How to use the claripy.BVV function in claripy
To help you get started, we’ve selected a few claripy examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / tests / test_memview.py View on Github 
def test_simple_concrete():
s = SimState(arch="AMD64")
addr = 0xba5e0
def check_read(val):
nose.tools.assert_equal(s.solver.eval(s.memory.load(addr, 8, endness=Endness.LE), cast_to=int), val)
nose.tools.assert_equal(s.mem[addr].char.concrete, chr(val & 0xFF).encode())
nose.tools.assert_equal(s.mem[addr].byte.concrete, val & 0xFF)
nose.tools.assert_equal(s.mem[addr].int16_t.concrete, ctypes.c_int16(val & 0xFFFF).value)
nose.tools.assert_equal(s.mem[addr].uint16_t.concrete, val & 0xFFFF)
nose.tools.assert_equal(s.mem[addr].qword.concrete, val)
s.memory.store(addr, claripy.BVV(0x11223344aabbcc7d, 64), endness=Endness.LE)
check_read(0x11223344aabbcc7d)
# test storing
s.mem[addr].uint16_t = 0xef6d
check_read(0x11223344aabbef6d)self._apply_object_to_page(n * self._page_size, mo, page=new_page)
initialized = True
except SimConcreteMemoryError:
l.debug("The address requested is not mapped in the concrete process memory \
this can happen when a memory allocation function/syscall is invoked in the simulated execution \
and the map_region function is called")
return initialized
elif isinstance(self._memory_backer, cle.Clemory):
# find permission backer associated with the address
# fall back to default (read-write-maybe-exec) if can't find any
for start, end in self._permission_map:
if start <= new_page_addr < end:
flags = self._permission_map[(start, end)]
new_page.permissions = claripy.BVV(flags, 3)
break
# for each clemory backer which intersects with the page, apply its relevant data
for backer_addr, backer in self._memory_backer.backers(new_page_addr):
if backer_addr >= new_page_addr + self._page_size:
break
relevant_region_start = max(new_page_addr, backer_addr)
relevant_region_end = min(new_page_addr + self._page_size, backer_addr + len(backer))
slice_start = relevant_region_start - backer_addr
slice_end = relevant_region_end - backer_addr
if self.byte_width == 8:
relevant_data = bytes(memoryview(backer)[slice_start:slice_end])
mo = SimMemoryObject(
relevant_data,def generic_compare(self, args, comparison):
if self._vector_size is not None:
res_comps = []
for i in reversed(range(self._vector_count)):
a_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[0])
b_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[1])
res_comps.append(claripy.If(comparison(a_comp, b_comp),
claripy.BVV(-1, self._vector_size),
claripy.BVV(0, self._vector_size)))
return claripy.Concat(*res_comps)
else:
return claripy.If(comparison(args[0], args[1]), claripy.BVV(1, 1), claripy.BVV(0, 1))# fall back to read-write if we can't find any...
flags = DbgPage.PROT_READ | DbgPage.PROT_WRITE
for start, end in self._permission_map:
if start <= new_page_addr < end:
flags = self._permission_map[(start, end)]
break
snip_start = max(0, start_backer)
write_start = max(new_page_addr, addr + snip_start)
write_size = self._page_size - write_start % self._page_size
if self.byte_width == 8:
snip = _ffi.buffer(backer)[
snip_start:snip_start + write_size]
mo = SimMemoryObject(
claripy.BVV(snip), write_start, byte_width=self.byte_width)
self._apply_object_to_page(
n * self._page_size, mo, page=new_page)
else:
for i, byte in enumerate(backer):
mo = SimMemoryObject(
claripy.BVV(
byte,
self.byte_width),
write_start + i,
byte_width=self.byte_width)
self._apply_object_to_page(
n * self._page_size, mo, page=new_page)
new_page.permissions = claripy.BVV(flags, 3)
initialized = True}
if isinstance(condition, (ailment.Expr.Load, ailment.Expr.Register, ailment.Expr.DirtyExpression)):
var = claripy.BVS('ailexpr_%s' % repr(condition), condition.bits, explicit_name=True)
self._condition_mapping[var] = condition
return var
elif isinstance(condition, ailment.Expr.Convert):
# convert is special. if it generates a 1-bit variable, it should be treated as a BVS
if condition.to_bits == 1:
var = claripy.BoolS('ailcond_%s' % repr(condition), explicit_name=True)
else:
var = claripy.BVS('ailexpr_%s' % repr(condition), condition.to_bits, explicit_name=True)
self._condition_mapping[var] = condition
return var
elif isinstance(condition, ailment.Expr.Const):
var = claripy.BVV(condition.value, condition.bits)
return var
elif isinstance(condition, ailment.Expr.Tmp):
l.warning("Left-over ailment.Tmp variable %s.", condition)
var = claripy.BVS('ailtmp_%d' % condition.tmp_idx, condition.bits)
self._condition_mapping[var] = condition
return var
lambda_expr = _mapping.get(condition.op, None)
if lambda_expr is None:
raise NotImplementedError("Unsupported AIL expression operation %s. Consider implementing." % condition.op)
return lambda_expr(condition, self._bool_variable_from_ail_condition)else:
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
mo = SimMemoryObject(backer, i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
elif len(self._memory_backer) > self._page_size:
for i in range(self._page_size):
try:
backer = self._memory_backer[i]
if not isinstance(self._memory_backer[i], (claripy.ast.Base, bytes)):
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
if type(backer) is bytes and self.byte_width != 8:
backer = claripy.BVV(backer)
mo = SimMemoryObject(backer, new_page_addr+i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
except KeyError:
pass
if self.state is not None:
self.state.scratch.pop_priv()
return initializedexcept KeyError:
pass
except Exception as ee:
print(ee)
# page from debugger
try:
if seg is not None:
perms = 0
if seg.perms & SEG_PROT_X:
perms += DbgPage.PROT_EXEC
if seg.perms & SEG_PROT_W:
perms += DbgPage.PROT_WRITE
if seg.perms & SEG_PROT_R:
perms += DbgPage.PROT_READ
new_page.permissions = claripy.BVV(perms, 3)
#print "permissions setted %x %d" % (new_page_addr, perms)
initialized = True
setattr(new_page, "from_dbg", True)
except Exception as ee:
import traceback
traceback.print_exc()
if self.state is not None:
self.state.scratch.pop_priv()
return initializedelif isinstance(self._memory_backer[i], bytes):
backer = claripy.BVV(self._memory_backer[i])
else:
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
mo = SimMemoryObject(backer, i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
elif len(self._memory_backer) > self._page_size:
for i in range(self._page_size):
try:
if isinstance(self._memory_backer[i], claripy.ast.Base):
backer = self._memory_backer[i]
elif isinstance(self._memory_backer[i], bytes):
backer = claripy.BVV(self._memory_backer[i])
else:
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
mo = SimMemoryObject(backer, new_page_addr+i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
except KeyError:
pass
except Exception as ee:
print(ee)
# page from debugger
try:
if seg is not None:
perms = 0
if seg.perms & SEG_PROT_X:
perms += DbgPage.PROT_EXEC
if seg.perms & SEG_PROT_W:
perms += DbgPage.PROT_WRITEcontinue
elif self.write_mode is None:
self.write_mode = o.write_mode
elif self.write_mode is not o.write_mode:
raise SimMergeError("Cannot merge SimPackets with disparate write_mode")
for o in others:
if len(o.content) != len(self.content):
raise SimMergeError("Cannot merge SimPackets with disparate number of packets")
for i, default in enumerate(self.content):
max_data_length = max(len(default[0]), max(len(o.content[i][0]) for o in others))
merged_data = self.state.solver.ite_cases(
zip(
merge_conditions[1:],
(o.content[i][0].concat(claripy.BVV(0, max_data_length - len(o.content[i][0]))) for o in others)
), default[0])
merged_size = self.state.solver.ite_cases(zip(merge_conditions[1:], (o.content[i][1] for o in others)), default[1])
self.content[i] = (merged_data, merged_size)
return Truedef raw(self, arch=None):
address, length = self.address, self.length
if isinstance(self.address, int):
address = claripy.BVV(address, 32)
if isinstance(length, int):
length = claripy.BVV(length, 32)
bv_codes = [claripy.BVV(x) for x in self.code]
return claripy.Concat(bv_codes[0], address.reversed, bv_codes[1], length.reversed, bv_codes[2])claripy
An abstraction layer for constraint solvers
