本文整理匯總了Python中triton.Instruction.setOpcodes方法的典型用法代碼示例。如果您正苦於以下問題:Python Instruction.setOpcodes方法的具體用法?Python Instruction.setOpcodes怎麽用?Python Instruction.setOpcodes使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類triton.Instruction的用法示例。
在下文中一共展示了Instruction.setOpcodes方法的9個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_backup
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_backup(self):
"""
Check Symbolics value are saved when engine is disable.
* Also check reseting a disable symbolic engines doesn't crash.
"""
inst = Instruction()
# update RAX
inst.setOpcodes("\x48\xFF\xC0")
processing(inst)
self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1)
# This call triton::api.backupSymbolicEngine()
enableSymbolicEngine(False)
inst = Instruction()
# update RAX again
inst.setOpcodes("\x48\xFF\xC0")
processing(inst)
self.assertEqual(getConcreteRegisterValue(REG.RAX), 2, "concrete value is updated")
self.assertEqual(getSymbolicRegisterValue(REG.RAX), 1, "Symbolic value is not update")
# Try to reset engine after a backup to test if the bug #385 is fixed.
resetEngines()示例2: test_load_ds
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_load_ds(self):
"""Check load from ds segment."""
setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00")
processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)示例3: test_known_issues
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))示例4: test_emulate
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_emulate(self, concretize=False):
"""Run a dumped simulation and check output registers."""
# Get dumped data
dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump")
with open(dump) as f:
regs, mems = eval(f.read())
# Load memory
for mem in mems:
start = mem['start']
if mem['memory'] is not None:
setConcreteMemoryAreaValue(start, bytearray(mem['memory']))
# setup registers
for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp",
"rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13",
"r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3",
"xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9",
"xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"):
setConcreteRegisterValue(Register(getattr(REG, reg_name.upper()), regs[reg_name]))
# run the code
pc = getConcreteRegisterValue(REG.RIP)
while pc != 0x409A18:
opcodes = getConcreteMemoryAreaValue(pc, 20)
instruction = Instruction()
instruction.setOpcodes(opcodes)
instruction.setAddress(pc)
# Check if triton doesn't supports this instruction
self.assertTrue(processing(instruction))
pc = getConcreteRegisterValue(REG.RIP)
if concretize:
concretizeAllMemory()
concretizeAllRegister()
rax = getConcreteRegisterValue(REG.RAX)
rbx = getConcreteRegisterValue(REG.RBX)
rcx = getConcreteRegisterValue(REG.RCX)
rdx = getConcreteRegisterValue(REG.RDX)
rsi = getConcreteRegisterValue(REG.RSI)
self.assertEqual(rax, 0)
self.assertEqual(rbx, 0)
self.assertEqual(rcx, 0)
self.assertEqual(rdx, 0x4d2)
self.assertEqual(rsi, 0x3669000000000000)示例5: test_load_immediate_fs
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_load_immediate_fs(self):
"""Check load from fs segment with immediate."""
setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov eax, DWORD PTR fs:0xffffffffffffdf98
inst.setOpcodes("\x64\x8B\x04\x25\x98\xDF\xFF\xFF")
inst.setAddress(0x400000)
setConcreteRegisterValue(Register(REG.FS, 0x7fffda8ab700))
processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9698)
self.assertEqual(load.getBitSize(), 32)示例6: test_load_indirect_fs
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def test_load_indirect_fs(self):
"""Check load from fs with indirect address."""
setArchitecture(ARCH.X86_64)
inst = Instruction()
# mov rax, QWORD PTR fs:[rax]
inst.setOpcodes("\x64\x48\x8B\x00")
inst.setAddress(0x400000)
setConcreteRegisterValue(Register(REG.FS, 0x7fffda8ab700))
setConcreteRegisterValue(Register(REG.RAX, 0xffffffffffffdf90))
processing(inst)
self.assertTrue(inst.getLoadAccess())
load, _ = inst.getLoadAccess()[0]
self.assertEqual(load.getAddress(), 0x7fffda8a9690)
self.assertEqual(load.getBitSize(), 64)示例7: emulate
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def emulate(self, pc):
"""
Emulate every opcodes from pc.
* Process instruction until the end and search for constraint
resolution on cmp eax, 1 then set the new correct value and keep going.
"""
while pc:
# Fetch opcodes
opcodes = getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcodes(opcodes)
instruction.setAddress(pc)
# Process
processing(instruction)
# 40078B: cmp eax, 1
# eax must be equal to 1 at each round.
if instruction.getAddress() == 0x40078B:
# Slice expressions
rax = getSymbolicExpressionFromId(getSymbolicRegisterId(REG.RAX))
eax = ast.extract(31, 0, rax.getAst())
# Define constraint
cstr = ast.assert_(ast.land(getPathConstraintsAst(), ast.equal(eax, ast.bv(1, 32))))
model = getModel(cstr)
solution = str()
for k, v in model.items():
value = v.getValue()
solution += chr(value)
getSymbolicVariableFromId(k).setConcreteValue(value)
# Next
pc = getConcreteRegisterValue(REG.RIP)
return solution示例8: seed_emulate
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
def seed_emulate(self, ip):
"""Emulate one run of the function with already setup memory."""
function = {
# <serial> function
# push rbp
0x40056d: "\x55",
# mov rbp,rsp
0x40056e: "\x48\x89\xe5",
# mov QWORD PTR [rbp-0x18],rdi
0x400571: "\x48\x89\x7d\xe8",
# mov DWORD PTR [rbp-0x4],0x0
0x400575: "\xc7\x45\xfc\x00\x00\x00\x00",
# jmp 4005bd <check+0x50>
0x40057c: "\xeb\x3f",
# mov eax,DWORD PTR [rbp-0x4]
0x40057e: "\x8b\x45\xfc",
# movsxd rdx,eax
0x400581: "\x48\x63\xd0",
# mov rax,QWORD PTR [rbp-0x18]
0x400584: "\x48\x8b\x45\xe8",
# add rax,rdx
0x400588: "\x48\x01\xd0",
# movzx eax,BYTE PTR [rax]
0x40058b: "\x0f\xb6\x00",
# movsx eax,al
0x40058e: "\x0f\xbe\xc0",
# sub eax,0x1
0x400591: "\x83\xe8\x01",
# xor eax,0x55
0x400594: "\x83\xf0\x55",
# mov ecx,eax
0x400597: "\x89\xc1",
# mov rdx,QWORD PTR [rip+0x200aa0] # 601040 <serial>
0x400599: "\x48\x8b\x15\xa0\x0a\x20\x00",
# mov eax,DWORD PTR [rbp-0x4]
0x4005a0: "\x8b\x45\xfc",
# cdqe
0x4005a3: "\x48\x98",
# add rax,rdx
0x4005a5: "\x48\x01\xd0",
# movzx eax,BYTE PTR [rax]
0x4005a8: "\x0f\xb6\x00",
# movsx eax,al
0x4005ab: "\x0f\xbe\xc0",
# cmp ecx,eax
0x4005ae: "\x39\xc1",
# je 4005b9 <check+0x4c>
0x4005b0: "\x74\x07",
# mov eax,0x1
0x4005b2: "\xb8\x01\x00\x00\x00",
# jmp 4005c8 <check+0x5b>
0x4005b7: "\xeb\x0f",
# add DWORD PTR [rbp-0x4],0x1
0x4005b9: "\x83\x45\xfc\x01",
# cmp DWORD PTR [rbp-0x4],0x4
0x4005bd: "\x83\x7d\xfc\x04",
# jle 40057e <check+0x11>
0x4005c1: "\x7e\xbb",
# mov eax,0x0
0x4005c3: "\xb8\x00\x00\x00\x00",
# pop rbp
0x4005c8: "\x5d",
# ret
0x4005c9: "\xc3",
}
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcodes
inst.setOpcodes(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
processing(inst)
# Next instruction
ip = buildSymbolicRegister(REG.RIP).evaluate()示例9: TestInstruction
# 需要導入模塊: from triton import Instruction [as 別名]
# 或者: from triton.Instruction import setOpcodes [as 別名]
class TestInstruction(unittest.TestCase):
"""Testing the Instruction class."""
def setUp(self):
"""Define and process the instruction to test."""
setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcodes("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.inst.updateContext(Register(REG.RAX, 0x1122334455667788))
self.inst.updateContext(Register(REG.RBX, 0x8877665544332211))
processing(self.inst)
def test_address(self):
"""Check instruction current and next address."""
self.assertEqual(self.inst.getAddress(), 0x400000)
self.assertEqual(self.inst.getNextAddress(), 0x400003)
def test_memory(self):
"""Check memory access."""
self.assertListEqual(self.inst.getLoadAccess(), [])
self.assertListEqual(self.inst.getStoreAccess(), [])
self.assertFalse(self.inst.isMemoryWrite())
self.assertFalse(self.inst.isMemoryRead())
def test_registers(self):
"""Check register access."""
self.assertEqual(len(self.inst.getReadRegisters()), 2, "access RAX and RBX")
self.assertEqual(len(self.inst.getWrittenRegisters()), 8, "write in RAX, RIP, AF, XF, OF, PF, SF and ZF")
def test_taints(self):
"""Check taints attributes."""
self.assertFalse(self.inst.isTainted())
def test_prefix(self):
"""Check prefix data."""
self.assertFalse(self.inst.isPrefixed())
self.assertEqual(self.inst.getPrefix(), PREFIX.INVALID)
def test_control_flow(self):
"""Check control flow flags."""
self.assertFalse(self.inst.isControlFlow(), "It is not a jmp, ret or call")
self.assertFalse(self.inst.isBranch(), "It is not a jmp")
def test_condition(self):
"""Check condition flags."""
self.assertFalse(self.inst.isConditionTaken())
def test_opcode(self):
"""Check opcode informations."""
self.assertEqual(self.inst.getOpcodes(), "\x48\x01\xd8")
self.assertEqual(self.inst.getType(), OPCODE.ADD)
def test_thread(self):
"""Check threads information."""
self.assertEqual(self.inst.getThreadId(), 0)
def test_operand(self):
"""Check operand information."""
self.assertEqual(len(self.inst.getOperands()), 2)
self.assertEqual(self.inst.getFirstOperand().getName(), "rax")
self.assertEqual(self.inst.getSecondOperand().getName(), "rbx")
with self.assertRaises(Exception):
self.inst.getThirdOperand()
def test_symbolic(self):
"""Check symbolic information."""
self.assertEqual(len(self.inst.getSymbolicExpressions()), 8)
def test_size(self):
"""Check size information."""
self.assertEqual(self.inst.getSize(), 3)
def test_disassembly(self):
"""Check disassembly equivalent."""
self.assertEqual(self.inst.getDisassembly(), "add rax, rbx")