Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
s.registers[reg] = bv.Constant(128, 0)
s.registers['fsbase'] = bv.Constant(64, trace_data['registers']['fsbase'])
s.registers['gsbase'] = bv.Constant(64, trace_data['registers']['gsbase'])
else:
print 'trace appears to be x86'
s.kernel = linux.LinuxX86()
s.ip = trace_data['registers']['eip']
for reg in ['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp', 'esp']:
s.registers[reg] = bv.Constant(32, trace_data['registers'][reg])
for reg in ['cf', 'pf', 'af', 'zf', 'sf', 'df', 'of']:
s.registers[reg] = bv.Constant(8, trace_data['registers'][reg])
for reg in ['xmm0', 'xmm1', 'xmm2', 'xmm3', 'xmm4', 'xmm5', 'xmm6', 'xmm7']:
s.registers[reg] = bv.Constant(128, 0)
s.registers['gsbase'] = bv.Constant(32, trace_data['registers']['gsbase'])
states = [s]
i = 0
while i < len(trace_data['trace']):
s = states.pop()
# this is a silly hack
ip = s.ip
ni = emulator.fetch_instruction(s, x86_64)
s.ip = ip
s.symbols = dict(trace_data['symbols'])
x86_64 = False
if 'rip' in trace_data['registers']:
print 'trace appears to be x86_64'
print trace_data['registers']
x86_64 = True
s.kernel = linux.LinuxX64()
s.ip = trace_data['registers']['rip']
s.registers['rip'] = s.ip
for reg in ['rax', 'rbx', 'rcx', 'rdx', 'rsi', 'rdi', 'rbp', 'rsp', 'r8', 'r9', 'r10', 'r11', 'r12', 'r13', 'r14', 'r15']:
s.registers[reg] = bv.Constant(64, trace_data['registers'][reg])
for reg in ['cf', 'pf', 'af', 'zf', 'sf', 'df', 'of']:
s.registers[reg] = bv.Constant(8, trace_data['registers'][reg])
for reg in ['xmm0', 'xmm1', 'xmm2', 'xmm3', 'xmm4', 'xmm5', 'xmm6', 'xmm7', 'xmm8', 'xmm9', 'xmm10', 'xmm11', 'xmm12', 'xmm13', 'xmm14', 'xmm15']:
s.registers[reg] = bv.Constant(128, 0)
s.registers['fsbase'] = bv.Constant(64, trace_data['registers']['fsbase'])
s.registers['gsbase'] = bv.Constant(64, trace_data['registers']['gsbase'])
else:
print 'trace appears to be x86'
s.kernel = linux.LinuxX86()
s.ip = trace_data['registers']['eip']
bs.append(s.memory.read_byte(s, ip + i))
except IndexError():
break
bs = ''.join(map(lambda x: chr(x.value), bs))
for i in x86.translate(bs, ip, x86_64):
_translation_cache[i.address] = i
if ip not in _translation_cache:
raise InvalidExecution(s, ip)
i = _translation_cache[ip]
s.ip += i.size
if x86_64:
s.registers['rip'] = bv.Constant(64, s.ip)
return i
def memcmp(s, cc):
f = cc(s)
ptr1 = f.params[0]
ptr2 = f.params[1]
num = f.params[2]
s.log.function_call(f, 'memcmp(ptr1={}, ptr2={}, num={})', ptr1, ptr2, num)
count = 0
first_smaller = bv.Constant(ptr1.size, -1)
first_larger = bv.Constant(ptr1.size, 1)
zero = bv.Constant(ptr1.size, 0)
bytes = []
not_terminated = None
not_already_terminated = bl.Constant(True)
while s.solver.check(num > count):
byte1 = s.read(ptr1 + bv.Constant(ptr1.size, count), 8)
byte2 = s.read(ptr2 + bv.Constant(ptr2.size, count), 8)
not_terminated = not_already_terminated & (byte1 == byte2)
bytes.append((not_already_terminated, byte1, byte2))
if not_terminated.symbolic:
not_already_terminated = bl.Symbol(unique_name('tmp'))
s.solver.add(not_already_terminated == not_terminated)
def op_bisnz(i, s):
a = operand_value(s, i.input0)
dst = i.output
result = bv.if_then_else(
a != bv.Constant(a.size, 0),
bv.Constant(dst.size, 1),
bv.Constant(dst.size, 0))
s.registers[dst.name] = result
return [s]
if size.symbolic or count.symbolic:
raise NotImplementedError()
elif fd is None:
for i in xrange(0, size.value * count.value):
output.append(bv.Symbol(8, 'file_{}_{:x}'.format(stream.value, offset)))
offset += 1
else:
fd.seek(offset, 0)
for i in range(0, size.value * count.value):
byte = fd.read(1)
if len(byte) == 1:
if byte == '#':
output.append(bv.Symbol(8, 'file_{}_{:x}'.format(stream.value, offset)))
else:
output.append(bv.Constant(8, ord(byte)))
offset += 1
else:
break
file['offset'] = offset
if fd is not None:
fd.close()
return f.ret(value=output.index)
def append(self, c):
if isinstance(c, str):
c = bv.Constant(8, ord(c))
write_address = self.address + bv.Constant(self.address.size, self.index)
self.index += 1
self.state.write(write_address, c)
bytes.reverse()
result = None
prev_result = None
for (not_already_terminated, byte, count) in bytes:
if result is None:
result = bv.if_then_else(
byte == value,
ptr + bv.Constant(ptr.size, count),
null)
else:
result = bv.if_then_else(
not_already_terminated,
bv.if_then_else(
byte == value,
ptr + bv.Constant(ptr.size, count),
prev_result),
prev_result)
# this reduces the memory footprint_ of the resulting expression
# significantly
prev_result = bv.Symbol(ptr.size, unique_name('tmp'))
s_.solver.add(prev_result == result)
if result.symbolic:
result_symbol = bv.Symbol(ptr.size, unique_name('memcmp'))
s_.solver.add(result_symbol == result)
result = result_symbol
f_ = cc(s_)
ss += f_.ret(value=result)