1. Advisor
  2. pyvex
  3. functions
  4. pyvex.IRSB
View all pyvex analysis

How to use the pyvex.IRSB function in pyvex

To help you get started, we’ve selected a few pyvex examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / angr / tests / test_inspect.py View on Github external
exit_after = 0

    def handle_exit_before(state):
        counts.exit_before += 1
        exit_target = state.inspect.exit_target
        nose.tools.assert_equal(state.solver.eval(exit_target), 0x3f8)
        # change exit target
        state.inspect.exit_target = 0x41414141
        nose.tools.assert_equal(state.inspect.exit_jumpkind, "Ijk_Boring")
        nose.tools.assert_true(state.inspect.exit_guard.is_true())

    def handle_exit_after(state): #pylint:disable=unused-argument
        counts.exit_after += 1

    s = SimState(arch="AMD64", mode="symbolic")
    irsb = pyvex.IRSB(b"\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())

    # break on exit
    s.inspect.b('exit', BP_BEFORE, action=handle_exit_before)
    s.inspect.b('exit', BP_AFTER, action=handle_exit_after)

    # step it
    succ = SimEngineVEX().process(s, irsb).flat_successors

    # check
    nose.tools.assert_equal( succ[0].solver.eval(succ[0].ip), 0x41414141)
    nose.tools.assert_equal(counts.exit_before, 1)
    nose.tools.assert_equal(counts.exit_after, 1)
github angr / angr / tests / test_inspect.py View on Github external
s.inspect.b('reg_write', when=BP_AFTER, action=act_reg_write)
    nose.tools.assert_equal(counts.reg_write, 0)
    s.registers.store(16, s.solver.BVV(10, 32))
    nose.tools.assert_equal(counts.reg_write, 1)
    nose.tools.assert_equal(counts.mem_write, 1)
    nose.tools.assert_equal(counts.mem_read, 4)
    nose.tools.assert_equal(counts.reg_read, 1)

    s.inspect.b('tmp_read', when=BP_AFTER, action=act_tmp_read, tmp_read_num=0)
    s.inspect.b('tmp_write', when=BP_AFTER, action=act_tmp_write, tmp_write_num=0)
    s.inspect.b('expr', when=BP_AFTER, action=act_expr, expr_result=1016)
    s.inspect.b('statement', when=BP_AFTER, action=act_statement)
    s.inspect.b('instruction', when=BP_AFTER, action=act_instruction, instruction=1001)
    s.inspect.b('instruction', when=BP_AFTER, action=act_instruction, instruction=1000)
    irsb = pyvex.IRSB(b"\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64(), opt_level=0)
    irsb.pp()
    SimEngineVEX().process(s, irsb)
    nose.tools.assert_equal(counts.reg_write, 7)
    nose.tools.assert_equal(counts.reg_read, 2)
    nose.tools.assert_equal(counts.tmp_write, 1)
    nose.tools.assert_equal(counts.tmp_read, 1)
    nose.tools.assert_equal(counts.expr, 3) # one for the Put, one for the WrTmp, and one to get the next address to jump to
    nose.tools.assert_equal(counts.statement, 11)
    nose.tools.assert_equal(counts.instruction, 2)
    nose.tools.assert_equal(counts.constraints, 0)
    nose.tools.assert_equal(counts.mem_write, 1)
    nose.tools.assert_equal(counts.mem_read, 4)

    s = SimState(arch="AMD64", mode="symbolic")
    s.inspect.b('symbolic_variable', when=BP_AFTER, action=act_variables)
    s.memory.load(0, 10)
github dhxkgozj / DirEngine / DirEngine / Functions / FunctionsManager.py View on Github external
def disasmble(self,bb):
        insn = []
        buff = self._header.read_bytes(self._header.read_addr(bb.addr-self._header.base_addr))
        addr = bb.addr
        arch = self._header.arch
        irsb = pyvex.IRSB(buff,addr,arch,num_bytes=400,bytes_offset=0,traceflags=0)
        bytestring = buff[:irsb.size]
        cs = arch.capstone
        for cs_insn in cs.disasm(bytestring,addr):
            insn.append(cs_insn)
            #print hex(cs_insn.address).replace("L",''), cs_insn.mnemonic, cs_insn.op_str

        return irsb, insn
github angr / angr / angr / simos.py View on Github external
def run(self):
        if self.cleanup:
            self.state.options.discard(o.AST_DEPS)
            self.state.options.discard(o.AUTO_REFS)

        ret_irsb = pyvex.IRSB(self.state.arch.ret_instruction, self.addr, self.state.arch)
        ret_simirsb = SimIRSB(self.state, ret_irsb, inline=True, addr=self.addr)
        if not ret_simirsb.flat_successors + ret_simirsb.unsat_successors:
            ret_state = ret_simirsb.default_exit
        else:
            ret_state = (ret_simirsb.flat_successors + ret_simirsb.unsat_successors)[0]

        if self.cleanup:
            self.state.options.add(o.AST_DEPS)
            self.state.options.add(o.AUTO_REFS)

        self.add_successor(ret_state, ret_state.scratch.target, ret_state.scratch.guard, 'Ijk_Sys')
github dhxkgozj / DirEngine / build / lib.linux-x86_64-2.7 / DirEngine / Functions / FunctionsManager.py View on Github external
def disasmble(self,bb):
        insn = []
        buff = self._header.read_bytes(self._header.read_addr(bb.addr-self._header.base_addr))
        addr = bb.addr
        arch = self._header.arch
        irsb = pyvex.IRSB(buff,addr,arch,num_bytes=400,bytes_offset=0,traceflags=0)
        bytestring = buff[:irsb.size]
        cs = arch.capstone
        for cs_insn in cs.disasm(bytestring,addr):
            insn.append(cs_insn)
            #print hex(cs_insn.address).replace("L",''), cs_insn.mnemonic, cs_insn.op_str

        return irsb, insn
github angr / angr / simuvex / s_arch.py View on Github external
def get_ret_irsb(self, inst_addr):
        l.debug("Creating ret IRSB at 0x%x", inst_addr)
        irsb = pyvex.IRSB(bytes=self.ret_instruction, mem_addr=inst_addr,
                          arch=self.vex_arch, endness=self.vex_endness)
        l.debug("... created IRSB %s", irsb)
        return irsb
github angr / angr-platforms / angr_platforms / bf / lift_bf.py View on Github external
register(LifterBF, 'BF')

if __name__ == '__main__':
    sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
    import logging
    logging.getLogger('pyvex').setLevel(logging.DEBUG)
    logging.basicConfig()

    irsb_ = pyvex.IRSB(None, 0, arch=archinfo.arch_from_id('bf'))
    test1 = b'<>+-[].,'
    test2 = b'<>+-[].,'
    lifter = LifterBF(irsb_, test1, len(test1) , len(test1), 0, None)
    lifter.lift()
    lifter.irsb.pp()

    irsb_ = pyvex.IRSB(None, 0, arch=ArchBF())
    lifter = LifterBF(irsb_, test2, len(test2),len(test2),0,  None)
    lifter.lift()
    lifter.irsb.pp()
github angr / simuvex / simuvex / s_arch.py View on Github external
def get_ret_irsb(self, inst_addr):
        l.debug("Creating ret IRSB at 0x%x", inst_addr)
        irsb = pyvex.IRSB(bytes=self.ret_instruction, mem_addr=inst_addr,
                          arch=self.vex_arch, endness=self.vex_endness)
        l.debug("... created IRSB %s", irsb)
        return irsb
github jeffball55 / rop_compiler / pyrop / rop_compiler / classifier.py View on Github external
def get_irsbs(self, code, address):
    irsbs = []
    code_address = address
    while code_address <= address + len(code) - self.arch.instruction_alignment:
      try:
        irsb = pyvex.IRSB(code[code_address-address:], code_address, self.arch, opt_level=0)
        irsbs.append(irsb)
      except: # If decoding fails, we can't use this gadget
        traceback.print_exc()
        return [] # So just return an empty list

      if (self.arch.name not in extra_archinfo.ENDS_EARLY_ARCHS
        or irsb.jumpkind != 'Ijk_Boring'
        or not self.irsb_ends_with_constant_pc(irsb)):
        break

      # Find the last address that was translated (For some architectures, pyvex stops before the end of a block)
      last_addr = None
      for stmt in irsb.statements:
        if stmt.tag == 'Ist_IMark':
          last_addr = stmt.addr

pyvex

A Python interface to libVEX and VEX IR

GitHub
BSD-2-Clause
Latest version published 1 day ago

Package Health Score

79 / 100
Full package analysis

Popular pyvex functions

Similar packages