libTriton  version 0.7 build 1419
api.cpp
Go to the documentation of this file.
1 /*
3 ** Copyright (C) - Triton
4 **
5 ** This program is under the terms of the BSD License.
6 */
7 
8 #include <triton/api.hpp>
9 #include <triton/exceptions.hpp>
10 
11 #include <list>
12 #include <map>
13 #include <memory>
14 #include <new>
15 
16 
226 namespace triton {
227 
228  API::API() : callbacks(*this), arch(&this->callbacks) {
229  this->modes = std::make_shared<triton::modes::Modes>();
230  this->astCtxt = std::make_shared<triton::ast::AstContext>(this->modes);
231  }
232 
233 
235  this->removeEngines();
236  }
237 
238 
239 
240  /* Architecture API ============================================================================== */
241 
242  bool API::isArchitectureValid(void) const {
243  return this->arch.isValid();
244  }
245 
246 
247  void API::checkArchitecture(void) const {
248  if (!this->isArchitectureValid())
249  throw triton::exceptions::API("API::checkArchitecture(): You must define an architecture.");
250  }
251 
252 
254  return this->arch.getArchitecture();
255  }
256 
257 
259  return this->arch.getEndianness();
260  }
261 
262 
264  if (!this->isArchitectureValid())
265  throw triton::exceptions::API("API::checkArchitecture(): You must define an architecture.");
266  return this->arch.getCpuInstance();
267  }
268 
269 
271  /* Setup and init the targeted architecture */
272  this->arch.setArchitecture(arch);
273 
274  /* remove and re-init previous engines (when setArchitecture() has been called twice) */
275  this->removeEngines();
276  this->initEngines();
277  }
278 
279 
281  this->checkArchitecture();
282  this->arch.clearArchitecture();
283  }
284 
285 
287  return this->arch.isFlag(regId);
288  }
289 
290 
291  bool API::isFlag(const triton::arch::Register& reg) const {
292  return this->arch.isFlag(reg);
293  }
294 
295 
297  return this->arch.isRegister(regId);
298  }
299 
300 
301  bool API::isRegister(const triton::arch::Register& reg) const {
302  return this->arch.isRegister(reg);
303  }
304 
305 
307  return this->arch.getRegister(id);
308  }
309 
310 
312  return this->arch.getParentRegister(reg);
313  }
314 
315 
317  return this->arch.getParentRegister(id);
318  }
319 
320 
322  return this->arch.isRegisterValid(regId);
323  }
324 
325 
327  return this->arch.isRegisterValid(reg);
328  }
329 
330 
332  return this->arch.gprBitSize();
333  }
334 
335 
337  return this->arch.gprSize();
338  }
339 
340 
342  return this->arch.numberOfRegisters();
343  }
344 
345 
346  const std::unordered_map<triton::arch::register_e, const triton::arch::Register>& API::getAllRegisters(void) const {
347  this->checkArchitecture();
348  return this->arch.getAllRegisters();
349  }
350 
351 
352  std::set<const triton::arch::Register*> API::getParentRegisters(void) const {
353  this->checkArchitecture();
354  return this->arch.getParentRegisters();
355  }
356 
357 
358  triton::uint8 API::getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks) const {
359  this->checkArchitecture();
360  return this->arch.getConcreteMemoryValue(addr, execCallbacks);
361  }
362 
363 
365  this->checkArchitecture();
366  return this->arch.getConcreteMemoryValue(mem, execCallbacks);
367  }
368 
369 
370  std::vector<triton::uint8> API::getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks) const {
371  this->checkArchitecture();
372  return this->arch.getConcreteMemoryAreaValue(baseAddr, size, execCallbacks);
373  }
374 
375 
377  this->checkArchitecture();
378  return this->arch.getConcreteRegisterValue(reg, execCallbacks);
379  }
380 
381 
383  this->checkArchitecture();
384  this->arch.setConcreteMemoryValue(addr, value);
385  }
386 
387 
389  this->checkArchitecture();
390  this->arch.setConcreteMemoryValue(mem, value);
391  }
392 
393 
394  void API::setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector<triton::uint8>& values) {
395  this->checkArchitecture();
396  this->arch.setConcreteMemoryAreaValue(baseAddr, values);
397  }
398 
399 
401  this->checkArchitecture();
402  this->arch.setConcreteMemoryAreaValue(baseAddr, area, size);
403  }
404 
405 
407  this->checkArchitecture();
408  this->arch.setConcreteRegisterValue(reg, value);
409  }
410 
411 
413  this->checkArchitecture();
414  return this->arch.isMemoryMapped(baseAddr, size);
415  }
416 
417 
419  this->checkArchitecture();
420  this->arch.unmapMemory(baseAddr, size);
421  }
422 
423 
425  this->checkArchitecture();
426  this->arch.disassembly(inst);
427  }
428 
429 
430 
431  /* Processing API ================================================================================ */
432 
433  void API::initEngines(void) {
434  this->checkArchitecture();
435 
436  this->symbolic = new(std::nothrow) triton::engines::symbolic::SymbolicEngine(&this->arch, this->modes, this->astCtxt, &this->callbacks);
437  if (this->symbolic == nullptr)
438  throw triton::exceptions::API("API::initEngines(): No enough memory.");
439 
440  this->solver = new(std::nothrow) triton::engines::solver::SolverEngine();
441  if (this->solver == nullptr)
442  throw triton::exceptions::API("API::initEngines(): No enough memory.");
443 
444  this->taint = new(std::nothrow) triton::engines::taint::TaintEngine(this->modes, this->symbolic, *this->getCpuInstance());
445  if (this->taint == nullptr)
446  throw triton::exceptions::API("API::initEngines(): No enough memory.");
447 
448  this->irBuilder = new(std::nothrow) triton::arch::IrBuilder(&this->arch, this->modes, this->astCtxt, this->symbolic, this->taint);
449  if (this->irBuilder == nullptr)
450  throw triton::exceptions::API("API::initEngines(): No enough memory.");
451 
452  /* Setup registers shortcut */
453  this->registers.init(this->arch.getArchitecture());
454  }
455 
456 
457  void API::removeEngines(void) {
458  if (this->isArchitectureValid()) {
459  delete this->irBuilder;
460  delete this->solver;
461  delete this->symbolic;
462  delete this->taint;
463 
464  this->astCtxt = nullptr;
465  this->irBuilder = nullptr;
466  this->modes = nullptr;
467  this->solver = nullptr;
468  this->symbolic = nullptr;
469  this->taint = nullptr;
470  }
471 
472  // Use default modes.
473  this->modes = std::make_shared<triton::modes::Modes>();
474 
475  // Clean up the ast context
476  this->astCtxt = std::make_shared<triton::ast::AstContext>(this->modes);
477 
478  // Clean up the registers shortcut
479  this->registers.clear();
480  }
481 
482 
483  void API::reset(void) {
484  if (this->isArchitectureValid()) {
485  this->removeEngines();
486  this->initEngines();
487  this->clearArchitecture();
488  this->removeAllCallbacks();
489  }
490  }
491 
492 
494  this->checkArchitecture();
495  this->arch.disassembly(inst);
496  return this->irBuilder->buildSemantics(inst);
497  }
498 
499 
500 
501  /* IR builder API ================================================================================= */
502 
503  void API::checkIrBuilder(void) const {
504  if (!this->irBuilder)
505  throw triton::exceptions::API("API::checkIrBuilder(): IR builder is undefined, you should define an architecture first.");
506  }
507 
508 
510  this->checkIrBuilder();
511  return this->irBuilder->buildSemantics(inst);
512  }
513 
514 
516  return this->astCtxt;
517  }
518 
519 
520 
521  /* AST representation API ========================================================================= */
522 
524  return this->astCtxt->getRepresentationMode();
525  }
526 
527 
529  this->astCtxt->setRepresentationMode(mode);
530  }
531 
532 
533 
534  /* Callbacks API ================================================================================= */
535 
537  this->callbacks.addCallback(cb);
538  }
539 
540 
542  this->callbacks.addCallback(cb);
543  }
544 
545 
547  this->callbacks.addCallback(cb);
548  }
549 
550 
552  this->callbacks.addCallback(cb);
553  }
554 
555 
557  this->callbacks.addCallback(cb);
558  }
559 
560 
563  }
564 
565 
567  this->callbacks.removeCallback(cb);
568  }
569 
570 
572  this->callbacks.removeCallback(cb);
573  }
574 
575 
577  this->callbacks.removeCallback(cb);
578  }
579 
580 
582  this->callbacks.removeCallback(cb);
583  }
584 
585 
587  this->callbacks.removeCallback(cb);
588  }
589 
590 
592  if (this->callbacks.isDefined)
593  return this->callbacks.processCallbacks(kind, node);
594  return node;
595  }
596 
597 
599  if (this->callbacks.isDefined)
600  this->callbacks.processCallbacks(kind, mem);
601  }
602 
603 
605  if (this->callbacks.isDefined)
606  this->callbacks.processCallbacks(kind, reg);
607  }
608 
609 
610 
611  /* Modes API======================================================================================= */
612 
613  void API::enableMode(triton::modes::mode_e mode, bool flag) {
614  this->modes->enableMode(mode, flag);
615  }
616 
617 
619  return this->modes->isModeEnabled(mode);
620  }
621 
622 
623 
624  /* Symbolic engine API ============================================================================ */
625 
626  void API::checkSymbolic(void) const {
627  if (!this->symbolic)
628  throw triton::exceptions::API("API::checkSymbolic(): Symbolic engine is undefined, you should define an architecture first.");
629  }
630 
631 
633  this->checkSymbolic();
634  return this->symbolic;
635  }
636 
637 
639  this->checkSymbolic();
640  return this->symbolic->convertExpressionToSymbolicVariable(exprId, symVarSize, symVarComment);
641  }
642 
643 
645  this->checkSymbolic();
646  return this->symbolic->convertMemoryToSymbolicVariable(mem, symVarComment);
647  }
648 
649 
651  this->checkSymbolic();
652  return this->symbolic->convertRegisterToSymbolicVariable(reg, symVarComment);
653  }
654 
655 
657  this->checkSymbolic();
658  return this->symbolic->getOperandAst(op);
659  }
660 
661 
663  this->checkSymbolic();
664  return this->symbolic->getOperandAst(inst, op);
665  }
666 
667 
669  this->checkSymbolic();
670  return this->symbolic->getImmediateAst(imm);
671  }
672 
673 
675  this->checkSymbolic();
676  return this->symbolic->getImmediateAst(inst, imm);
677  }
678 
679 
681  this->checkSymbolic();
682  return this->symbolic->getMemoryAst(mem);
683  }
684 
685 
687  this->checkSymbolic();
688  return this->symbolic->getMemoryAst(inst, mem);
689  }
690 
691 
693  this->checkSymbolic();
694  return this->symbolic->getRegisterAst(reg);
695  }
696 
697 
699  this->checkSymbolic();
700  return this->symbolic->getRegisterAst(inst, reg);
701  }
702 
703 
705  this->checkSymbolic();
707  }
708 
709 
711  this->checkSymbolic();
713  }
714 
715 
717  this->checkSymbolic();
718  return this->symbolic->removeSymbolicExpression(symExprId);
719  }
720 
721 
723  this->checkSymbolic();
724  return this->symbolic->createSymbolicExpression(inst, node, dst, comment);
725  }
726 
727 
729  this->checkSymbolic();
730  return this->symbolic->createSymbolicMemoryExpression(inst, node, mem, comment);
731  }
732 
733 
735  this->checkSymbolic();
736  return this->symbolic->createSymbolicRegisterExpression(inst, node, reg, comment);
737  }
738 
739 
741  this->checkSymbolic();
742  return this->symbolic->createSymbolicFlagExpression(inst, node, flag, comment);
743  }
744 
745 
747  this->checkSymbolic();
748  return this->symbolic->createSymbolicVolatileExpression(inst, node, comment);
749  }
750 
751 
753  this->checkSymbolic();
755  }
756 
757 
759  this->checkSymbolic();
761  }
762 
763 
765  this->checkSymbolic();
766  return this->symbolic->getSymbolicMemory(addr);
767  }
768 
769 
770  std::map<triton::arch::register_e, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicRegisters(void) const {
771  this->checkSymbolic();
772  return this->symbolic->getSymbolicRegisters();
773  }
774 
775 
776  std::map<triton::uint64, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicMemory(void) const {
777  this->checkSymbolic();
778  return this->symbolic->getSymbolicMemory();
779  }
780 
781 
783  this->checkSymbolic();
784  return this->symbolic->getSymbolicRegister(reg);
785  }
786 
787 
789  this->checkSymbolic();
790  return this->symbolic->getSymbolicMemoryValue(address);
791  }
792 
793 
795  this->checkSymbolic();
796  return this->symbolic->getSymbolicMemoryValue(mem);
797  }
798 
799 
800  std::vector<triton::uint8> API::getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size) {
801  this->checkSymbolic();
802  return this->symbolic->getSymbolicMemoryAreaValue(baseAddr, size);
803  }
804 
805 
807  this->checkSymbolic();
808  return this->symbolic->getSymbolicRegisterValue(reg);
809  }
810 
811 
813  this->checkSymbolic();
814  if (z3 == true) {
815  auto snode = this->processZ3Simplification(node);
816  return this->symbolic->processSimplification(snode);
817  }
818  return this->symbolic->processSimplification(node);
819  }
820 
821 
823  this->checkSymbolic();
824  return this->symbolic->getSymbolicExpressionFromId(symExprId);
825  }
826 
827 
829  this->checkSymbolic();
830  return this->symbolic->getConcreteVariableValue(symVar);
831  }
832 
833 
835  this->checkSymbolic();
836  this->symbolic->setConcreteVariableValue(symVar, value);
837  }
838 
839 
841  this->checkSymbolic();
842  return this->symbolic->getSymbolicVariableFromId(symVarId);
843  }
844 
845 
847  this->checkSymbolic();
848  return this->symbolic->getSymbolicVariableFromName(symVarName);
849  }
850 
851 
852  const std::vector<triton::engines::symbolic::PathConstraint>& API::getPathConstraints(void) const {
853  this->checkSymbolic();
854  return this->symbolic->getPathConstraints();
855  }
856 
857 
859  this->checkSymbolic();
860  return this->symbolic->getPathConstraintsAst();
861  }
862 
863 
865  this->checkSymbolic();
866  this->symbolic->addPathConstraint(inst, expr);
867  }
868 
869 
871  this->checkSymbolic();
873  }
874 
875 
876  void API::enableSymbolicEngine(bool flag) {
877  this->checkSymbolic();
878  this->symbolic->enable(flag);
879  }
880 
881 
882  bool API::isSymbolicEngineEnabled(void) const {
883  this->checkSymbolic();
884  return this->symbolic->isEnabled();
885  }
886 
887 
889  this->checkSymbolic();
890  return this->symbolic->isSymbolicExpressionIdExists(symExprId);
891  }
892 
893 
895  this->checkSymbolic();
896  return this->symbolic->isMemorySymbolized(mem);
897  }
898 
899 
901  this->checkSymbolic();
902  return this->symbolic->isMemorySymbolized(addr, size);
903  }
904 
905 
907  this->checkSymbolic();
908  return this->symbolic->isRegisterSymbolized(reg);
909  }
910 
911 
913  this->checkSymbolic();
914  this->symbolic->concretizeAllMemory();
915  }
916 
917 
919  this->checkSymbolic();
921  }
922 
923 
925  this->checkSymbolic();
926  this->symbolic->concretizeMemory(mem);
927  }
928 
929 
931  this->checkSymbolic();
932  this->symbolic->concretizeMemory(addr);
933  }
934 
935 
937  this->checkSymbolic();
938  this->symbolic->concretizeRegister(reg);
939  }
940 
941 
942  std::map<triton::usize, triton::engines::symbolic::SharedSymbolicExpression> API::sliceExpressions(const triton::engines::symbolic::SharedSymbolicExpression& expr) {
943  this->checkSymbolic();
944  return this->symbolic->sliceExpressions(expr);
945  }
946 
947 
948  std::list<triton::engines::symbolic::SharedSymbolicExpression> API::getTaintedSymbolicExpressions(void) const {
949  this->checkSymbolic();
950  return this->symbolic->getTaintedSymbolicExpressions();
951  }
952 
953 
954  std::unordered_map<triton::usize, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicExpressions(void) const {
955  this->checkSymbolic();
956  return this->symbolic->getSymbolicExpressions();
957  }
958 
959 
960  const std::unordered_map<triton::usize, triton::engines::symbolic::SharedSymbolicVariable>& API::getSymbolicVariables(void) const {
961  this->checkSymbolic();
962  return this->symbolic->getSymbolicVariables();
963  }
964 
965 
966 
967  /* Solver engine API ============================================================================= */
968 
969  void API::checkSolver(void) const {
970  if (!this->solver)
971  throw triton::exceptions::API("API::checkSolver(): Solver engine is undefined, you should define an architecture first.");
972  }
973 
974 
976  this->checkSolver();
977  return this->solver->getSolver();
978  }
979 
980 
982  this->checkSolver();
983  return this->solver->getSolverInstance();
984  }
985 
986 
988  this->checkSolver();
989  this->solver->setSolver(kind);
990  }
991 
992 
994  this->checkSolver();
995  this->solver->setCustomSolver(customSolver);
996  }
997 
998 
999  bool API::isSolverValid(void) const {
1000  this->checkSolver();
1001  return this->solver->isValid();
1002  }
1003 
1004 
1005  std::map<triton::uint32, triton::engines::solver::SolverModel> API::getModel(const triton::ast::SharedAbstractNode& node) const {
1006  this->checkSolver();
1007  return this->solver->getModel(node);
1008  }
1009 
1010 
1011  std::list<std::map<triton::uint32, triton::engines::solver::SolverModel>> API::getModels(const triton::ast::SharedAbstractNode& node, triton::uint32 limit) const {
1012  this->checkSolver();
1013  return this->solver->getModels(node, limit);
1014  }
1015 
1016 
1018  this->checkSolver();
1019  return this->solver->isSat(node);
1020  }
1021 
1022 
1024  this->checkSolver();
1025  #ifdef Z3_INTERFACE
1027  return reinterpret_cast<const triton::engines::solver::Z3Solver*>(this->getSolverInstance())->evaluate(node);
1028  }
1029  #endif
1030  throw triton::exceptions::API("API::evaluateAstViaZ3(): Solver instance must be a SOLVER_Z3.");
1031  }
1032 
1033 
1035  this->checkSolver();
1036  #ifdef Z3_INTERFACE
1038  return reinterpret_cast<const triton::engines::solver::Z3Solver*>(this->getSolverInstance())->simplify(node);
1039  }
1040  #endif
1041  throw triton::exceptions::API("API::processZ3Simplification(): Solver instance must be a SOLVER_Z3.");
1042  }
1043 
1044 
1045 
1046  /* Taint engine API ============================================================================== */
1047 
1048  void API::checkTaint(void) const {
1049  if (!this->taint)
1050  throw triton::exceptions::API("API::checkTaint(): Taint engine is undefined, you should define an architecture first.");
1051  }
1052 
1053 
1055  this->checkTaint();
1056  return this->taint;
1057  }
1058 
1059 
1060  const std::set<triton::uint64>& API::getTaintedMemory(void) const {
1061  this->checkTaint();
1062  return this->taint->getTaintedMemory();
1063  }
1064 
1065 
1066  std::set<const triton::arch::Register*> API::getTaintedRegisters(void) const {
1067  this->checkTaint();
1068  return this->taint->getTaintedRegisters();
1069  }
1070 
1071 
1072  void API::enableTaintEngine(bool flag) {
1073  this->checkTaint();
1074  this->taint->enable(flag);
1075  }
1076 
1077 
1078  bool API::isTaintEngineEnabled(void) const {
1079  this->checkTaint();
1080  return this->taint->isEnabled();
1081  }
1082 
1083 
1085  this->checkTaint();
1086  return this->taint->isTainted(op);
1087  }
1088 
1089 
1090  bool API::isMemoryTainted(triton::uint64 addr, uint32 size) const {
1091  this->checkTaint();
1092  return this->taint->isMemoryTainted(addr, size);
1093  }
1094 
1095 
1097  this->checkTaint();
1098  return this->taint->isMemoryTainted(mem);
1099  }
1100 
1101 
1103  this->checkTaint();
1104  return this->taint->isRegisterTainted(reg);
1105  }
1106 
1107 
1108  bool API::setTaint(const triton::arch::OperandWrapper& op, bool flag) {
1109  this->checkTaint();
1110  return this->taint->setTaint(op, flag);
1111  }
1112 
1113 
1114  bool API::setTaintMemory(const triton::arch::MemoryAccess& mem, bool flag) {
1115  this->checkTaint();
1116  this->taint->setTaintMemory(mem, flag);
1117  return flag;
1118  }
1119 
1120 
1121  bool API::setTaintRegister(const triton::arch::Register& reg, bool flag) {
1122  this->checkTaint();
1123  this->taint->setTaintRegister(reg, flag);
1124  return flag;
1125  }
1126 
1127 
1129  this->checkTaint();
1130  return this->taint->taintMemory(addr);
1131  }
1132 
1133 
1135  this->checkTaint();
1136  return this->taint->taintMemory(mem);
1137  }
1138 
1139 
1141  this->checkTaint();
1142  return this->taint->taintRegister(reg);
1143  }
1144 
1145 
1147  this->checkTaint();
1148  return this->taint->untaintMemory(addr);
1149  }
1150 
1151 
1153  this->checkTaint();
1154  return this->taint->untaintMemory(mem);
1155  }
1156 
1157 
1159  this->checkTaint();
1160  return this->taint->untaintRegister(reg);
1161  }
1162 
1163 
1165  this->checkTaint();
1166  return this->taint->taintUnion(op1, op2);
1167  }
1168 
1169 
1171  this->checkTaint();
1172  return this->taint->taintAssignment(op1, op2);
1173  }
1174 
1175 
1177  this->checkTaint();
1178  return this->taint->taintUnionMemoryImmediate(memDst);
1179  }
1180 
1181 
1183  this->checkTaint();
1184  return this->taint->taintUnionMemoryMemory(memDst, memSrc);
1185  }
1186 
1187 
1189  this->checkTaint();
1190  return this->taint->taintUnionMemoryRegister(memDst, regSrc);
1191  }
1192 
1193 
1195  this->checkTaint();
1196  return this->taint->taintUnionRegisterImmediate(regDst);
1197  }
1198 
1199 
1201  this->checkTaint();
1202  return this->taint->taintUnionRegisterMemory(regDst, memSrc);
1203  }
1204 
1205 
1207  this->checkTaint();
1208  return this->taint->taintUnionRegisterRegister(regDst, regSrc);
1209  }
1210 
1211 
1213  this->checkTaint();
1214  return this->taint->taintAssignmentMemoryImmediate(memDst);
1215  }
1216 
1217 
1219  this->checkTaint();
1220  return this->taint->taintAssignmentMemoryMemory(memDst, memSrc);
1221  }
1222 
1223 
1225  this->checkTaint();
1226  return this->taint->taintAssignmentMemoryRegister(memDst, regSrc);
1227  }
1228 
1229 
1231  this->checkTaint();
1232  return this->taint->taintAssignmentRegisterImmediate(regDst);
1233  }
1234 
1235 
1237  this->checkTaint();
1238  return this->taint->taintAssignmentRegisterMemory(regDst, memSrc);
1239  }
1240 
1241 
1243  this->checkTaint();
1244  return this->taint->taintAssignmentRegisterRegister(regDst, regSrc);
1245  }
1246 
1247 }; /* triton namespace */
std::shared_ptr< triton::ast::AstContext > SharedAstContext
Shared AST context.
Definition: ast.hpp:64
TRITON_EXPORT bool taintUnionRegisterImmediate(const triton::arch::Register &regDst)
Taints RegisterImmediate with union. Returns true if the regDst is TAINTED.
TRITON_EXPORT triton::arch::architecture_e getArchitecture(void) const
Returns the kind of architecture as triton::arch::architecture_e.
TRITON_EXPORT const SharedSymbolicVariable & newSymbolicVariable(triton::engines::symbolic::variable_e type, triton::uint64 source, triton::uint32 size, const std::string &comment="")
Adds a symbolic variable.
TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
[taint api] - Abstract union tainting.
Definition: api.cpp:1164
This class is used to interface with solvers.
TRITON_EXPORT triton::ast::SharedAbstractNode getImmediateAst(const triton::arch::Immediate &imm)
Returns the AST corresponding to the immediate.
TRITON_EXPORT bool isValid(void) const
Returns true if the solver is valid.
TRITON_EXPORT const triton::arch::Register & getRegister(triton::arch::register_e id) const
Returns register from id.
TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess &mem, bool flag)
Sets the flag (taint or untaint) to a memory.
TRITON_EXPORT bool isArchitectureValid(void) const
[Architecture api] - Returns true if the architecture is valid.
Definition: api.cpp:242
TRITON_EXPORT std::unordered_map< triton::usize, SharedSymbolicExpression > getSymbolicExpressions(void) const
Returns all symbolic expressions.
TRITON_EXPORT bool isRegisterValid(triton::arch::register_e regId) const
[architecture api] - Returns true if the regId is a register or a flag.
Definition: api.cpp:321
TRITON_EXPORT triton::engines::solver::solver_e getSolver(void) const
Returns the kind of solver as triton::engines::solver::solver_e.
Definition: api.cpp:975
TRITON_EXPORT bool isTaintEngineEnabled(void) const
[taint api] - Returns true if the taint engine is enabled.
Definition: api.cpp:1078
TRITON_EXPORT triton::uint32 getGprSize(void) const
[architecture api] - Returns the size in byte of the General Purpose Registers.
Definition: api.cpp:336
TRITON_EXPORT void setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector< triton::uint8 > &values)
[architecture api] - Sets the concrete value of a memory area.
Definition: api.cpp:394
TRITON_EXPORT bool untaintMemory(triton::uint64 addr)
Untaints an address. Returns !TAINTED if the address has been untainted correctly. Otherwise it returns the last defined state.
triton::arch::Architecture arch
The architecture entry.
Definition: api.hpp:47
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicVolatileExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const std::string &comment="")
Returns the new shared symbolic volatile expression expression and links this expression to the instr...
TRITON_EXPORT triton::arch::CpuInterface * getCpuInstance(void)
Returns the instance of the current CPU used.
TRITON_EXPORT triton::uint32 gprSize(void) const
Returns the bit in byte of the General Purpose Registers.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & getSymbolicVariableFromName(const std::string &symVarName) const
[symbolic api] - Returns the symbolic variable corresponding to the symbolic variable name...
Definition: api.cpp:846
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::OperandWrapper &dst, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic abstract expression and links this expression to the...
Definition: api.cpp:722
This class is used when to represent an instruction.
Definition: instruction.hpp:47
TRITON_EXPORT const std::vector< triton::engines::symbolic::PathConstraint > & getPathConstraints(void) const
Returns the logical conjunction vector of path constraints.
Definition: pathManager.cpp:39
TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess &mem, bool flag)
[taint api] - Sets the flag (taint or untaint) to a memory.
Definition: api.cpp:1114
TRITON_EXPORT triton::uint512 getSymbolicRegisterValue(const triton::arch::Register &reg)
Returns the symbolic register value.
TRITON_EXPORT bool taintUnionRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints RegisterMemory with union. Returns true if the regDst or memSrc are TAINTED...
Definition: api.cpp:1200
TRITON_EXPORT bool taintAssignmentMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints MemoryMemory with assignment. Returns true if the memDst is tainted.
Definition: api.cpp:1218
TRITON_EXPORT void setCustomSolver(triton::engines::solver::SolverInterface *customSolver)
Initializes a custom solver.
Definition: api.cpp:993
triton::arch::ShortcutRegister registers
A shortcut to access to a Register class from a register name.
Definition: api.hpp:70
TRITON_EXPORT bool isMemoryMapped(triton::uint64 baseAddr, triton::usize size=1)
[architecture api] - Returns true if the range [baseAddr:size] is mapped into the internal memory rep...
Definition: api.cpp:412
TRITON_EXPORT bool isEnabled(void) const
Returns true if the symbolic execution engine is enabled.
TRITON_EXPORT bool isSat(const triton::ast::SharedAbstractNode &node) const
Returns true if an expression is satisfiable.
Definition: api.cpp:1017
TRITON_EXPORT void addPathConstraint(const triton::arch::Instruction &inst, const triton::engines::symbolic::SharedSymbolicExpression &expr)
[symbolic api] - Adds a path constraint.
Definition: api.cpp:864
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicMemoryExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::MemoryAccess &mem, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic memory expression and links this expression to the i...
Definition: api.cpp:728
TRITON_EXPORT void assignSymbolicExpressionToRegister(const SharedSymbolicExpression &se, const triton::arch::Register &reg)
Assigns a symbolic expression to a register.
TRITON_EXPORT bool isFlag(triton::arch::register_e regId) const
Returns true if the register ID is a flag.
TRITON_EXPORT bool taintUnionMemoryImmediate(const triton::arch::MemoryAccess &memDst)
[taint api] - Taints MemoryImmediate with union. Returns true if the memDst is TAINTED.
Definition: api.cpp:1176
register_e
Types of register.
Definition: archEnums.hpp:54
TRITON_EXPORT triton::ast::SharedAbstractNode getPathConstraintsAst(void)
[symbolic api] - Returns the logical conjunction AST of path constraints.
Definition: api.cpp:858
TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
[taint api] - Abstract assignment tainting.
Definition: api.cpp:1170
TRITON_EXPORT const triton::uint512 & getConcreteVariableValue(const SharedSymbolicVariable &symVar) const
Gets the concrete value of a symbolic variable.
TRITON_EXPORT bool isRegister(triton::arch::register_e regId) const
[architecture api] - Returns true if the regId is a register.
Definition: api.cpp:296
TRITON_EXPORT const SharedSymbolicVariable & convertRegisterToSymbolicVariable(const triton::arch::Register &reg, const std::string &symVarComment="")
Converts a symbolic register expression to a symbolic variable.
mode_e
Enumerates all kinds of mode.
Definition: modesEnums.hpp:29
TRITON_EXPORT bool processing(triton::arch::Instruction &inst)
[proccesing api] - Processes an instruction and updates engines according to the instruction semantic...
Definition: api.cpp:493
TRITON_EXPORT void initEngines(void)
[proccesing api] - Initializes everything.
Definition: api.cpp:433
TRITON_EXPORT bool isEnabled(void) const
Returns true if the taint engine is enabled.
Definition: taintEngine.cpp:49
TRITON_EXPORT triton::arch::endianness_e getEndianness(void) const
Returns the kind of endianness as triton::arch::endianness_e.
TRITON_EXPORT void reset(void)
[proccesing api] - Resets everything.
Definition: api.cpp:483
TRITON_EXPORT const SharedSymbolicVariable & getSymbolicVariableFromName(const std::string &symVarName) const
Returns the symbolic variable corresponding to the symbolic variable name.
TRITON_EXPORT const triton::engines::solver::SolverInterface * getSolverInstance(void) const
Returns the instance of the initialized solver.
TRITON_EXPORT triton::ast::SharedAbstractNode getMemoryAst(const triton::arch::MemoryAccess &mem)
[symbolic api] - Returns the AST corresponding to the memory.
Definition: api.cpp:680
TRITON_EXPORT bool taintAssignmentMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
[taint api] - Taints MemoryRegister with assignment. Returns true if the memDst is tainted...
Definition: api.cpp:1224
TRITON_EXPORT triton::uint512 getConcreteRegisterValue(const triton::arch::Register &reg, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a register.
Definition: api.cpp:376
TRITON_EXPORT const std::vector< triton::engines::symbolic::PathConstraint > & getPathConstraints(void) const
[symbolic api] - Returns the logical conjunction vector of path constraints.
Definition: api.cpp:852
TRITON_EXPORT const triton::arch::Register & getRegister(triton::arch::register_e id) const
[architecture api] - Returns Register from regId.
Definition: api.cpp:306
TRITON_EXPORT triton::uint512 evaluateAstViaZ3(const triton::ast::SharedAbstractNode &node) const
[solver api] - Evaluates a Triton&#39;s AST via Z3 and returns a concrete value.
Definition: api.cpp:1023
TRITON_EXPORT SharedSymbolicExpression getSymbolicExpressionFromId(triton::usize symExprId) const
Returns the symbolic expression corresponding to an id.
TRITON_EXPORT void setConcreteMemoryValue(triton::uint64 addr, triton::uint8 value)
[architecture api] - Sets the concrete value of a memory cell.
TRITON_EXPORT triton::arch::architecture_e getArchitecture(void) const
[architecture api] - Returns the architecture as triton::arch::architecture_e.
Definition: api.cpp:253
TRITON_EXPORT bool isRegisterSymbolized(const triton::arch::Register &reg) const
[symbolic api] - Returns true if the register expression contains a symbolic variable.
Definition: api.cpp:906
TRITON_EXPORT bool taintUnionMemoryImmediate(const triton::arch::MemoryAccess &memDst)
Taints MemoryImmediate with union. Returns true if the memDst is TAINTED.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertMemoryToSymbolicVariable(const triton::arch::MemoryAccess &mem, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic memory expression to a symbolic variable.
Definition: api.cpp:644
triton::engines::symbolic::SymbolicEngine * symbolic
The symbolic engine.
Definition: api.hpp:56
TRITON_EXPORT bool taintAssignmentMemoryImmediate(const triton::arch::MemoryAccess &memDst)
Taints MemoryImmediate with assignment. Returns always false.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicMemoryExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::MemoryAccess &mem, const std::string &comment="")
Returns the new shared symbolic memory expression expression and links this expression to the instruc...
TRITON_EXPORT std::vector< triton::uint8 > getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size)
[symbolic api] - Returns the symbolic values of a memory area.
Definition: api.cpp:800
TRITON_EXPORT void concretizeMemory(const triton::arch::MemoryAccess &mem)
[symbolic api] - Concretizes a specific symbolic memory reference.
Definition: api.cpp:924
TRITON_EXPORT void setConcreteVariableValue(const triton::engines::symbolic::SharedSymbolicVariable &symVar, const triton::uint512 &value)
[symbolic api] - Sets the concrete value of a symbolic variable.
Definition: api.cpp:834
TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract assignment tainting.
TRITON_EXPORT triton::ast::SharedAbstractNode getImmediateAst(const triton::arch::Immediate &imm)
[symbolic api] - Returns the AST corresponding to the immediate.
Definition: api.cpp:668
TRITON_EXPORT bool taintRegister(const triton::arch::Register &reg)
Taints a register. Returns TAINTED if the register has been tainted correctly. Otherwise it returns t...
TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register &reg) const
[taint api] - Returns true if the register is tainted.
Definition: api.cpp:1102
TRITON_EXPORT bool taintAssignmentRegisterImmediate(const triton::arch::Register &regDst)
[taint api] - Taints RegisterImmediate with assignment. Returns always false.
Definition: api.cpp:1230
TRITON_EXPORT bool isValid(void) const
Returns true if the architecture is valid.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::OperandWrapper &dst, const std::string &comment="")
Returns the new shared symbolic abstract expression and links this expression to the instruction...
TRITON_EXPORT triton::ast::SharedAbstractNode processCallbacks(triton::callbacks::callback_e kind, triton::ast::SharedAbstractNode node)
[callbacks api] - Processes callbacks according to the kind and the C++ polymorphism.
Definition: api.cpp:591
TRITON_EXPORT triton::ast::SharedAbstractNode processCallbacks(triton::callbacks::callback_e kind, triton::ast::SharedAbstractNode node)
Processes callbacks according to the kind and the C++ polymorphism.
Definition: callbacks.cpp:100
The Triton namespace.
Definition: api.cpp:226
TRITON_EXPORT triton::engines::symbolic::SymbolicEngine * getSymbolicEngine(void)
[symbolic api] - Returns the instance of the symbolic engine.
Definition: api.cpp:632
TRITON_EXPORT void enableSymbolicEngine(bool flag)
[symbolic api] - Enables or disables the symbolic execution engine.
Definition: api.cpp:876
TRITON_EXPORT const std::unordered_map< triton::arch::register_e, const triton::arch::Register > & getAllRegisters(void) const
Returns all registers.
TRITON_EXPORT void addCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
Adds a GET_CONCRETE_MEMORY_VALUE callback.
Definition: callbacks.cpp:26
TRITON_EXPORT void clearPathConstraints(void)
[symbolic api] - Clears the logical conjunction vector of path constraints.
Definition: api.cpp:870
TRITON_EXPORT triton::ast::SharedAbstractNode getOperandAst(const triton::arch::OperandWrapper &op)
Returns the AST corresponding to the operand.
triton::callbacks::Callbacks callbacks
The Callbacks interface.
Definition: api.hpp:44
TRITON_EXPORT void concretizeRegister(const triton::arch::Register &reg)
[symbolic api] - Concretizes a specific symbolic register reference.
Definition: api.cpp:936
TRITON_EXPORT void checkSolver(void) const
[solver api] - Raises an exception if the solver engine is not initialized.
Definition: api.cpp:969
TRITON_EXPORT const std::set< triton::uint64 > & getTaintedMemory(void) const
[taint api] - Returns the tainted addresses.
Definition: api.cpp:1060
TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const
Returns true if the addr is tainted.
This class is used as operand wrapper.
TRITON_EXPORT bool taintUnionRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
Taints RegisterRegister with union. Returns true if the regDst or regSrc are TAINTED.
TRITON_EXPORT bool taintAssignmentMemoryImmediate(const triton::arch::MemoryAccess &memDst)
[taint api] - Taints MemoryImmediate with assignment. Returns always false.
Definition: api.cpp:1212
TRITON_EXPORT bool untaintRegister(const triton::arch::Register &reg)
[taint api] - Untaints a register. Returns !TAINTED if the register has been untainted correctly...
Definition: api.cpp:1158
std::shared_ptr< triton::ast::AbstractNode > SharedAbstractNode
Shared Abstract Node.
Definition: ast.hpp:58
TRITON_EXPORT std::list< SharedSymbolicExpression > getTaintedSymbolicExpressions(void) const
Returns the list of the tainted symbolic expressions.
TRITON_EXPORT std::map< triton::usize, triton::engines::symbolic::SharedSymbolicExpression > sliceExpressions(const triton::engines::symbolic::SharedSymbolicExpression &expr)
[symbolic api] - Slices all expressions from a given one.
Definition: api.cpp:942
TRITON_EXPORT SharedSymbolicExpression getSymbolicMemory(triton::uint64 addr) const
Returns the shared symbolic expression corresponding to the memory address.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & getSymbolicRegister(const triton::arch::Register &reg) const
[symbolic api] - Returns the shared symbolic expression corresponding to the parent register...
Definition: api.cpp:782
triton::arch::IrBuilder * irBuilder
The IR builder.
Definition: api.hpp:65
TRITON_EXPORT const SharedSymbolicVariable & getSymbolicVariableFromId(triton::usize symVarId) const
Returns the symbolic variable corresponding to the symbolic variable id.
TRITON_EXPORT triton::arch::CpuInterface * getCpuInstance(void)
[architecture api] - Returns the instance of the current CPU used.
Definition: api.cpp:263
TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper &op, bool flag)
[taint api] - Sets the flag (taint or untaint) to an abstract operand (Register or Memory)...
Definition: api.cpp:1108
TRITON_EXPORT const triton::arch::Register & getParentRegister(triton::arch::register_e id) const
Returns parent register from id.
TRITON_EXPORT void unmapMemory(triton::uint64 baseAddr, triton::usize size=1)
Removes the range [baseAddr:size] from the internal memory representation.
TRITON_EXPORT const std::unordered_map< triton::usize, SharedSymbolicVariable > & getSymbolicVariables(void) const
Returns all symbolic variables.
TRITON_EXPORT triton::arch::endianness_e getEndianness(void) const
[architecture api] - Returns the endianness as triton::arch::endianness_e.
Definition: api.cpp:258
TRITON_EXPORT std::vector< triton::uint8 > getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a memory area.
Definition: api.cpp:370
TRITON_EXPORT SharedSymbolicExpression newSymbolicExpression(const triton::ast::SharedAbstractNode &node, triton::engines::symbolic::expression_e type, const std::string &comment="")
Creates a new shared symbolic expression.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicFlagExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &flag, const std::string &comment="")
Returns the new shared symbolic flag expression expression and links this expression to the instructi...
TRITON_EXPORT bool taintUnionMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
Taints MemoryRegister with union. Returns true if the memDst or regSrc are TAINTED.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertExpressionToSymbolicVariable(triton::usize exprId, triton::uint32 symVarSize, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic expression to a symbolic variable. symVarSize must be in bits...
Definition: api.cpp:638
This class is used when an instruction has a register operand.
Definition: register.hpp:44
TRITON_EXPORT bool buildSemantics(triton::arch::Instruction &inst)
Builds the semantics of the instruction. Returns true if the instruction is supported.
Definition: irBuilder.cpp:59
TRITON_EXPORT void removeEngines(void)
[proccesing api] - Removes everything.
Definition: api.cpp:457
TRITON_EXPORT void setConcreteRegisterValue(const triton::arch::Register &reg, const triton::uint512 &value)
[architecture api] - Sets the concrete value of a register.
TRITON_EXPORT bool taintUnionMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
[taint api] - Taints MemoryRegister with union. Returns true if the memDst or regSrc are TAINTED...
Definition: api.cpp:1188
triton::modes::SharedModes modes
The modes.
Definition: api.hpp:50
TRITON_EXPORT void removeSymbolicExpression(triton::usize symExprId)
Removes the symbolic expression corresponding to the id.
TRITON_EXPORT ~API()
Destructor of the API.
Definition: api.cpp:234
TRITON_EXPORT bool taintAssignmentMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
Taints MemoryRegister with assignment. Returns true if the memDst is tainted.
triton::engines::taint::TaintEngine * taint
The taint engine.
Definition: api.hpp:53
TRITON_EXPORT triton::ast::SharedAbstractNode processZ3Simplification(const triton::ast::SharedAbstractNode &node) const
[solver api] - Converts a Triton&#39;s AST to a Z3&#39;s AST, perform a Z3 simplification and returns a Trito...
Definition: api.cpp:1034
TRITON_EXPORT std::map< triton::arch::register_e, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicRegisters(void) const
[symbolic api] - Returns the map of symbolic registers defined.
Definition: api.cpp:770
TRITON_EXPORT void concretizeAllRegister(void)
Concretizes all symbolic register references.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicRegisterExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &reg, const std::string &comment="")
Returns the new shared symbolic register expression expression and links this expression to the instr...
TRITON_EXPORT bool taintAssignmentMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
Taints MemoryMemory with assignment. Returns true if the memDst is tainted.
TRITON_EXPORT triton::uint8 getSymbolicMemoryValue(triton::uint64 address)
Returns the symbolic memory value.
TRITON_EXPORT const SharedSymbolicVariable & convertMemoryToSymbolicVariable(const triton::arch::MemoryAccess &mem, const std::string &symVarComment="")
Converts a symbolic memory expression to a symbolic variable.
TRITON_EXPORT bool taintMemory(triton::uint64 addr)
Taints an address. Returns TAINTED if the address has been tainted correctly. Otherwise it returns th...
TRITON_EXPORT void concretizeAllMemory(void)
[symbolic api] - Concretizes all symbolic memory references.
Definition: api.cpp:912
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertRegisterToSymbolicVariable(const triton::arch::Register &reg, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic register expression to a symbolic variable.
Definition: api.cpp:650
TRITON_EXPORT bool taintAssignmentRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
Taints RegisterRegister with assignment. Returns true if the regDst is tainted.
TRITON_EXPORT bool taintUnionMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
Taints MemoryMemory with union. Returns true if the memDst or memSrc are TAINTED. ...
TRITON_EXPORT void setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector< triton::uint8 > &values)
[architecture api] - Sets the concrete value of a memory area.
TRITON_EXPORT void unmapMemory(triton::uint64 baseAddr, triton::usize size=1)
[architecture api] - Removes the range [baseAddr:size] from the internal memory representation.
Definition: api.cpp:418
Assigned to a volatile expression.
TRITON_EXPORT triton::uint32 numberOfRegisters(void) const
Returns the number of registers according to the CPU architecture.
TRITON_EXPORT const std::unordered_map< triton::usize, triton::engines::symbolic::SharedSymbolicVariable > & getSymbolicVariables(void) const
[symbolic api] - Returns all symbolic variables as a map of <SymVarId : SymVar>
Definition: api.cpp:960
TRITON_EXPORT void concretizeMemory(const triton::arch::MemoryAccess &mem)
Concretizes a specific symbolic memory reference.
TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register &reg) const
Returns true if the register is tainted.
TRITON_EXPORT std::vector< triton::uint8 > getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks=true) const
Returns the concrete value of a memory area.
TRITON_EXPORT bool isSymbolicEngineEnabled(void) const
[symbolic api] - Returns true if the symbolic execution engine is enabled.
Definition: api.cpp:882
This class is used to represent an immediate.
Definition: immediate.hpp:37
TRITON_EXPORT void enableMode(triton::modes::mode_e mode, bool flag)
[modes api] - Enables or disables a specific mode.
Definition: api.cpp:613
TRITON_EXPORT std::set< const triton::arch::Register * > getParentRegisters(void) const
Returns all parent registers.
TRITON_EXPORT bool isRegister(triton::arch::register_e regId) const
Returns true if the register ID is a register.
TRITON_EXPORT void addPathConstraint(const triton::arch::Instruction &inst, const triton::engines::symbolic::SharedSymbolicExpression &expr)
Adds a path constraint.
Definition: pathManager.cpp:71
TRITON_EXPORT triton::uint8 getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks=true) const
Returns the concrete value of a memory cell.
TRITON_EXPORT bool isRegisterValid(triton::arch::register_e regId) const
Returns true if the register ID is a register or a flag.
TRITON_EXPORT triton::engines::symbolic::SharedSymbolicExpression getSymbolicExpressionFromId(triton::usize symExprId) const
[symbolic api] - Returns the shared symbolic expression corresponding to an id.
Definition: api.cpp:822
TRITON_EXPORT void enableTaintEngine(bool flag)
[taint api] - Enables or disables the taint engine.
Definition: api.cpp:1072
TRITON_EXPORT triton::ast::SharedAbstractNode getMemoryAst(const triton::arch::MemoryAccess &mem)
Returns the AST corresponding to the memory.
TRITON_EXPORT void disassembly(triton::arch::Instruction &inst) const
[architecture api] - Disassembles the instruction and setup operands. You must define an architecture...
Definition: api.cpp:424
TRITON_EXPORT const std::unordered_map< triton::arch::register_e, const triton::arch::Register > & getAllRegisters(void) const
[architecture api] - Returns all registers.
Definition: api.cpp:346
TRITON_EXPORT void setConcreteRegisterValue(const triton::arch::Register &reg, const triton::uint512 &value)
[architecture api] - Sets the concrete value of a register.
Definition: api.cpp:406
TRITON_EXPORT triton::ast::SharedAbstractNode getRegisterAst(const triton::arch::Register &reg)
Returns the AST corresponding to the register.
TRITON_EXPORT std::map< triton::uint32, SolverModel > getModel(const triton::ast::SharedAbstractNode &node) const
Computes and returns a model from a symbolic constraint.
TRITON_EXPORT bool taintAssignmentRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints RegisterMemory with assignment. Returns true if the regDst is tainted...
Definition: api.cpp:1236
This class is used to represent a memory access.
TRITON_EXPORT bool buildSemantics(triton::arch::Instruction &inst)
[IR builder api] - Builds the instruction semantics. Returns true if the instruction is supported...
Definition: api.cpp:509
TRITON_EXPORT triton::uint32 getAstRepresentationMode(void) const
[AST representation api] - Returns the AST representation mode as triton::ast::representations::mode_...
Definition: api.cpp:523
TRITON_EXPORT std::map< triton::uint32, triton::engines::solver::SolverModel > getModel(const triton::ast::SharedAbstractNode &node) const
[solver api] - Computes and returns a model from a symbolic constraint.
Definition: api.cpp:1005
TRITON_EXPORT triton::uint32 gprBitSize(void) const
Returns the bit in bit of the General Purpose Registers.
TRITON_EXPORT triton::ast::SharedAbstractNode getOperandAst(const triton::arch::OperandWrapper &op)
[symbolic api] - Returns the AST corresponding to the operand.
Definition: api.cpp:656
TRITON_EXPORT triton::engines::taint::TaintEngine * getTaintEngine(void)
[taint api] - Returns the instance of the taint engine.
Definition: api.cpp:1054
TRITON_EXPORT void disassembly(triton::arch::Instruction &inst) const
Disassembles the instruction according to the architecture.
TRITON_EXPORT triton::uint8 getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a memory cell.
Definition: api.cpp:358
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicFlagExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &flag, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic flag expression and links this expression to the ins...
Definition: api.cpp:740
TRITON_EXPORT void setConcreteMemoryValue(triton::uint64 addr, triton::uint8 value)
[architecture api] - Sets the concrete value of a memory cell.
Definition: api.cpp:382
TRITON_EXPORT void clearPathConstraints(void)
Clears the logical conjunction vector of path constraints.
This interface is used as abstract CPU interface. All CPU must use this interface.
TRITON_EXPORT std::unordered_map< triton::usize, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicExpressions(void) const
[symbolic api] - Returns all symbolic expressions as a map of <SymExprId : SymExpr> ...
Definition: api.cpp:954
The IR builder.
Definition: irBuilder.hpp:38
TRITON_EXPORT void removeCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
Deletes a GET_CONCRETE_MEMORY_VALUE callback.
Definition: callbacks.cpp:65
std::uint64_t uint64
unisgned 64-bits
Definition: tritonTypes.hpp:34
TRITON_EXPORT void checkArchitecture(void) const
[architecture api] - Raises an exception if the architecture is not initialized.
Definition: api.cpp:247
TRITON_EXPORT void concretizeAllMemory(void)
Concretizes all symbolic memory references.
TRITON_EXPORT triton::ast::SharedAbstractNode getRegisterAst(const triton::arch::Register &reg)
[symbolic api] - Returns the AST corresponding to the register.
Definition: api.cpp:692
TRITON_EXPORT bool isRegisterSymbolized(const triton::arch::Register &reg) const
Returns true if the register expression contains a symbolic variable.
TRITON_EXPORT bool setTaintRegister(const triton::arch::Register &reg, bool flag)
Sets the flag (taint or untaint) to a register.
TRITON_EXPORT bool taintUnionMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints MemoryMemory with union. Returns true if the memDst or memSrc are TAINTED...
Definition: api.cpp:1182
std::shared_ptr< triton::engines::symbolic::SymbolicExpression > SharedSymbolicExpression
Shared Symbolic Expression.
Definition: ast.hpp:39
TRITON_EXPORT bool taintMemory(triton::uint64 addr)
[taint api] - Taints an address. Returns TAINTED if the address has been tainted correctly. Otherwise it returns the last defined state.
Definition: api.cpp:1128
std::uint32_t uint32
unisgned 32-bits
Definition: tritonTypes.hpp:31
TRITON_EXPORT std::vector< triton::uint8 > getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size)
Returns the symbolic values of a memory area.
The exception class used by the Triton&#39;s API.
Definition: exceptions.hpp:185
TRITON_EXPORT bool untaintMemory(triton::uint64 addr)
[taint api] - Untaints an address. Returns !TAINTED if the address has been untainted correctly...
Definition: api.cpp:1146
TRITON_EXPORT API()
Constructor of the API.
Definition: api.cpp:228
TRITON_EXPORT std::list< std::map< triton::uint32, triton::engines::solver::SolverModel > > getModels(const triton::ast::SharedAbstractNode &node, triton::uint32 limit) const
[solver api] - Computes and returns several models from a symbolic constraint. The limit is the numbe...
Definition: api.cpp:1011
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicVolatileExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic volatile expression and links this expression to the...
Definition: api.cpp:746
TRITON_EXPORT void checkTaint(void) const
[taint api] - Raises an exception if the taint engine is not initialized.
Definition: api.cpp:1048
TRITON_EXPORT bool isMemorySymbolized(const triton::arch::MemoryAccess &mem) const
Returns true if memory cell expressions contain symbolic variables.
TRITON_EXPORT bool taintAssignmentRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
Taints RegisterMemory with assignment. Returns true if the regDst is tainted.
TRITON_EXPORT bool isModeEnabled(triton::modes::mode_e mode) const
[modes api] - Returns true if the mode is enabled.
Definition: api.cpp:618
TRITON_EXPORT void setArchitecture(triton::arch::architecture_e arch)
[architecture api] - Initializes an architecture.
Definition: api.cpp:270
TRITON_EXPORT triton::uint32 getNumberOfRegisters(void) const
[architecture api] - Returns the number of registers according to the CPU architecture.
Definition: api.cpp:341
TRITON_EXPORT const triton::engines::solver::SolverInterface * getSolverInstance(void) const
Returns the instance of the initialized solver.
Definition: api.cpp:981
TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract union tainting.
TRITON_EXPORT std::set< const triton::arch::Register * > getParentRegisters(void) const
[architecture api] - Returns all parent registers.
Definition: api.cpp:352
TRITON_EXPORT bool taintUnionRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
Taints RegisterMemory with union. Returns true if the regDst or memSrc are TAINTED.
TRITON_EXPORT const SharedSymbolicExpression & getSymbolicRegister(const triton::arch::Register &reg) const
Returns the shared symbolic expression corresponding to the parent register.
TRITON_EXPORT triton::uint32 getGprBitSize(void) const
[architecture api] - Returns the bit in byte of the General Purpose Registers.
Definition: api.cpp:331
TRITON_EXPORT void setCustomSolver(triton::engines::solver::SolverInterface *customSolver)
Initializes a custom solver.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicRegisterExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &reg, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic register expression and links this expression to the...
Definition: api.cpp:734
TRITON_EXPORT const triton::uint512 & getConcreteVariableValue(const triton::engines::symbolic::SharedSymbolicVariable &symVar) const
[symbolic api] - Gets the concrete value of a symbolic variable.
Definition: api.cpp:828
TRITON_EXPORT bool isSymbolicExpressionIdExists(triton::usize symExprId) const
[symbolic api] - Returns true if the symbolic expression ID exists.
Definition: api.cpp:888
TRITON_EXPORT bool isSat(const triton::ast::SharedAbstractNode &node) const
Returns true if an expression is satisfiable.
TRITON_EXPORT void setSolver(triton::engines::solver::solver_e kind)
Initializes a predefined solver.
Definition: api.cpp:987
TRITON_EXPORT std::map< triton::uint64, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicMemory(void) const
[symbolic api] - Returns the map (<Addr : SymExpr>) of symbolic memory defined.
Definition: api.cpp:776
void init(triton::arch::architecture_e arch)
TRITON_EXPORT bool taintUnionRegisterImmediate(const triton::arch::Register &regDst)
[taint api] - Taints RegisterImmediate with union. Returns true if the regDst is TAINTED.
Definition: api.cpp:1194
std::shared_ptr< triton::engines::symbolic::SymbolicVariable > SharedSymbolicVariable
Shared Symbolic variable.
Definition: ast.hpp:42
This interface is used to interface with solvers.
TRITON_EXPORT void addCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
[callbacks api] - Adds a GET_CONCRETE_MEMORY_VALUE callback (LOAD).
Definition: api.cpp:536
TRITON_EXPORT void assignSymbolicExpressionToRegister(const triton::engines::symbolic::SharedSymbolicExpression &se, const triton::arch::Register &reg)
[symbolic api] - Assigns a symbolic expression to a register.
Definition: api.cpp:758
TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper &op) const
[taint api] - Abstract taint verification. Returns true if the operand is tainted.
Definition: api.cpp:1084
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & getSymbolicVariableFromId(triton::usize symVarId) const
[symbolic api] - Returns the symbolic variable corresponding to the symbolic variable id...
Definition: api.cpp:840
TRITON_EXPORT std::map< triton::arch::register_e, SharedSymbolicExpression > getSymbolicRegisters(void) const
Returns the map of symbolic registers defined.
Solver engine using z3.
Definition: z3Solver.hpp:46
TRITON_EXPORT triton::ast::SharedAstContext getAstContext(void)
[IR builder api] - Returns the AST context. Used as AST builder.
Definition: api.cpp:515
TRITON_EXPORT triton::engines::solver::solver_e getSolver(void) const
Returns the kind of solver as triton::engines::solver::solver_e.
std::uint8_t uint8
unisgned 8-bits
Definition: tritonTypes.hpp:25
TRITON_EXPORT void enable(bool flag)
Enables or disables the symbolic execution engine.
TRITON_EXPORT void concretizeAllRegister(void)
[symbolic api] - Concretizes all symbolic register references.
Definition: api.cpp:918
TRITON_EXPORT bool isMemoryMapped(triton::uint64 baseAddr, triton::usize size=1)
Returns true if the range [baseAddr:size] is mapped into the internal memory representation.
TRITON_EXPORT bool taintAssignmentRegisterImmediate(const triton::arch::Register &regDst)
Taints RegisterImmediate with assignment. Returns always false.
The taint engine class.
Definition: taintEngine.hpp:53
TRITON_EXPORT void setConcreteVariableValue(const SharedSymbolicVariable &symVar, const triton::uint512 &value)
Sets the concrete value of a symbolic variable.
TRITON_EXPORT void assignSymbolicExpressionToMemory(const SharedSymbolicExpression &se, const triton::arch::MemoryAccess &mem)
Assigns a symbolic expression to a memory.
TRITON_EXPORT void checkIrBuilder(void) const
[IR builder api] - Raises an exception if the IR builder is not initialized.
Definition: api.cpp:503
TRITON_EXPORT bool isFlag(triton::arch::register_e regId) const
[architecture api] - Returns true if the register id is a flag.
Definition: api.cpp:286
TRITON_EXPORT void checkSymbolic(void) const
[symbolic api] - Raises an exception if the symbolic engine is not initialized.
Definition: api.cpp:626
TRITON_EXPORT std::list< std::map< triton::uint32, SolverModel > > getModels(const triton::ast::SharedAbstractNode &node, triton::uint32 limit) const
Computes and returns several models from a symbolic constraint. The limit is the max number of models...
TRITON_EXPORT void removeAllCallbacks(void)
[callbacks api] - Removes all recorded callbacks.
Definition: api.cpp:561
std::atomic< bool > isDefined
True if there is at least one callback defined.
Definition: callbacks.hpp:117
TRITON_EXPORT bool taintUnionRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
[taint api] - Taints RegisterRegister with union. Returns true if the regDst or regSrc are TAINTED...
Definition: api.cpp:1206
TRITON_EXPORT const triton::arch::Register & getParentRegister(const triton::arch::Register &reg) const
[architecture api] - Returns parent Register from a register.
Definition: api.cpp:311
TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper &op, bool flag)
Sets the flag (taint or untaint) to an abstract operand (Register or Memory).
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & newSymbolicVariable(triton::uint32 varSize, const std::string &comment="")
[symbolic api] - Returns a new symbolic variable.
Definition: api.cpp:710
TRITON_EXPORT std::set< const triton::arch::Register * > getTaintedRegisters(void) const
Returns the tainted registers.
Definition: taintEngine.cpp:66
boost::multiprecision::uint512_t uint512
unsigned 512-bits
Definition: tritonTypes.hpp:43
TRITON_EXPORT bool isMemorySymbolized(const triton::arch::MemoryAccess &mem) const
[symbolic api] - Returns true if memory cell expressions contain symbolic variables.
Definition: api.cpp:894
TRITON_EXPORT std::list< triton::engines::symbolic::SharedSymbolicExpression > getTaintedSymbolicExpressions(void) const
[symbolic api] - Returns the list of the tainted symbolic expressions.
Definition: api.cpp:948
TRITON_EXPORT triton::ast::SharedAbstractNode processSimplification(const triton::ast::SharedAbstractNode &node) const
Processes all recorded simplifications. Returns the simplified node.
TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const
[taint api] - Returns true if the address:size is tainted.
Definition: api.cpp:1090
TRITON_EXPORT void assignSymbolicExpressionToMemory(const triton::engines::symbolic::SharedSymbolicExpression &se, const triton::arch::MemoryAccess &mem)
[symbolic api] - Assigns a symbolic expression to a memory.
Definition: api.cpp:752
TRITON_EXPORT bool taintRegister(const triton::arch::Register &reg)
[taint api] - Taints a register. Returns TAINTED if the register has been tainted correctly...
Definition: api.cpp:1140
TRITON_EXPORT std::map< triton::usize, SharedSymbolicExpression > sliceExpressions(const SharedSymbolicExpression &expr)
Slices all expressions from a given one.
TRITON_EXPORT triton::uint8 getSymbolicMemoryValue(triton::uint64 address)
[symbolic api] - Returns the symbolic memory value.
Definition: api.cpp:788
TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper &op) const
Abstract taint verification. Returns true if the operand is tainted.
TRITON_EXPORT std::set< const triton::arch::Register * > getTaintedRegisters(void) const
[taint api] - Returns the tainted registers.
Definition: api.cpp:1066
TRITON_EXPORT void concretizeRegister(const triton::arch::Register &reg)
Concretizes a specific symbolic register reference.
TRITON_EXPORT const std::set< triton::uint64 > & getTaintedMemory(void) const
Returns the tainted addresses.
Definition: taintEngine.cpp:60
std::size_t usize
unsigned MAX_INT 32 or 64 bits according to the CPU.
Definition: tritonTypes.hpp:67
TRITON_EXPORT void setAstRepresentationMode(triton::uint32 mode)
[AST representation api] - Sets the AST representation mode.
Definition: api.cpp:528
TRITON_EXPORT void clearArchitecture(void)
[architecture api] - Clears the architecture states (registers and memory).
Definition: api.cpp:280
TRITON_EXPORT bool isSymbolicExpressionIdExists(triton::usize symExprId) const
Returns true if the symbolic expression ID exists.
TRITON_EXPORT void clearArchitecture(void)
Clears the architecture states (registers and memory).
TRITON_EXPORT bool taintAssignmentRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
[taint api] - Taints RegisterRegister with assignment. Returns true if the regDst is tainted...
Definition: api.cpp:1242
TRITON_EXPORT void setSolver(triton::engines::solver::solver_e kind)
Initializes a predefined solver.
TRITON_EXPORT void removeCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
[callbacks api] - Deletes a GET_CONCRETE_MEMORY_VALUE callback (LOAD).
Definition: api.cpp:566
TRITON_EXPORT bool isSolverValid(void) const
Returns true if the solver is valid.
Definition: api.cpp:999
TRITON_EXPORT triton::uint512 getSymbolicRegisterValue(const triton::arch::Register &reg)
[symbolic api] - Returns the symbolic register value.
Definition: api.cpp:806
TRITON_EXPORT void removeSymbolicExpression(triton::usize symExprId)
[symbolic api] - Removes the symbolic expression corresponding to the id.
Definition: api.cpp:716
TRITON_EXPORT bool untaintRegister(const triton::arch::Register &reg)
Untaints a register. Returns !TAINTED if the register has been untainted correctly. Otherwise it returns the last defined state.
TRITON_EXPORT triton::ast::SharedAbstractNode processSimplification(const triton::ast::SharedAbstractNode &node, bool z3=false) const
[symbolic api] - Processes all recorded simplifications. Returns the simplified node.
Definition: api.cpp:812
TRITON_EXPORT triton::ast::SharedAbstractNode getPathConstraintsAst(void) const
Returns the logical conjunction AST of path constraints.
Definition: pathManager.cpp:45
triton::engines::solver::SolverEngine * solver
The solver engine.
Definition: api.hpp:59
TRITON_EXPORT bool setTaintRegister(const triton::arch::Register &reg, bool flag)
[taint api] - Sets the flag (taint or untaint) to a register.
Definition: api.cpp:1121
TRITON_EXPORT const SharedSymbolicVariable & convertExpressionToSymbolicVariable(triton::usize exprId, triton::uint32 symVarSize, const std::string &symVarComment="")
Converts a symbolic expression to a symbolic variable. symVarSize must be in bits.
TRITON_EXPORT void enable(bool flag)
Enables or disables the taint engine.
Definition: taintEngine.cpp:54
TRITON_EXPORT void removeAllCallbacks(void)
Removes all recorded callbacks.
Definition: callbacks.cpp:56
triton::ast::SharedAstContext astCtxt
The AST Context interface.
Definition: api.hpp:62
TRITON_EXPORT triton::engines::symbolic::SharedSymbolicExpression newSymbolicExpression(const triton::ast::SharedAbstractNode &node, const std::string &comment="")
[symbolic api] - Returns a new shared symbolic expression. Note that if there are simplification pass...
Definition: api.cpp:704
TRITON_EXPORT triton::uint512 getConcreteRegisterValue(const triton::arch::Register &reg, bool execCallbacks=true) const
Returns the concrete value of a register.