How to use the archinfo.ArchAMD64 function in archinfo
To help you get started, we’ve selected a few archinfo examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / tests / test_ops.py View on Github 
def test_irop_perm():
arch = archinfo.ArchAMD64()
p = angr.load_shellcode(arch.asm('vpshufb xmm0,xmm1,xmm2'), arch)
# concrete test
s1 = p.factory.blank_state()
s1.regs.xmm1 = 0x3c899a56814ee9b84c7b5d8394c85881
s1.regs.xmm2 = 0xa55c66a2cdef1cbcd72b42078d1b7f8b
s2 = s1.step(num_inst=1).successors[0]
assert (s2.regs.xmm0 == 0x00567b00000056000081c84c00813c00).is_true()
# symbolic test
s3 = p.factory.blank_state()
s3.regs.xmm1 = claripy.BVS('xmm1', 128)
s3.regs.xmm2 = claripy.BVS('xmm2', 128)
s4 = s3.step(num_inst=1).successors[0]
s4.solver.add(s4.regs.xmm2 == 0xa55c66a2cdef1cbcd72b42078d1b7f8b)
s4.solver.add(s4.regs.xmm0 == 0x00567b00000056000081c84c00813c00)def test_call_to(self):
self.project.arch = ArchAMD64()
self.project.kb.functions._add_call_to(0x400000, 0x400410, 0x400420, 0x400414)
nose.tools.assert_in(0x400000, self.project.kb.functions.keys())
nose.tools.assert_in(0x400420, self.project.kb.functions.keys())exit_after = 0
def handle_exit_before(state):
counts.exit_before += 1
exit_target = state.inspect.exit_target
nose.tools.assert_equal(state.solver.eval(exit_target), 0x3f8)
# change exit target
state.inspect.exit_target = 0x41414141
nose.tools.assert_equal(state.inspect.exit_jumpkind, "Ijk_Boring")
nose.tools.assert_true(state.inspect.exit_guard.is_true())
def handle_exit_after(state): #pylint:disable=unused-argument
counts.exit_after += 1
s = SimState(arch="AMD64", mode="symbolic")
irsb = pyvex.IRSB(b"\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())
# break on exit
s.inspect.b('exit', BP_BEFORE, action=handle_exit_before)
s.inspect.b('exit', BP_AFTER, action=handle_exit_after)
# step it
succ = SimEngineVEX().process(s, irsb).flat_successors
# check
nose.tools.assert_equal( succ[0].solver.eval(succ[0].ip), 0x41414141)
nose.tools.assert_equal(counts.exit_before, 1)
nose.tools.assert_equal(counts.exit_after, 1)def __init__(self):
super(ArchitectureX86_64, self).__init__()
self._name = 'x86_64'
self._maxInvalid = 8
if 'keystone' in globals():
self._ksarch = (keystone.KS_ARCH_X86, keystone.KS_MODE_64)
self._endings[gadget.GadgetType.SYS] = [(b'\x0f\x05',2),
(b'\x0f\x05\xc3',3)] # syscall
self._mode = CS_MODE_64
if 'archinfo' in globals():
self._info = archinfo.ArchAMD64()
self._addressLength = 8
self._pprs = [b'[\x58-\x5f]{2}\xc3', # pop reg; pop reg; ret
b'\x83\xc4\x08[\x58-\x5f]\xc3', # add esp, 4; pop reg; ret
b'[\x58-\x5f]\x83\xc4\x08\xc3', # pop reg; add esp, 4; ret
b'\x83\xc4\x10\xc3' # add esp, 8; ret;
]
self._pprs.append(b'\x41?[\x58-\x5f]\x48\x83\xc4\x08\xc3')
self._pprs.append(b'\x48\x83\xc4\x08\x41?[\x58-\x5f]\xc3')
self._pprs.append(b'(\x41?[\x58-\x5f]){2}\xc3')
self._pprs.append(b'\x48\x83\xc4\x10\xc3')def rop_to_shellcode(files, libraries, shellcode_address, arch = archinfo.ArchAMD64(), log_level = logging.WARNING, validate_gadgets = False, bad_bytes = None):
"""Convience method to create a goal_resolver for a shellcode address goal then find a rop chain for it"""
goal_list = [["shellcode", hex(shellcode_address)]]
return rop(files, libraries, goal_list, arch, log_level, validate_gadgets, bad_bytes)def _init_reg_pool(self):
# Possible extension: add xmm registers into the pool
amd64 = ArchAMD64()
regmap = dict()
for reg in amd64.register_list:
if reg.general_purpose:
regmap[reg.name] = reg
# Remove rip, rsp from regpool
del regmap["rip"]
del regmap["rsp"]
# Add a fake register for rflags
rflags = Register("rflags", 64)
regmap["rflags"] = rflags
return regmapself._mdf = minidumpfile.MinidumpFile.parse_bytes(self._binary_stream.read())
else:
self._mdf = minidumpfile.MinidumpFile.parse(self.binary)
self.wow64 = False
if self.arch is None:
if getattr(self._mdf, 'sysinfo', None) is None:
raise MinidumpMissingStreamError('SystemInfo', 'The architecture was not specified')
arch = self._mdf.sysinfo.ProcessorArchitecture
if arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.AMD64:
if any(module.name.endswith('wow64.dll') for module in self._mdf.modules.modules):
self.wow64 = True
self.set_arch(archinfo.ArchX86())
else:
self.set_arch(archinfo.ArchAMD64())
elif arch == SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL:
self.set_arch(archinfo.ArchX86())
else:
# has not been tested with other architectures
raise CLEError('Loading minidumps is not implemented for this architecture')
if self._mdf.memory_segments_64 is not None:
segments = self._mdf.memory_segments_64.memory_segments
elif self._mdf.memory_segments is not None:
segments = self._mdf.memory_segments.memory_segments
else:
raise MinidumpMissingStreamError('MemoryList', 'The memory segments were not defined')
for segment in segments:
data = segment.read(segment.start_virtual_address, segment.size, self._mdf.file_handle)
self.segments.append(Segment(segment.start_file_address, segment.start_virtual_address, segment.size, segment.size)) @staticmethod
def _match(arch, args, sp_delta): # pylint: disable=unused-argument
# doesn't appear anywhere but syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.rax
class SimCCAMD64WindowsSyscall(SimCC):
# TODO: Make sure the information is correct
ARG_REGS = [ ]
FP_ARG_REGS = [ ]
RETURN_VAL = SimRegArg('rax', 8)
RETURN_ADDR = SimRegArg('ip_at_syscall', 8)
ARCH = archinfo.ArchAMD64
@classmethod
def _match(cls, arch, args, sp_delta): # pylint: disable=unused-argument
# never appears anywhere except syscalls
return False
@staticmethod
def syscall_num(state):
return state.regs.rax
class SimCCARM(SimCC):
ARG_REGS = [ 'r0', 'r1', 'r2', 'r3' ]
FP_ARG_REGS = [] # TODO: ???
CALLER_SAVED_REGS = [] # TODO: ???
RETURN_ADDR = SimRegArg('lr', 4)
RETURN_VAL = SimRegArg('r0', 4)def __init__(self, rewriter, stackrz_sz=32, globalrz_sz=64):
self.rewriter = rewriter
self.stackrz_sz = stackrz_sz
self.globalrz_sz = globalrz_sz
self.global_count = 0
# Get the register map
amd64 = ArchAMD64()
self.regmap = defaultdict(lambda: defaultdict(dict))
for reg in amd64.register_list:
if reg.general_purpose:
for subr in reg.subregisters:
base = subr[1]
sz = subr[2] * 8
self.regmap[reg.name][base][sz] = subr[0]
if reg.name in [
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"]:
self.regmap[reg.name][0][32] = reg.name + "d"
self.regmap[reg.name][0][16] = reg.name + "w"
self.regmap[reg.name][0][8] = reg.name + "b"
if reg.name == "rbp":
self.regmap[reg.name][0][32] = "ebp"
self.regmap[reg.name][0][16] = "bp"
self.regmap[reg.name][0][8] = "bpl"archinfo
Classes with architecture-specific information useful to other projects.
Package Health Score
81 / 100Popular archinfo functions
- archinfo.arch.Arch
- archinfo.arch.Endness
- archinfo.arch.Endness.BE
- archinfo.arch.Endness.LE
- archinfo.arch.Register
- archinfo.arch.register_arch
- archinfo.arch_arm.is_arm_arch
- archinfo.arch_from_id
- archinfo.arch_soot.ArchSoot
- archinfo.arch_soot.SootAddressDescriptor
- archinfo.arch_soot.SootAddressTerminator
- archinfo.arch_soot.SootArgument
- archinfo.arch_soot.SootMethodDescriptor
- archinfo.arch_soot.SootMethodDescriptor.from_soot_method
- archinfo.ArchAMD64
- archinfo.ArchARM
- archinfo.archerror.ArchError
- archinfo.ArchMIPS32
- archinfo.ArchX86
- archinfo.Endness