dwarfcore.detectors.common module

class dwarfcore.detectors.common.CallStackFrame(func_name: str, leave_va: dwarfcore.dwarfcore.ManticoreAddress, return_va: dwarfcore.dwarfcore.ManticoreAddress, register_state: manticore.native.cpu.abstractcpu.RegisterFile, inscope_variables: List[mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo], other_data: Dict[str, Any] = <factory>)

Bases: object

Call Stack Frame information to look at info.

Parameters

• func_name (str) –

• leave_va (dwarfcore.dwarfcore.ManticoreAddress) –

• return_va (dwarfcore.dwarfcore.ManticoreAddress) –

• register_state (manticore.native.cpu.abstractcpu.RegisterFile) –

• inscope_variables (List[mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo]) –

• other_data (Dict[str, Any]) –

Return type

None

func_name: str

Address we left at

inscope_variables: List[mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo]

Additional data for other plugins

leave_va: dwarfcore.dwarfcore.ManticoreAddress

Address to return to

other_data: Dict[str, Any]

register_state: manticore.native.cpu.abstractcpu.RegisterFile

DWARF-derived in-scope variables

return_va: dwarfcore.dwarfcore.ManticoreAddress

Register state we left at

class dwarfcore.detectors.common.FoundVarInfo(found_var: dwarfcore.detectors.common.VariableAtMemoryInfo, var_write_info: Dict[str, bool], call_frame: Optional[dwarfcore.detectors.common.CallStackFrame])

Bases: object

Simple data structure for holding more info about a variable found at a memory location and how it relates to the call stack.

Parameters

• found_var (dwarfcore.detectors.common.VariableAtMemoryInfo) –

• var_write_info (Dict[str, bool]) –

• call_frame (Optional[dwarfcore.detectors.common.CallStackFrame]) –

Return type

None

call_frame: Optional[dwarfcore.detectors.common.CallStackFrame]

found_var: dwarfcore.detectors.common.VariableAtMemoryInfo

var_write_info: Dict[str, bool]

class dwarfcore.detectors.common.VariableAtMemoryInfo(name, min_mem, max_mem, var, parent_min_mem, parent_max_mem, padding)

Bases: tuple

Parameters

• name (str) –

• min_mem (dwarfcore.dwarfcore.ManticoreAddress) –

• max_mem (dwarfcore.dwarfcore.ManticoreAddress) –

• var (mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo) –

• parent_min_mem (dwarfcore.dwarfcore.ManticoreAddress) –

• parent_max_mem (dwarfcore.dwarfcore.ManticoreAddress) –

• padding (bool) –

max_mem: dwarfcore.dwarfcore.ManticoreAddress

Alias for field number 2

min_mem: dwarfcore.dwarfcore.ManticoreAddress

Alias for field number 1

name: str

Alias for field number 0

padding: bool

Alias for field number 6

parent_max_mem: dwarfcore.dwarfcore.ManticoreAddress

Alias for field number 5

parent_min_mem: dwarfcore.dwarfcore.ManticoreAddress

Alias for field number 4

var: mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo

Alias for field number 3

dwarfcore.detectors.common.record_concretize_state_vars(state: manticore.native.state.State, orig_id: int) → List[mate_common.models.integration.ReachingInput]

Concretize and constrain all symbolic variables and return their values.

This should be called with a temporary state if you wish to continue execution after this point.

Parameters

• state – State to look for variables. Will constrain variables to values

• orig_id – Original state ID

• state (manticore.native.state.State) –

• orig_id (int) –

Returns

Information about user inputs that reach this point in execution

Return type

List[mate_common.models.integration.ReachingInput]

dwarfcore.detectors.common.stack_mem_access(state: manticore.native.state.State, where: int) → bool

Check if a memory access is located at a valid position in the current stack.

We use the stack register to determine the upper (low value for x86) bound and Manticore’s load information for the bottom of the stack.

Parameters

• state – Manticore State to use as context for program values

• where – The memory access to check

• state (manticore.native.state.State) –

• where (int) –

Returns

True if located in the stack; False otherwise

Return type

bool

dwarfcore.detectors.common.variable_at_memory(mem_addr: dwarfcore.dwarfcore.ManticoreAddress, state: manticore.native.state.State, possible_vars: List[mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo], regfile: Optional[manticore.native.cpu.abstractcpu.RegisterFile] = None) → Optional[dwarfcore.detectors.common.VariableAtMemoryInfo]

Given a memory address and Manticore state, try to determine possible variables that occupy that space. Optionally, give a list of variables and their information to limit the search, otherwise search all known variables.

Parameters

• mem_addr – Manticore memory address

• state – State to use for memory lookups

• possible_vars – DWARF variable information to look at for matching mem_addr

• regfile – Registers to use for looking up values at program state, if not specified use passed state

• mem_addr (dwarfcore.dwarfcore.ManticoreAddress) –

• state (manticore.native.state.State) –

• possible_vars (List[mate.build.tob_chess_utils.dwarf.MantiDwarfTypeInfo]) –

• regfile (Optional[manticore.native.cpu.abstractcpu.RegisterFile]) –

Returns

List of all variable information at the memory address or None

Return type

Optional[dwarfcore.detectors.common.VariableAtMemoryInfo]