def emulate(self, pc):
while pc:
# Fetch opcodes
opcode = TritonContext.getConcreteMemoryAreaValue(pc, 16)
# Create the Triton instruction
instruction = Instruction()
instruction.setOpcode(opcode)
instruction.setAddress(pc)
# Process
if (not TritonContext.processing(instruction)):
print("Current opcode is not supported.")
self.log(instruction)
if TritonContext.isRegisterSymbolized(Arch().triton_pc_reg):
pc_expr = TritonContext.getSymbolicExpressionFromId(
TritonContext.getSymbolicRegisterId(Arch().triton_pc_reg))
pc_ast = astCtxt.extract(Arch().reg_bits - 1, 0,
pc_expr.getAst())
# Define constraint
cstr = astCtxt.equal(pc_ast,
astCtxt.bv(self.target_address,
Arch().reg_bits))
model = TritonContext.getModel(cstr)
if model:
cprint('Got answer!!!', 'green')
for sym_id, sym_model in model.items():
value = sym_model.getValue()
TritonContext.setConcreteSymbolicVariableValue(
TritonContext.getSymbolicVariableFromId(sym_id),
value)
cprint('Symbolic variable %02d = %02x (%c)' %
(sym_id, value, chr(value)), 'green')
if click.confirm('Inject back to gdb?', default=True):
self.inject_to_gdb()
return True
# Next
pc = TritonContext.buildSymbolicRegister(
Arch().triton_pc_reg).evaluate()
评论列表
文章目录
