How to use the triton.CPUSIZE.QWORD function in triton
To help you get started, we’ve selected a few triton examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
JonathanSalwan / Triton / src / testers / unittests / test_immediate.py View on Github 
def setUp(self):
"""Define the arch and Immediate to test."""
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.imm = Immediate(0x0123456789abcdef, CPUSIZE.QWORD)def test_5(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.convertMemoryToSymbolicVariable(MemoryAccess(0, CPUSIZE.QWORD))
inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(len(inst.getReadRegisters()), 0)
self.assertEqual(len(inst.getWrittenRegisters()), 1)
self.assertEqual(len(inst.getLoadAccess()), 1)
self.assertEqual(len(inst.getStoreAccess()), 0)def test_8(self):
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86_64)
ctx.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
ctx.setConcreteRegisterValue(ctx.registers.rax, 0x1337)
ctx.convertRegisterToSymbolicVariable(ctx.registers.rax)
ctx.convertMemoryToSymbolicVariable(MemoryAccess(0, CPUSIZE.QWORD))
inst = Instruction(b"\x48\x8b\x18") # mov rbx, qword ptr [rax]
self.assertTrue(ctx.processing(inst))
self.assertTrue(checkAstIntegrity(inst))
self.assertEqual(inst.getOperands()[1].getAddress(), 0x1337)
self.assertIsNotNone(inst.getOperands()[1].getLeaAst())def tainting(threadId):
rdi = getCurrentRegisterValue(Triton.registers.rdi) # argc
rsi = getCurrentRegisterValue(Triton.registers.rsi) # argv
while rdi > 1:
argv = getCurrentMemoryValue(rsi + ((rdi-1) * CPUSIZE.QWORD), CPUSIZE.QWORD)
offset = 0
while offset != STRLEN_ASSERT_LEN+5:
Triton.taintMemory(argv + offset)
concreteValue = getCurrentMemoryValue(argv + offset)
Triton.setConcreteMemoryValue(argv + offset, concreteValue)
Triton.convertMemoryToSymbolicVariable(MemoryAccess(argv + offset, CPUSIZE.BYTE))
offset += 1
print('[+] %03d bytes tainted from the argv[%d] (%#x) pointer' %(offset, rdi-1, argv))
rdi -= 1
returnaddrs.append(base)
Triton.setConcreteMemoryAreaValue(base, bytes(argv.encode('utf8')) + b'\x00')
# Tainting argvs
for i in range(len(argv)):
Triton.taintMemory(base + i)
base += len(argv)+1
debug('argv[%d] = %s' %(index, argv))
index += 1
argc = len(argvs)
argv = base
for addr in addrs:
Triton.setConcreteMemoryValue(MemoryAccess(base, CPUSIZE.QWORD), addr)
base += CPUSIZE.QWORD
Triton.setConcreteRegisterValue(Triton.registers.rdi, argc)
Triton.setConcreteRegisterValue(Triton.registers.rsi, argv)
return 0def hookingHandler():
pc = Triton.getConcreteRegisterValue(Triton.registers.rip)
for rel in customRelocation:
if rel[2] == pc:
# Emulate the routine and the return value
ret_value = rel[1]()
Triton.setConcreteRegisterValue(Triton.registers.rax, ret_value)
# Get the return address
ret_addr = Triton.getConcreteMemoryValue(MemoryAccess(Triton.getConcreteRegisterValue(Triton.registers.rsp), CPUSIZE.QWORD))
# Hijack RIP to skip the call
Triton.setConcreteRegisterValue(Triton.registers.rip, ret_addr)
# Restore RSP (simulate the ret)
Triton.setConcreteRegisterValue(Triton.registers.rsp, Triton.getConcreteRegisterValue(Triton.registers.rsp)+CPUSIZE.QWORD)
returndef __libc_start_main():
debug('__libc_start_main hooked')
# Get arguments
main = Triton.getConcreteRegisterValue(Triton.registers.rdi)
# Push the return value to jump into the main() function
Triton.setConcreteRegisterValue(Triton.registers.rsp, Triton.getConcreteRegisterValue(Triton.registers.rsp)-CPUSIZE.QWORD)
ret2main = MemoryAccess(Triton.getConcreteRegisterValue(Triton.registers.rsp), CPUSIZE.QWORD)
Triton.setConcreteMemoryValue(ret2main, main)
# Setup argc / argv
Triton.concretizeRegister(Triton.registers.rdi)
Triton.concretizeRegister(Triton.registers.rsi)
# Setup target argvs
argvs = [sys.argv[1]] + sys.argv[2:]
# Define argc / argv
base = BASE_ARGV
addrs = list()
index = 0addrs.append(base)
Triton.setConcreteMemoryAreaValue(base, bytes(argv.encode('utf-8'))+b'\x00')
# Tainting argvs
for i in range(len(argv)):
Triton.taintMemory(base + i)
base += len(argv)+1
debug('argv[%d] = %s' %(index, argv))
index += 1
argc = len(argvs)
argv = base
for addr in addrs:
Triton.setConcreteMemoryValue(MemoryAccess(base, CPUSIZE.QWORD), addr)
base += CPUSIZE.QWORD
Triton.setConcreteRegisterValue(Triton.registers.rdi, argc)
Triton.setConcreteRegisterValue(Triton.registers.rsi, argv)
return 0def __libc_start_main():
debug('__libc_start_main hooked')
# Get arguments
main = Triton.getConcreteRegisterValue(Triton.registers.rdi)
# Push the return value to jump into the main() function
Triton.setConcreteRegisterValue(Triton.registers.rsp, Triton.getConcreteRegisterValue(Triton.registers.rsp)-CPUSIZE.QWORD)
ret2main = MemoryAccess(Triton.getConcreteRegisterValue(Triton.registers.rsp), CPUSIZE.QWORD)
Triton.setConcreteMemoryValue(ret2main, main)
# Setup argc / argv
Triton.concretizeRegister(Triton.registers.rdi)
Triton.concretizeRegister(Triton.registers.rsi)
# Setup target argvs
argvs = [sys.argv[1]] + sys.argv[2:]
# Define argc / argv
base = BASE_ARGV
addrs = list()
index = 0triton
A language and compiler for custom Deep Learning operations
Package Health Score
94 / 100Popular triton functions
- triton.ARCH
- triton.ARCH.X86
- triton.ARCH.X86_64
- triton.CALLBACK
- triton.CALLBACK.GET_CONCRETE_MEMORY_VALUE
- triton.CPUSIZE
- triton.CPUSIZE.BYTE
- triton.CPUSIZE.QWORD
- triton.getConcreteMemoryAreaValue
- triton.getConcreteRegisterValue
- triton.getSymbolicExpressionFromId
- triton.Immediate
- triton.Instruction
- triton.MemoryAccess
- triton.MODE
- triton.MODE.ALIGNED_MEMORY
- triton.MODE.ONLY_ON_SYMBOLIZED
- triton.OPCODE
- triton.REG
- triton.TritonContext