %s)", array.id, idx, length)
state.solver.add(And(length.SGT(idx), zero.SLE(idx))) 示例12: _store_symbolic_addr
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _store_symbolic_addr(self, address, addresses, size, data, endness, condition):
size = self.state.solver.eval(size)
segments = self._get_segments(addresses, size)
if condition is None:
condition = claripy.BoolV(True)
original_values = [ self._read_from(segment['start'], segment['size']) for segment in segments ]
if endness == "Iend_LE" or (endness is None and self.endness == "Iend_LE"):
original_values = [ ov.reversed for ov in original_values ]
stored_values = []
for segment, original_value in zip(segments, original_values):
conditional_value = original_value
for opt in segment['options']:
if endness == "Iend_LE" or (endness is None and self.endness == "Iend_LE"):
high = ((opt['idx']+segment['size']) * self.state.arch.byte_width)-1
low = opt['idx']*self.state.arch.byte_width
else:
high = len(data) - 1 - (opt['idx']*self.state.arch.byte_width)
low = len(data) - ((opt['idx']+segment['size']) *self.state.arch.byte_width)
data_slice = data[high:low]
conditional_value = self.state.solver.If(self.state.solver.And(address == segment['start']-opt['idx'], condition), data_slice, conditional_value)
stored_values.append(dict(value=conditional_value, addr=segment['start'], size=segment['size']))
return stored_values 示例13: _char_to_val
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _char_to_val(char, base):
"""
converts a symbolic char to a number in the given base
returns expression, result
expression is a symbolic boolean indicating whether or not it was a valid number
result is the value
"""
cases = []
# 0-9
max_digit = claripy.BVV(b"9")
min_digit = claripy.BVV(b"0")
if base < 10:
max_digit = claripy.BVV(ord("0") + base, 8)
is_digit = claripy.And(char >= min_digit, char <= max_digit)
# return early here so we don't add unnecessary statements
if base <= 10:
return is_digit, char - min_digit
# handle alphabetic chars
max_char_lower = claripy.BVV(ord("a") + base-10 - 1, 8)
max_char_upper = claripy.BVV(ord("A") + base-10 - 1, 8)
min_char_lower = claripy.BVV(ord("a"), 8)
min_char_upper = claripy.BVV(ord("A"), 8)
cases.append((is_digit, char - min_digit))
is_alpha_lower = claripy.And(char >= min_char_lower, char <= max_char_lower)
cases.append((is_alpha_lower, char - min_char_lower + 10))
is_alpha_upper = claripy.And(char >= min_char_upper, char <= max_char_upper)
cases.append((is_alpha_upper, char - min_char_upper + 10))
expression = claripy.Or(is_digit, is_alpha_lower, is_alpha_upper)
# use the last case as the default, the expression will encode whether or not it's satisfiable
result = claripy.ite_cases(cases[:-1], cases[-1][1])
return expression, result 示例14: _fold_double_negations
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def _fold_double_negations(cond):
# !(!A) ==> A
# !((!A) && (!B)) ==> A || B
# !((!A) && B) ==> A || !B
# !(A || B) ==> (!A && !B)
if cond.op != "Not":
return None
if cond.args[0].op == "Not":
return cond.args[0]
if cond.args[0].op == "And" and len(cond.args[0].args) == 2:
and_0, and_1 = cond.args[0].args
if and_0.op == "Not" and and_1.op == "Not":
expr = claripy.Or(and_0.args[0], and_1.args[0])
return expr
if and_0.op == "Not": # and_1.op != "Not"
expr = claripy.Or(
and_0.args[0],
ConditionProcessor.simplify_condition(
claripy.Not(and_1)
)
)
return expr
if cond.args[0].op == "Or" and len(cond.args[0].args) == 2:
or_0, or_1 = cond.args[0].args
expr = claripy.And(
ConditionProcessor.simplify_condition(claripy.Not(or_0)),
ConditionProcessor.simplify_condition(claripy.Not(or_1)),
)
return expr
return None
# delayed import 示例15: raw_ite
# 需要导入模块: import claripy [as 别名]
# 或者: from claripy import And [as 别名]
def raw_ite(solver_type):
s = solver_type()
x = claripy.BVS("x", 32)
y = claripy.BVS("y", 32)
z = claripy.BVS("z", 32)
ite = claripy.ite_dict(x, {1:11, 2:22, 3:33, 4:44, 5:55, 6:66, 7:77, 8:88, 9:99}, claripy.BVV(0, 32))
nose.tools.assert_equal(sorted(s.eval(ite, 100)), [ 0, 11, 22, 33, 44, 55, 66, 77, 88, 99 ] )
ss = s.branch()
ss.add(ite == 88)
nose.tools.assert_equal(sorted(ss.eval(ite, 100)), [ 88 ] )
nose.tools.assert_equal(sorted(ss.eval(x, 100)), [ 8 ] )
ity = claripy.ite_dict(x, {1:11, 2:22, 3:y, 4:44, 5:55, 6:66, 7:77, 8:88, 9:99}, claripy.BVV(0, 32))
ss = s.branch()
ss.add(ity != 11)
ss.add(ity != 22)
ss.add(ity != 33)
ss.add(ity != 44)
ss.add(ity != 55)
ss.add(ity != 66)
ss.add(ity != 77)
ss.add(ity != 88)
ss.add(ity != 0)
ss.add(y == 123)
nose.tools.assert_equal(sorted(ss.eval(ity, 100)), [ 99, 123 ] )
nose.tools.assert_equal(sorted(ss.eval(x, 100)), [ 3, 9 ] )
nose.tools.assert_equal(sorted(ss.eval(y, 100)), [ 123 ] )
itz = claripy.ite_cases([ (claripy.And(x == 10, y == 20), 33), (claripy.And(x==1, y==2), 3), (claripy.And(x==100, y==200), 333) ], claripy.BVV(0, 32))
ss = s.branch()
ss.add(z == itz)
ss.add(itz != 0)
nose.tools.assert_equal(ss.eval(y/x, 100), ( 2, ))
nose.tools.assert_equal(sorted(ss.eval(x, 100)), [ 1, 10, 100 ])
nose.tools.assert_equal(sorted(ss.eval(y, 100)), [ 2, 20, 200 ])