Comments (2)
It appears that the MemoryAccess information stored in instruction might only contain concrete access information,
Have you tried to use MemoryAccess::getLeaAst()
? That should return the symbolic memory access.
from triton.
It appears that the MemoryAccess information stored in instruction might only contain concrete access information,
Have you tried to use
MemoryAccess::getLeaAst()
? That should return the symbolic memory access.
Much appreciated! By digging out MemoryAccess::getLeaAst() and its related documentation, I've learned a lot from Triton's memory modeling procedure.
However, I'm still confused about how to symbolize memory before their initial access. I attempted a simple test case as shown below, yet I realized that I may not be able to retrieve the very memory access until having processed the instruction (e.g., I've tried using disassembly
before processing the instruction, but the memory access information in getOperands
is incomplete until having the instruction processed).
def test(self):
self.ctx = TritonContext(ARCH.X86_64)
self.ctx.setMode(MODE.MEMORY_ARRAY, True)
self.ctx.setMode(MODE.SYMBOLIZE_LOAD, True)
self.ctx.setMode(MODE.SYMBOLIZE_STORE, True)
code = [
(1, b"\x8b\x0c\x18"), # mov ecx, dword ptr [rax + rbx]
(2, b"\x48\x81\xf9\xad\xde\x00\x00"), # cmp rcx, 0xdead
]
self.ctx.symbolizeRegister(self.ctx.registers.rax, 's_rax')
self.ctx.symbolizeRegister(self.ctx.registers.rbx, 's_rbx')
self.ctx.symbolizeRegister(self.ctx.registers.rcx, 's_rcx')
count = 0 # counter for symbolized memory
for i, op in code:
i= Instruction(op)
self.ctx.processing(i)
if i.isMemoryRead():
a = i.getLoadAccess()
readMemory = a[0][0]
if not self.ctx.isMemorySymbolized(readMemory):
memAlias = f'mem_{count}'
self.ctx.symbolizeMemory(readMemory, memAlias)
print(f"symbolize memory {readMemory} with {memAlias}")
count += 1
if i.isMemoryWrite():
# similar to memory read
zf = self.ctx.getRegisterAst(self.ctx.registers.zf)
m = self.ctx.getModel(zf == 1)
print(m)
Ideally, a model where [rax+rbx]
is set to 0xdead
will be printed. However, since the memory is symbolized after its initial access, m
is empty in actual.
from triton.
Related Issues (20)
- Taint resulting from a dereference HOT 2
- Taint propagation on conditional jumps HOT 1
- Once contain “inc edi” or “dec edi”,TritonContext.disassembly(block, start) generate TypeError: x8664Cpu::disassembly(): Failed to disassemble the given code. HOT 3
- Will a new official version be released soon? HOT 3
- Problem with getWrittenRegisters() in aarch64
- ARM32 - `ADR` Instruction incorrect behaviour HOT 3
- Why is this POC yielding these results? HOT 2
- Failed to build with the library HOT 5
- Clarification regarding MEMORY_ARRAY mode HOT 7
- symbolizeRegister result is different with setConcreteRegisterValue result ?
- How to determine if a concrete register value is known? HOT 2
- fails to build against LLVM-18
- [OSX ERROR] SystemError: initialization of triton did not return an extension module HOT 7
- lea semantic bugg ?
- LDRSW instruction error ?
- Incorrectly handled x86 instruction, rcl memory, immediate HOT 2
- Add Dissasembly callbacks? HOT 2
- Is it possible to symbolize arbitrary memory access before the actual processing? HOT 1
- Building errors on python3.12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from triton.