How to use the triton.CPUSIZE.BYTE function in triton

To help you get started, we’ve selected a few triton examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github JonathanSalwan / Triton / src / testers / unittests / test_simulation.py View on Github external
def symbolize_inputs(self, seed):
        """Add symboles in memory for seed."""
        self.Triton.concretizeAllRegister()
        self.Triton.concretizeAllMemory()
        for address, value in list(seed.items()):
            self.Triton.setConcreteMemoryValue(address, value)
            self.Triton.convertMemoryToSymbolicVariable(MemoryAccess(address, CPUSIZE.BYTE))
            self.Triton.convertMemoryToSymbolicVariable(MemoryAccess(address+1, CPUSIZE.BYTE))
github JonathanSalwan / Triton / src / examples / python / ctf-writeups / defcamp-2015-r100 / solve.py View on Github external
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
    Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)

    # Load the binary
    loadBinary(os.path.join(os.path.dirname(__file__), 'r100.bin'))

    # Define a fake stack
    Triton.setConcreteRegisterValue(Triton.registers.rbp, 0x7fffffff)
    Triton.setConcreteRegisterValue(Triton.registers.rsp, 0x6fffffff)

    # Define an user input
    Triton.setConcreteRegisterValue(Triton.registers.rdi, 0x10000000)

    # Symbolize user inputs (30 bytes)
    for index in range(30):
        Triton.convertMemoryToSymbolicVariable(MemoryAccess(0x10000000+index, CPUSIZE.BYTE))

    # Emulate from the verification function
    emulate(0x4006FD)

    sys.exit(0)
github JonathanSalwan / Triton / src / examples / python / code_coverage_crackme_xor.py View on Github external
def symbolizeInputs(seed):
    # Clean symbolic state
    Triton.concretizeAllRegister()
    Triton.concretizeAllMemory()
    for address, value in list(seed.items()):
        Triton.setConcreteMemoryValue(address, value)
        Triton.convertMemoryToSymbolicVariable(MemoryAccess(address, CPUSIZE.BYTE))
        Triton.convertMemoryToSymbolicVariable(MemoryAccess(address+1, CPUSIZE.BYTE))
    return
github JonathanSalwan / Triton / src / examples / python / ctf-writeups / hackover-ctf-2015-r150 / solve.py View on Github external
# Create the Triton instruction
        instruction = Instruction()
        instruction.setOpcode(opcode)
        instruction.setAddress(pc)

        # Process
        Triton.processing(instruction)
        count += 1

        #print(instruction)

        # NOTE: Here is the solution of the challenge. The flag is decoded
        # and written into the memory. So, let's track all memory STORE of
        # 1 byte.
        for mem, memAst in instruction.getStoreAccess():
            if mem.getSize() == CPUSIZE.BYTE:
                sys.stdout.write(chr(Triton.getConcreteMemoryValue(mem)))
        # End of solution

        if instruction.getType() == OPCODE.X86.HLT:
            break

        # Simulate routines
        hookingHandler()

        # Next
        pc = Triton.getConcreteRegisterValue(Triton.registers.rip)

    debug('Instruction executed: %d' %(count))
    return
github JonathanSalwan / Triton / src / examples / pin / strlen.py View on Github external
def tainting(threadId):

    rdi = getCurrentRegisterValue(Triton.registers.rdi) # argc
    rsi = getCurrentRegisterValue(Triton.registers.rsi) # argv

    while rdi > 1:
        argv = getCurrentMemoryValue(rsi + ((rdi-1) * CPUSIZE.QWORD), CPUSIZE.QWORD)
        offset = 0
        while offset != STRLEN_ASSERT_LEN+5:
            Triton.taintMemory(argv + offset)
            concreteValue = getCurrentMemoryValue(argv + offset)
            Triton.setConcreteMemoryValue(argv + offset, concreteValue)
            Triton.convertMemoryToSymbolicVariable(MemoryAccess(argv + offset, CPUSIZE.BYTE))
            offset += 1
        print('[+] %03d bytes tainted from the argv[%d] (%#x) pointer' %(offset, rdi-1, argv))
        rdi -= 1

    return
github JonathanSalwan / Triton / src / examples / python / code_coverage_crackme_xor.py View on Github external
def symbolizeInputs(seed):
    # Clean symbolic state
    Triton.concretizeAllRegister()
    Triton.concretizeAllMemory()
    for address, value in list(seed.items()):
        Triton.setConcreteMemoryValue(address, value)
        Triton.convertMemoryToSymbolicVariable(MemoryAccess(address, CPUSIZE.BYTE))
        Triton.convertMemoryToSymbolicVariable(MemoryAccess(address+1, CPUSIZE.BYTE))
    return
github JonathanSalwan / Triton / src / examples / python / ctf-writeups / hackover-ctf-2015-r150 / solve.py View on Github external
def __fgets():
    debug('fgets hooked')

    # Get arguments
    arg1 = Triton.getConcreteRegisterValue(Triton.registers.rdi)
    arg2 = Triton.getConcreteRegisterValue(Triton.registers.rsi)

    indx = 0
    #user = raw_input("")[:arg2]
    user = "blah blah"

    for c in user:
        mem = MemoryAccess(arg1 + indx, CPUSIZE.BYTE)
        Triton.setConcreteMemoryValue(mem, ord(c))
        indx += 1

    # Return value
    return arg1
github radareorg / radare2-extras / pimp / pimp.py View on Github external
triton.CALLBACK.SYMBOLIC_SIMPLIFICATION)

        for r in self.regs:
            if r in self.triton_regs:
                triton.setConcreteRegisterValue(
                    triton.Register(self.triton_regs[r], self.regs[r] & ((1 << self.triton_regs[r].getBitSize()) - 1))
                )

        for m in cache:
            self.write_mem(m['start'], m["data"])

        for address in self.inputs:
                self.inputs[address] = triton.convertMemoryToSymbolicVariable(
                    triton.MemoryAccess(
                        address,
                        triton.CPUSIZE.BYTE
                    )
github kamou / pimp / pimp.py View on Github external
def add_input(self, addr, size):
        for offset in xrange(size):
            cmtsv = self.triton.convertMemoryToSymbolicVariable(triton.MemoryAccess(addr+offset, triton.CPUSIZE.BYTE))

            self.inputs[addr + offset] = cmtsv