How to use the triton.Instruction function in triton
To help you get started, we’ve selected a few triton examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
JonathanSalwan / Triton / src / testers / unittests / test_simulation.py View on Github 
# add DWORD PTR [rbp-0x4],0x1
0x4005b9: b"\x83\x45\xfc\x01",
# cmp DWORD PTR [rbp-0x4],0x4
0x4005bd: b"\x83\x7d\xfc\x04",
# jle 40057e
0x4005c1: b"\x7e\xbb",
# mov eax,0x0
0x4005c3: b"\xb8\x00\x00\x00\x00",
# pop rbp
0x4005c8: b"\x5d",
# ret
0x4005c9: b"\xc3",
}
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
self.Triton.processing(inst)
self.assertTrue(checkAstIntegrity(inst))
# Next instruction
ip = self.Triton.getRegisterAst(self.Triton.registers.rip).evaluate()def test_backup(self):
"""
Check Symbolics value are saved when engine is disable.
* Also check reseting a disable symbolic engines doesn't crash.
"""
inst = Instruction()
# update RAX
inst.setOpcode(b"\x48\xFF\xC0")
self.Triton.processing(inst)
self.assertEqual(self.Triton.getSymbolicRegisterValue(self.Triton.registers.rax), 1)
# This call triton::api.backupSymbolicEngine()
self.Triton.enableSymbolicEngine(False)
inst = Instruction()
# update RAX again
inst.setOpcode(b"\x48\xFF\xC0")
self.Triton.processing(inst)
self.assertEqual(self.Triton.getConcreteRegisterValue(self.Triton.registers.rax), 2, "concrete value is updated")
self.assertEqual(self.Triton.getSymbolicRegisterValue(self.Triton.registers.rax), 1)def test_pop(self):
"""Check the pop instruction processing."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction(b'\xBC\x00\xFE\x19\x00')
# mov edi, 0x19fe00
inst2 = Instruction(b'\xBF\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst3 = Instruction(b'\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [edi]
inst4 = Instruction(b'\x8F\x07')
self.Triton.processing(inst1)
self.Triton.processing(inst2)
self.Triton.processing(inst3)
self.Triton.processing(inst4)
self.assertEqual(inst4.getOperands()[0].getAddress(), 0x19fe00, "poping edi doesn't change it")
self.assertEqual(inst4.getStoreAccess()[0][0].getAddress(), 0x19fe00, "inst4 store the new value in 0x19fe00 (edi value)")
self.assertEqual(inst4.getStoreAccess()[0][1].evaluate(), 0x11111111, "The stored value is 0x11111111")def test_pop(self):
"""Check the pop instruction processing."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86)
# mov esp, 0x19fe00
inst1 = Instruction(b'\xBC\x00\xFE\x19\x00')
# mov edi, 0x19fe00
inst2 = Instruction(b'\xBF\x00\xFE\x19\x00')
# mov dword ptr [esp], 0x11111111
inst3 = Instruction(b'\xC7\x04\x24\x11\x11\x11\x11')
# pop dword ptr [edi]
inst4 = Instruction(b'\x8F\x07')
self.Triton.processing(inst1)
self.Triton.processing(inst2)
self.Triton.processing(inst3)
self.Triton.processing(inst4)
self.assertEqual(inst4.getOperands()[0].getAddress(), 0x19fe00, "poping edi doesn't change it")
self.assertEqual(inst4.getStoreAccess()[0][0].getAddress(), 0x19fe00, "inst4 store the new value in 0x19fe00 (edi value)")
self.assertEqual(inst4.getStoreAccess()[0][1].evaluate(), 0x11111111, "The stored value is 0x11111111")def test_mov_xmm_to_memory(self):
"""Check move and xmm register to memory do not crash."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
# movhpd QWORD PTR [rax], xmm1
self.Triton.processing(Instruction(b"\x66\x0F\x17\x08"))
# movhpd xmm1, QWORD PTR [rax]
self.Triton.processing(Instruction(b"\x66\x0F\x16\x08"))
# movhps QWORD PTR [rax], xmm1
self.Triton.processing(Instruction(b"\x0F\x17\x08"))
# movhps xmm1, QWORD PTR [rax]
self.Triton.processing(Instruction(b"\x0F\x16\x08"))
# movlpd QWORD PTR [rax], xmm1
self.Triton.processing(Instruction(b"\x66\x0F\x13\x08"))
# movlpd xmm1, QWORD PTR [rax]
self.Triton.processing(Instruction(b"\x66\x0F\x12\x08"))
# movlps QWORD PTR [rax], xmm1
self.Triton.processing(Instruction(b"\x0F\x13\x08"))
# movlps xmm1, QWORD PTR [rax]
self.Triton.processing(Instruction(b"\x0F\x12\x08"))def test_trace(trace):
Triton.setArchitecture(ARCH.X86)
symbolization_init()
astCtxt = Triton.getAstContext()
for opcode in trace:
instruction = Instruction()
instruction.setOpcode(opcode)
Triton.processing(instruction)
print(instruction.getDisassembly())
if instruction.isBranch():
# Opaque Predicate AST
op_ast = Triton.getPathConstraintsAst()
# Try another model
model = Triton.getModel(astCtxt.lnot(op_ast))
if model:
print("not an opaque predicate")
else:
if instruction.isConditionTaken():
print("opaque predicate: always taken")
else:
print("opaque predicate: never taken")def process_inst(self, pc=None):
_pc = self.get_current_pc()
if pc:
_pc = pc
opcodes = self.read_mem(_pc, 16)
# Create the Triton instruction
inst = triton.Instruction()
inst.setOpcodes(opcodes)
inst.setAddress(_pc)
# execute instruction
triton.processing(inst)
return instdef run(ip):
while ip in function:
# Build an instruction
inst = Instruction()
# Setup opcode
inst.setOpcode(function[ip])
# Setup Address
inst.setAddress(ip)
# Process everything
Triton.processing(inst)
# Display instruction
#print(inst)
# Next instruction
ip = Triton.getRegisterAst(Triton.registers.rip).evaluate()
returndef emulate(pc):
astCtxt = Triton.getAstContext()
print('[+] Starting emulation.')
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
print(instruction)
# 40078B: cmp eax, 1
# eax must be equal to 1 at each round.
if instruction.getAddress() == 0x40078B:
# Slice expressions
rax = Triton.getSymbolicRegister(Triton.registers.rax)
eax = astCtxt.extract(31, 0, rax.getAst())
# Define constraint
cstr = astCtxt.land([def emulate(pc):
count = 0
while pc:
# Fetch opcode
opcode = Triton.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
Triton.processing(instruction)
count += 1
#print instruction
if instruction.getType() == OPCODE.X86.HLT:
break
# Simulate routines
hookingHandler()
# Nexttriton
A language and compiler for custom Deep Learning operations
Package Health Score
94 / 100Popular triton functions
- triton.ARCH
- triton.ARCH.X86
- triton.ARCH.X86_64
- triton.CALLBACK
- triton.CALLBACK.GET_CONCRETE_MEMORY_VALUE
- triton.CPUSIZE
- triton.CPUSIZE.BYTE
- triton.CPUSIZE.QWORD
- triton.getConcreteMemoryAreaValue
- triton.getConcreteRegisterValue
- triton.getSymbolicExpressionFromId
- triton.Immediate
- triton.Instruction
- triton.MemoryAccess
- triton.MODE
- triton.MODE.ALIGNED_MEMORY
- triton.MODE.ONLY_ON_SYMBOLIZED
- triton.OPCODE
- triton.REG
- triton.TritonContext