dwarfcore.detectors.dwarf_variables module

class dwarfcore.detectors.dwarf_variables.DwarfVariables(dwarfcore: dwarfcore.dwarfcore.DwarfCore, poi_funcs: Optional[List[str]] = None, fast: bool = True)

Bases: manticore.core.plugin.Plugin

Print information about reads and writes to source-level variables on each instruction.

Parameters
MCORE_TESTCASE_LIST: Final[str] = 'DwarfVariables_testcases'
is_mem_access_oob(state: manticore.native.state.State, insn: manticore.native.cpu.disasm.Instruction, where: Union[int, manticore.core.smtlib.expression.Expression], size: Union[int, manticore.core.smtlib.expression.Expression]) None

Check if the memory access expression by the given instruction can access out-of-bounds variable memory given the current inscope variables as defined by state context key INSCOPE_VARS_KEY.

If an out of bounds memory access is found, the state is abandoned and a test case is generated to reproduce the memory access.

Parameters

  • state – Specified Manticore State

  • insn – Instruction causing memory access

  • where – Memory access location

  • size – Size of the memory access

  • state (manticore.native.state.State) –

  • insn (manticore.native.cpu.disasm.Instruction) –

  • where (Union[int, manticore.core.smtlib.expression.Expression]) –

  • size (Union[int, manticore.core.smtlib.expression.Expression]) –

Return type

None

manticore
poi_funcs: Optional[List[str]]

Manticore context key for holding testcases by this detector

record_testcase(state: manticore.native.state.State, message: str)
Parameters

  • state (manticore.native.state.State) –

  • message (str) –

property results: List[mate_common.models.integration.ReachingTestCase]

Any test case results found during execution.

stack_mem_access(state: manticore.native.state.State, where: int) bool

Check if a memory access is located at a valid position in the current stack.

We use the stack register to determine the upper (low value for x86) bound and Manticore’s load information for the bottom of the stack.

Parameters

  • state – Manticore State to use as context for program values

  • where – The memory access to check

  • state (manticore.native.state.State) –

  • where (int) –

Returns

True if located in the stack; False otherwise

Return type

bool

will_execute_instruction_callback(state: manticore.native.state.State, pc: Union[int, manticore.core.smtlib.expression.Expression], insn: manticore.native.cpu.disasm.Instruction)

Manticore instruction callback to determine which function we are executing within.

Parameters

  • state (manticore.native.state.State) –

  • pc (Union[int, manticore.core.smtlib.expression.Expression]) –

  • insn (manticore.native.cpu.disasm.Instruction) –

will_read_memory_callback(state: manticore.native.state.State, where: Union[int, manticore.core.smtlib.expression.Expression], size: Union[int, manticore.core.smtlib.expression.Expression])

Look at the variable, index, and values that we are reading from memory.

Parameters

  • state (manticore.native.state.State) –

  • where (Union[int, manticore.core.smtlib.expression.Expression]) –

  • size (Union[int, manticore.core.smtlib.expression.Expression]) –

will_write_memory_callback(state: manticore.native.state.State, where: Union[int, manticore.core.smtlib.expression.Expression], _expression: Union[int, manticore.core.smtlib.expression.Expression], size: Union[int, manticore.core.smtlib.expression.Expression])

Look at the variable, index, and values that we are writing to memory.

Parameters

  • state (manticore.native.state.State) –

  • where (Union[int, manticore.core.smtlib.expression.Expression]) –

  • _expression (Union[int, manticore.core.smtlib.expression.Expression]) –

  • size (Union[int, manticore.core.smtlib.expression.Expression]) –