本文整理汇总了Python中triton.Instruction类的典型用法代码示例。如果您正苦于以下问题:Python Instruction类的具体用法?Python Instruction怎么用?Python Instruction使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Instruction类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: emulate
def emulate(Triton, pc):
global variables
global goodBranches
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
# End of the CheckSolution() function
if pc == 0x4025E6:
break
if pc == 0x4025CC:
print '[+] Win'
break
if pc in goodBranches:
astCtxt = Triton.getAstContext()
# Slice expressions
rax = Triton.getSymbolicExpressionFromId(Triton.getSymbolicRegisterId(Triton.registers.rax))
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([
Triton.getPathConstraintsAst(),
astCtxt.equal(eax, astCtxt.bv(goodBranches[pc], 32))
])
print '[+] Asking for a model, please wait...'
model = Triton.getModel(cstr)
# Save new state
for k, v in model.items():
print '[+]', v
variables[k] = v.getValue()
# Go deeper
del goodBranches[pc]
# Restart emulation with a good input.
Triton = initialize()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return
开发者ID:AmesianX,项目名称:Triton,代码行数:59,代码来源:solve.py
示例2: test_1
def test_1(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, False)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), False)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
self.assertEqual(ctx.isModeEnabled(MODE.ONLY_ON_TAINTED), True)
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getSymbolicExpressions()), 0)
self.assertEqual(len(inst.getReadRegisters()), 0)
self.assertEqual(len(inst.getReadImmediates()), 0)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)
开发者ID:ispras,项目名称:Triton,代码行数:25,代码来源:test_only_tainted_mode.py
示例3: test_load_ds
def test_load_ds(self):
"""Check load from ds segment."""
setArchitecture(ARCH.X86)
inst = Instruction()
# mov ax, ds:word_40213C
inst.setOpcodes("\x66\xA1\x3C\x21\x40\x00")
processing(inst)
self.assertEqual(inst.getOperands()[1].getAddress(), 0x40213C)
self.assertEqual(inst.getOperands()[1].getBitSize(), 16)
开发者ID:Manouchehri,项目名称:Triton,代码行数:11,代码来源:test_instruction.py
示例4: test_7
def test_7(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNone(inst.getOperands()[1].getLeaAst())
开发者ID:AmesianX,项目名称:Triton,代码行数:12,代码来源:test_only_symbolized_mode.py
示例5: test_3
def test_3(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
self.assertEqual(len(inst.getLoadAccess()), 1)
self.assertEqual(len(inst.getStoreAccess()), 0)
开发者ID:AmesianX,项目名称:Triton,代码行数:12,代码来源:test_only_symbolized_mode.py
示例6: test_known_issues
def test_known_issues(self):
"""Check tainting result after processing."""
setArchitecture(ARCH.X86)
taintRegister(REG.EAX)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcodes("\x8D\x04\x06")
processing(inst)
self.assertTrue(isRegisterTainted(REG.EAX))
self.assertFalse(isRegisterTainted(REG.EBX))
开发者ID:Manouchehri,项目名称:Triton,代码行数:12,代码来源:test_taint.py
示例7: test_known_issues
def test_known_issues(self):
"""Check tainting result after processing."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86)
Triton.taintRegister(Triton.registers.eax)
inst = Instruction()
# lea eax,[esi+eax*1]
inst.setOpcode("\x8D\x04\x06")
Triton.processing(inst)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax))
self.assertFalse(Triton.isRegisterTainted(Triton.registers.ebx))
开发者ID:ispras,项目名称:Triton,代码行数:13,代码来源:test_taint.py
示例8: test_emulate
def test_emulate(self, concretize=False):
"""Run a dumped simulation and check output registers."""
# Get dumped data
dump = os.path.join(os.path.dirname(__file__), "misc", "emu_1.dump")
with open(dump) as f:
regs, mems = eval(f.read())
# Load memory
for mem in mems:
start = mem['start']
if mem['memory'] is not None:
self.Triton.setConcreteMemoryAreaValue(start, bytearray(mem['memory']))
# self.Triton.setup registers
for reg_name in ("rax", "rbx", "rcx", "rdx", "rdi", "rsi", "rbp",
"rsp", "rip", "r8", "r9", "r10", "r11", "r12", "r13",
"r14", "eflags", "xmm0", "xmm1", "xmm2", "xmm3",
"xmm4", "xmm5", "xmm6", "xmm7", "xmm8", "xmm9",
"xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15"):
self.Triton.setConcreteRegisterValue(self.Triton.getRegister(getattr(REG.X86_64, reg_name.upper())), regs[reg_name])
# run the code
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
while pc != 0x409A18:
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 20)
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Check if triton doesn't supports this instruction
self.assertTrue(self.Triton.processing(instruction))
self.assertTrue(checkAstIntegrity(instruction))
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
if concretize:
self.Triton.concretizeAllMemory()
self.Triton.concretizeAllRegister()
rax = self.Triton.getConcreteRegisterValue(self.Triton.registers.rax)
rbx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rbx)
rcx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rcx)
rdx = self.Triton.getConcreteRegisterValue(self.Triton.registers.rdx)
rsi = self.Triton.getConcreteRegisterValue(self.Triton.registers.rsi)
self.assertEqual(rax, 0)
self.assertEqual(rbx, 0)
self.assertEqual(rcx, 0)
self.assertEqual(rdx, 0x4d2)
self.assertEqual(rsi, 0x3669000000000000)
开发者ID:ispras,项目名称:Triton,代码行数:51,代码来源:test_simulation.py
示例9: test_2
def test_2(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_TAINTED, True)
ctx.taintRegister(ctx.registers.rax)
inst = Instruction("\x48\x89\xc3") # mov rbx, rax
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 2)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)
开发者ID:AmesianX,项目名称:Triton,代码行数:14,代码来源:test_only_tainted_mode.py
示例10: test_4
def test_4(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.convertRegisterToSymbolicVariable(ctx.registers.rax)
inst = Instruction("\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 1)
self.assertEqual(len(inst.getWrittenRegisters()), 0)
self.assertEqual(len(inst.getLoadAccess()), 0)
self.assertEqual(len(inst.getStoreAccess()), 0)
开发者ID:AmesianX,项目名称:Triton,代码行数:14,代码来源:test_only_symbolized_mode.py
示例11: setUp
def setUp(self):
"""Define the arch."""
self.ctx = TritonContext()
self.ctx.setArchitecture(ARCH.X86_64)
self.inst1 = Instruction("\x48\x31\xd8") # xor rax, rbx
self.ctx.setConcreteRegisterValue(self.ctx.registers.al, 0x10)
self.ctx.setConcreteRegisterValue(self.ctx.registers.bl, 0x55)
self.inst2 = Instruction("\x48\x89\x03") # mov [rbx], rax
self.ctx.processing(self.inst1)
self.ctx.processing(self.inst2)
self.expr1 = self.inst1.getSymbolicExpressions()[0]
self.expr2 = self.inst2.getSymbolicExpressions()[8]
开发者ID:AmesianX,项目名称:Triton,代码行数:16,代码来源:test_symbolic_expression.py
示例12: test_trace
def test_trace(trace):
Triton.setArchitecture(ARCH.X86)
symbolization_init()
astCtxt = Triton.getAstContext()
for opcode in trace:
instruction = Instruction()
instruction.setOpcode(opcode)
Triton.processing(instruction)
print instruction.getDisassembly()
if instruction.isBranch():
# Opaque Predicate AST
op_ast = Triton.getPathConstraintsAst()
# Try another model
model = Triton.getModel(astCtxt.lnot(op_ast))
if model:
print "not an opaque predicate"
else:
if instruction.isConditionTaken():
print "opaque predicate: always taken"
else:
print "opaque predicate: never taken"
print '----------------------------------'
return
开发者ID:AmesianX,项目名称:Triton,代码行数:27,代码来源:proving_opaque_predicates.py
示例13: test_pop_esp
def test_pop_esp(self):
"""Check pop on esp processing."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction('\xBC\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst2 = Instruction('\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [esp]
inst3 = Instruction('\x8F\x04\x24')
self.Triton.processing(inst1)
self.Triton.processing(inst2)
self.Triton.processing(inst3)
self.assertEqual(inst3.getOperands()[0].getAddress(), 0x19fe04, "esp has been poped")
self.assertEqual(inst3.getStoreAccess()[0][0].getAddress(), 0x19fe04, "inst3 set the value in 0x19fe04")
self.assertEqual(inst3.getStoreAccess()[0][1].evaluate(), 0x11111111, "And this value is 0x11111111")
开发者ID:AmesianX,项目名称:Triton,代码行数:18,代码来源:test_instruction.py
示例14: setUp
def setUp(self):
"""Define and process the instruction to test."""
setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcodes("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.inst.updateContext(Register(REG.RAX, 0x1122334455667788))
self.inst.updateContext(Register(REG.RBX, 0x8877665544332211))
processing(self.inst)
开发者ID:Manouchehri,项目名称:Triton,代码行数:9,代码来源:test_instruction.py
示例15: setUp
def setUp(self):
"""Define and process the instruction to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.inst = Instruction()
self.inst.setOpcode("\x48\x01\xd8") # add rax, rbx
self.inst.setAddress(0x400000)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rax, 0x1122334455667788)
self.Triton.setConcreteRegisterValue(self.Triton.registers.rbx, 0x8877665544332211)
self.Triton.processing(self.inst)
开发者ID:AmesianX,项目名称:Triton,代码行数:10,代码来源:test_instruction.py
示例16: run
def run(ip):
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
Triton.processing(inst)
# Display instruction
#print inst
# Next instruction
ip = Triton.getRegisterAst(Triton.registers.rip).evaluate()
return
开发者ID:ispras,项目名称:Triton,代码行数:20,代码来源:code_coverage_crackme_xor.py
示例17: test_pop
def test_pop(self):
"""Check the pop instruction processing."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction('\xBC\x00\xFE\x19\x00')
# mov edi, 0x19fe00
inst2 = Instruction('\xBF\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst3 = Instruction('\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [edi]
inst4 = Instruction('\x8F\x07')
self.Triton.processing(inst1)
self.Triton.processing(inst2)
self.Triton.processing(inst3)
self.Triton.processing(inst4)
self.assertEqual(inst4.getOperands()[0].getAddress(), 0x19fe00, "poping edi doesn't change it")
self.assertEqual(inst4.getStoreAccess()[0][0].getAddress(), 0x19fe00, "inst4 store the new value in 0x19fe00 (edi value)")
self.assertEqual(inst4.getStoreAccess()[0][1].evaluate(), 0x11111111, "The stored value is 0x11111111")
开发者ID:AmesianX,项目名称:Triton,代码行数:21,代码来源:test_instruction.py
示例18: emulate
def emulate(pc):
count = 0
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
count += 1
#print instruction
if instruction.getType() == OPCODE.HLT:
break
# Simulate routines
hookingHandler()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
debug('Instruction executed: %d' %(count))
return
开发者ID:AmesianX,项目名称:Triton,代码行数:28,代码来源:small_x86-64_symbolic_emulator.py
示例19: emulate
def emulate(self, pc):
"""
Emulate every opcode from pc.
Process instruction until the end
"""
while pc:
# Fetch opcode
opcode = self.Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
ret = self.Triton.processing(instruction)
if instruction.getType() == OPCODE.HLT:
break
self.assertTrue(ret)
self.assertTrue(checkAstIntegrity(instruction))
# Simulate routines
self.hooking_handler()
# Next
pc = self.Triton.getConcreteRegisterValue(self.Triton.registers.rip)
return
开发者ID:AmesianX,项目名称:Triton,代码行数:30,代码来源:test_semantics.py
示例20: emulate
def emulate(pc):
print '[+] Starting emulation.'
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print instruction
if instruction.getType() == OPCODE.HLT:
break
# Simulate routines
hookingHandler()
# Next
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
print '[+] Emulation done.'
return
开发者ID:AmesianX,项目名称:Triton,代码行数:27,代码来源:hooking_libc.py
注:本文中的triton.Instruction类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论