Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_taint_memory(self):
"""Check tainting memory."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86_64)
self.assertFalse(Triton.isMemoryTainted(0x1000))
self.assertFalse(Triton.isMemoryTainted(MemoryAccess(0x2000, 4)))
Triton.taintMemory(0x1000)
Triton.taintMemory(MemoryAccess(0x2000, 4))
self.assertTrue(Triton.isMemoryTainted(0x1000))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2000, 4)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2000, 1)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2000, 2)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2001, 1)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2002, 1)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2003, 1)))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2002, 2)))
def setUp(self):
"""Define the arch."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.bv = self.Triton.registers.ch.getBitvector()
def test_taint_assignement_register_register(self):
"""Check tainting assignment register <- register."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86_64)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
Triton.taintRegister(Triton.registers.rax)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax))
Triton.taintAssignmentRegisterRegister(Triton.registers.rax, Triton.registers.rax)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax))
Triton.untaintRegister(Triton.registers.rax)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
Triton.taintAssignmentRegisterRegister(Triton.registers.rax, Triton.registers.rax)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rbx))
Triton.taintRegister(Triton.registers.rbx)
def test_taint_union_memory_immediate(self):
"""Check tainting union memory U immediate."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86_64)
Triton.taintMemory(MemoryAccess(0x2000, 4))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2000, 4)))
Triton.taintUnionMemoryImmediate(MemoryAccess(0x2000, 4))
self.assertTrue(Triton.isMemoryTainted(MemoryAccess(0x2000, 4)))
Triton.untaintMemory(MemoryAccess(0x2000, 4))
self.assertFalse(Triton.isMemoryTainted(MemoryAccess(0x2000, 4)))
def test_taint_register(self):
"""Check over tainting register."""
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86_64)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
Triton.taintRegister(Triton.registers.rax)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax))
Triton.untaintRegister(Triton.registers.rax)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
Triton.taintRegister(Triton.registers.ah)
self.assertTrue(Triton.isRegisterTainted(Triton.registers.rax))
self.assertTrue(Triton.isRegisterTainted(Triton.registers.eax))
self.assertTrue(Triton.isRegisterTainted(Triton.registers.ax))
Triton.untaintRegister(Triton.registers.ah)
self.assertFalse(Triton.isRegisterTainted(Triton.registers.rax))
self.assertFalse(Triton.isRegisterTainted(Triton.registers.eax))
b"\x31\xd1", # xor ecx, edx
b"\x31\xfa", # xor edx, edi
b"\x01\xd8", # add eax, ebx
b"\x0f\x80\x10\x00\x00\x00", # jo 27
]
trace_5 = [
b"\x25\xff\xff\xff\x3f", # and eax, 0x3fffffff
b"\x81\xe3\xff\xff\xff\x3f", # and ebx, 0x3fffffff
b"\x31\xd1", # xor ecx, edx
b"\x31\xfa", # xor edx, edi
b"\x31\xD8", # xor eax, ebx
b"\x0F\x84\x10\x00\x00\x00", # je 16
]
Triton = TritonContext()
def symbolization_init():
Triton.convertRegisterToSymbolicVariable(Triton.registers.eax)
Triton.convertRegisterToSymbolicVariable(Triton.registers.ebx)
Triton.convertRegisterToSymbolicVariable(Triton.registers.ecx)
Triton.convertRegisterToSymbolicVariable(Triton.registers.edx)
return
def test_trace(trace):
Triton.setArchitecture(ARCH.X86)
symbolization_init()
astCtxt = Triton.getAstContext()
for opcode in trace:
def test5():
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86)
astCtxt = Triton.getAstContext()
# rax is now symbolic
Triton.symbolizeRegister(Triton.registers.eax)
# process instruction
Triton.processing(Instruction(b"\x83\xc0\x07")) # add eax, 0x7
# get rax ast
eaxAst = Triton.getSymbolicRegister(Triton.registers.eax).getAst()
# constraint
c = eaxAst ^ 0x11223344 == 0xdeadbeaf
print('Test 5:', Triton.getModel(c)[0])
def initialize():
Triton = TritonContext()
# Define the target architecture
Triton.setArchitecture(ARCH.X86_64)
# Define symbolic optimizations
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Define internal callbacks.
Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION)
# Load the meory dump
load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump"))
# Symbolize user inputs
symbolizeInputs(Triton)
def test3():
Triton = TritonContext()
Triton.setArchitecture(ARCH.X86)
astCtxt = Triton.getAstContext()
x = Triton.newSymbolicVariable(8)
c = astCtxt.land([
astCtxt.variable(x) * astCtxt.variable(x) - 1 == 0x20,
astCtxt.variable(x) != 0x11
])
print('Test 3:', Triton.getModel(c)[0])
return