libTriton  version 0.7 build 1407
api.cpp
Go to the documentation of this file.
1 /*
3 ** Copyright (C) - Triton
4 **
5 ** This program is under the terms of the BSD License.
6 */
7 
8 #include <triton/api.hpp>
9 #include <triton/exceptions.hpp>
10 
11 #include <list>
12 #include <map>
13 #include <new>
14 
15 
225 namespace triton {
226 
227  API::API() : callbacks(*this), arch(&this->callbacks), modes(), astCtxt(this->modes) {
228  }
229 
230 
232  this->removeEngines();
233  }
234 
235 
236 
237  /* Architecture API ============================================================================== */
238 
239  bool API::isArchitectureValid(void) const {
240  return this->arch.isValid();
241  }
242 
243 
244  void API::checkArchitecture(void) const {
245  if (!this->isArchitectureValid())
246  throw triton::exceptions::API("API::checkArchitecture(): You must define an architecture.");
247  }
248 
249 
251  return this->arch.getArchitecture();
252  }
253 
254 
256  return this->arch.getEndianness();
257  }
258 
259 
261  if (!this->isArchitectureValid())
262  throw triton::exceptions::API("API::checkArchitecture(): You must define an architecture.");
263  return this->arch.getCpuInstance();
264  }
265 
266 
268  /* Setup and init the targeted architecture */
269  this->arch.setArchitecture(arch);
270 
271  /* remove and re-init previous engines (when setArchitecture() has been called twice) */
272  this->removeEngines();
273  this->initEngines();
274  }
275 
276 
278  this->checkArchitecture();
279  this->arch.clearArchitecture();
280  }
281 
282 
284  return this->arch.isFlag(regId);
285  }
286 
287 
288  bool API::isFlag(const triton::arch::Register& reg) const {
289  return this->arch.isFlag(reg);
290  }
291 
292 
294  return this->arch.isRegister(regId);
295  }
296 
297 
298  bool API::isRegister(const triton::arch::Register& reg) const {
299  return this->arch.isRegister(reg);
300  }
301 
302 
304  return this->arch.getRegister(id);
305  }
306 
307 
309  return this->arch.getParentRegister(reg);
310  }
311 
312 
314  return this->arch.getParentRegister(id);
315  }
316 
317 
319  return this->arch.isRegisterValid(regId);
320  }
321 
322 
324  return this->arch.isRegisterValid(reg);
325  }
326 
327 
329  return this->arch.gprBitSize();
330  }
331 
332 
334  return this->arch.gprSize();
335  }
336 
337 
339  return this->arch.numberOfRegisters();
340  }
341 
342 
343  const std::unordered_map<triton::arch::register_e, const triton::arch::Register>& API::getAllRegisters(void) const {
344  this->checkArchitecture();
345  return this->arch.getAllRegisters();
346  }
347 
348 
349  std::set<const triton::arch::Register*> API::getParentRegisters(void) const {
350  this->checkArchitecture();
351  return this->arch.getParentRegisters();
352  }
353 
354 
355  triton::uint8 API::getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks) const {
356  this->checkArchitecture();
357  return this->arch.getConcreteMemoryValue(addr, execCallbacks);
358  }
359 
360 
362  this->checkArchitecture();
363  return this->arch.getConcreteMemoryValue(mem, execCallbacks);
364  }
365 
366 
367  std::vector<triton::uint8> API::getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks) const {
368  this->checkArchitecture();
369  return this->arch.getConcreteMemoryAreaValue(baseAddr, size, execCallbacks);
370  }
371 
372 
374  this->checkArchitecture();
375  return this->arch.getConcreteRegisterValue(reg, execCallbacks);
376  }
377 
378 
380  this->checkArchitecture();
381  this->arch.setConcreteMemoryValue(addr, value);
382  }
383 
384 
386  this->checkArchitecture();
387  this->arch.setConcreteMemoryValue(mem, value);
388  }
389 
390 
391  void API::setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector<triton::uint8>& values) {
392  this->checkArchitecture();
393  this->arch.setConcreteMemoryAreaValue(baseAddr, values);
394  }
395 
396 
398  this->checkArchitecture();
399  this->arch.setConcreteMemoryAreaValue(baseAddr, area, size);
400  }
401 
402 
404  this->checkArchitecture();
405  this->arch.setConcreteRegisterValue(reg, value);
406  }
407 
408 
410  this->checkArchitecture();
411  return this->arch.isMemoryMapped(baseAddr, size);
412  }
413 
414 
416  this->checkArchitecture();
417  this->arch.unmapMemory(baseAddr, size);
418  }
419 
420 
422  this->checkArchitecture();
423  this->arch.disassembly(inst);
424  }
425 
426 
427 
428  /* Processing API ================================================================================ */
429 
430  void API::initEngines(void) {
431  this->checkArchitecture();
432 
433  this->symbolic = new(std::nothrow) triton::engines::symbolic::SymbolicEngine(&this->arch, this->modes, this->astCtxt, &this->callbacks);
434  if (this->symbolic == nullptr)
435  throw triton::exceptions::API("API::initEngines(): No enough memory.");
436 
437  this->solver = new(std::nothrow) triton::engines::solver::SolverEngine();
438  if (this->solver == nullptr)
439  throw triton::exceptions::API("API::initEngines(): No enough memory.");
440 
441  this->taint = new(std::nothrow) triton::engines::taint::TaintEngine(this->modes, this->symbolic, *this->getCpuInstance());
442  if (this->taint == nullptr)
443  throw triton::exceptions::API("API::initEngines(): No enough memory.");
444 
445  this->irBuilder = new(std::nothrow) triton::arch::IrBuilder(&this->arch, this->modes, this->astCtxt, this->symbolic, this->taint);
446  if (this->irBuilder == nullptr)
447  throw triton::exceptions::API("API::initEngines(): No enough memory.");
448 
449  /* Setup registers shortcut */
450  this->registers.init(this->arch.getArchitecture());
451  }
452 
453 
454  void API::removeEngines(void) {
455  if (this->isArchitectureValid()) {
456  delete this->irBuilder;
457  delete this->solver;
458  delete this->symbolic;
459  delete this->taint;
460 
461  this->irBuilder = nullptr;
462  this->solver = nullptr;
463  this->symbolic = nullptr;
464  this->taint = nullptr;
465  }
466 
467  // Use default modes.
468  this->modes = triton::modes::Modes();
469 
470  // Clean up the ast context
471  this->astCtxt = triton::ast::AstContext(this->modes);
472 
473  // Clean up the registers shortcut
474  this->registers.clear();
475  }
476 
477 
478  void API::reset(void) {
479  if (this->isArchitectureValid()) {
480  this->removeEngines();
481  this->initEngines();
482  this->clearArchitecture();
483  this->removeAllCallbacks();
484  }
485  }
486 
487 
489  this->checkArchitecture();
490  this->arch.disassembly(inst);
491  return this->irBuilder->buildSemantics(inst);
492  }
493 
494 
495 
496  /* IR builder API ================================================================================= */
497 
498  void API::checkIrBuilder(void) const {
499  if (!this->irBuilder)
500  throw triton::exceptions::API("API::checkIrBuilder(): IR builder is undefined, you should define an architecture first.");
501  }
502 
503 
505  this->checkIrBuilder();
506  return this->irBuilder->buildSemantics(inst);
507  }
508 
509 
511  return this->astCtxt;
512  }
513 
514 
515 
516  /* AST representation API ========================================================================= */
517 
519  return this->astCtxt.getRepresentationMode();
520  }
521 
522 
524  this->astCtxt.setRepresentationMode(mode);
525  }
526 
527 
528 
529  /* Callbacks API ================================================================================= */
530 
532  this->callbacks.addCallback(cb);
533  }
534 
535 
537  this->callbacks.addCallback(cb);
538  }
539 
540 
542  this->callbacks.addCallback(cb);
543  }
544 
545 
547  this->callbacks.addCallback(cb);
548  }
549 
550 
552  this->callbacks.addCallback(cb);
553  }
554 
555 
558  }
559 
560 
562  this->callbacks.removeCallback(cb);
563  }
564 
565 
567  this->callbacks.removeCallback(cb);
568  }
569 
570 
572  this->callbacks.removeCallback(cb);
573  }
574 
575 
577  this->callbacks.removeCallback(cb);
578  }
579 
580 
582  this->callbacks.removeCallback(cb);
583  }
584 
585 
587  if (this->callbacks.isDefined)
588  return this->callbacks.processCallbacks(kind, node);
589  return node;
590  }
591 
592 
594  if (this->callbacks.isDefined)
595  this->callbacks.processCallbacks(kind, mem);
596  }
597 
598 
600  if (this->callbacks.isDefined)
601  this->callbacks.processCallbacks(kind, reg);
602  }
603 
604 
605 
606  /* Modes API======================================================================================= */
607 
608  void API::enableMode(triton::modes::mode_e mode, bool flag) {
609  this->modes.enableMode(mode, flag);
610  }
611 
612 
614  return this->modes.isModeEnabled(mode);
615  }
616 
617 
618 
619  /* Symbolic engine API ============================================================================ */
620 
621  void API::checkSymbolic(void) const {
622  if (!this->symbolic)
623  throw triton::exceptions::API("API::checkSymbolic(): Symbolic engine is undefined, you should define an architecture first.");
624  }
625 
626 
628  this->checkSymbolic();
629  return this->symbolic;
630  }
631 
632 
634  this->checkSymbolic();
635  return this->symbolic->convertExpressionToSymbolicVariable(exprId, symVarSize, symVarComment);
636  }
637 
638 
640  this->checkSymbolic();
641  return this->symbolic->convertMemoryToSymbolicVariable(mem, symVarComment);
642  }
643 
644 
646  this->checkSymbolic();
647  return this->symbolic->convertRegisterToSymbolicVariable(reg, symVarComment);
648  }
649 
650 
652  this->checkSymbolic();
653  return this->symbolic->getOperandAst(op);
654  }
655 
656 
658  this->checkSymbolic();
659  return this->symbolic->getOperandAst(inst, op);
660  }
661 
662 
664  this->checkSymbolic();
665  return this->symbolic->getImmediateAst(imm);
666  }
667 
668 
670  this->checkSymbolic();
671  return this->symbolic->getImmediateAst(inst, imm);
672  }
673 
674 
676  this->checkSymbolic();
677  return this->symbolic->getMemoryAst(mem);
678  }
679 
680 
682  this->checkSymbolic();
683  return this->symbolic->getMemoryAst(inst, mem);
684  }
685 
686 
688  this->checkSymbolic();
689  return this->symbolic->getRegisterAst(reg);
690  }
691 
692 
694  this->checkSymbolic();
695  return this->symbolic->getRegisterAst(inst, reg);
696  }
697 
698 
700  this->checkSymbolic();
702  }
703 
704 
706  this->checkSymbolic();
708  }
709 
710 
712  this->checkSymbolic();
713  return this->symbolic->removeSymbolicExpression(symExprId);
714  }
715 
716 
718  this->checkSymbolic();
719  return this->symbolic->createSymbolicExpression(inst, node, dst, comment);
720  }
721 
722 
724  this->checkSymbolic();
725  return this->symbolic->createSymbolicMemoryExpression(inst, node, mem, comment);
726  }
727 
728 
730  this->checkSymbolic();
731  return this->symbolic->createSymbolicRegisterExpression(inst, node, reg, comment);
732  }
733 
734 
736  this->checkSymbolic();
737  return this->symbolic->createSymbolicFlagExpression(inst, node, flag, comment);
738  }
739 
740 
742  this->checkSymbolic();
743  return this->symbolic->createSymbolicVolatileExpression(inst, node, comment);
744  }
745 
746 
748  this->checkSymbolic();
750  }
751 
752 
754  this->checkSymbolic();
756  }
757 
758 
760  this->checkSymbolic();
761  return this->symbolic->getSymbolicMemory(addr);
762  }
763 
764 
765  std::map<triton::arch::register_e, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicRegisters(void) const {
766  this->checkSymbolic();
767  return this->symbolic->getSymbolicRegisters();
768  }
769 
770 
771  std::map<triton::uint64, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicMemory(void) const {
772  this->checkSymbolic();
773  return this->symbolic->getSymbolicMemory();
774  }
775 
776 
778  this->checkSymbolic();
779  return this->symbolic->getSymbolicRegister(reg);
780  }
781 
782 
784  this->checkSymbolic();
785  return this->symbolic->getSymbolicMemoryValue(address);
786  }
787 
788 
790  this->checkSymbolic();
791  return this->symbolic->getSymbolicMemoryValue(mem);
792  }
793 
794 
795  std::vector<triton::uint8> API::getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size) {
796  this->checkSymbolic();
797  return this->symbolic->getSymbolicMemoryAreaValue(baseAddr, size);
798  }
799 
800 
802  this->checkSymbolic();
803  return this->symbolic->getSymbolicRegisterValue(reg);
804  }
805 
806 
808  this->checkSymbolic();
809  if (z3 == true) {
810  auto snode = this->processZ3Simplification(node);
811  return this->symbolic->processSimplification(snode);
812  }
813  return this->symbolic->processSimplification(node);
814  }
815 
816 
818  this->checkSymbolic();
819  return this->symbolic->getSymbolicExpressionFromId(symExprId);
820  }
821 
822 
824  this->checkSymbolic();
825  return this->symbolic->getConcreteVariableValue(symVar);
826  }
827 
828 
830  this->checkSymbolic();
831  this->symbolic->setConcreteVariableValue(symVar, value);
832  }
833 
834 
836  this->checkSymbolic();
837  return this->symbolic->getSymbolicVariableFromId(symVarId);
838  }
839 
840 
842  this->checkSymbolic();
843  return this->symbolic->getSymbolicVariableFromName(symVarName);
844  }
845 
846 
847  const std::vector<triton::engines::symbolic::PathConstraint>& API::getPathConstraints(void) const {
848  this->checkSymbolic();
849  return this->symbolic->getPathConstraints();
850  }
851 
852 
854  this->checkSymbolic();
855  return this->symbolic->getPathConstraintsAst();
856  }
857 
858 
860  this->checkSymbolic();
861  this->symbolic->addPathConstraint(inst, expr);
862  }
863 
864 
866  this->checkSymbolic();
868  }
869 
870 
871  void API::enableSymbolicEngine(bool flag) {
872  this->checkSymbolic();
873  this->symbolic->enable(flag);
874  }
875 
876 
877  bool API::isSymbolicEngineEnabled(void) const {
878  this->checkSymbolic();
879  return this->symbolic->isEnabled();
880  }
881 
882 
884  this->checkSymbolic();
885  return this->symbolic->isSymbolicExpressionIdExists(symExprId);
886  }
887 
888 
890  this->checkSymbolic();
891  return this->symbolic->isMemorySymbolized(mem);
892  }
893 
894 
896  this->checkSymbolic();
897  return this->symbolic->isMemorySymbolized(addr, size);
898  }
899 
900 
902  this->checkSymbolic();
903  return this->symbolic->isRegisterSymbolized(reg);
904  }
905 
906 
908  this->checkSymbolic();
909  this->symbolic->concretizeAllMemory();
910  }
911 
912 
914  this->checkSymbolic();
916  }
917 
918 
920  this->checkSymbolic();
921  this->symbolic->concretizeMemory(mem);
922  }
923 
924 
926  this->checkSymbolic();
927  this->symbolic->concretizeMemory(addr);
928  }
929 
930 
932  this->checkSymbolic();
933  this->symbolic->concretizeRegister(reg);
934  }
935 
936 
937  std::map<triton::usize, triton::engines::symbolic::SharedSymbolicExpression> API::sliceExpressions(const triton::engines::symbolic::SharedSymbolicExpression& expr) {
938  this->checkSymbolic();
939  return this->symbolic->sliceExpressions(expr);
940  }
941 
942 
943  std::list<triton::engines::symbolic::SharedSymbolicExpression> API::getTaintedSymbolicExpressions(void) const {
944  this->checkSymbolic();
945  return this->symbolic->getTaintedSymbolicExpressions();
946  }
947 
948 
949  std::unordered_map<triton::usize, triton::engines::symbolic::SharedSymbolicExpression> API::getSymbolicExpressions(void) const {
950  this->checkSymbolic();
951  return this->symbolic->getSymbolicExpressions();
952  }
953 
954 
955  const std::unordered_map<triton::usize, triton::engines::symbolic::SharedSymbolicVariable>& API::getSymbolicVariables(void) const {
956  this->checkSymbolic();
957  return this->symbolic->getSymbolicVariables();
958  }
959 
960 
961 
962  /* Solver engine API ============================================================================= */
963 
964  void API::checkSolver(void) const {
965  if (!this->solver)
966  throw triton::exceptions::API("API::checkSolver(): Solver engine is undefined, you should define an architecture first.");
967  }
968 
969 
971  this->checkSolver();
972  return this->solver->getSolver();
973  }
974 
975 
977  this->checkSolver();
978  return this->solver->getSolverInstance();
979  }
980 
981 
983  this->checkSolver();
984  this->solver->setSolver(kind);
985  }
986 
987 
989  this->checkSolver();
990  this->solver->setCustomSolver(customSolver);
991  }
992 
993 
994  bool API::isSolverValid(void) const {
995  this->checkSolver();
996  return this->solver->isValid();
997  }
998 
999 
1000  std::map<triton::uint32, triton::engines::solver::SolverModel> API::getModel(const triton::ast::SharedAbstractNode& node) const {
1001  this->checkSolver();
1002  return this->solver->getModel(node);
1003  }
1004 
1005 
1006  std::list<std::map<triton::uint32, triton::engines::solver::SolverModel>> API::getModels(const triton::ast::SharedAbstractNode& node, triton::uint32 limit) const {
1007  this->checkSolver();
1008  return this->solver->getModels(node, limit);
1009  }
1010 
1011 
1013  this->checkSolver();
1014  return this->solver->isSat(node);
1015  }
1016 
1017 
1019  this->checkSolver();
1020  #ifdef Z3_INTERFACE
1022  return reinterpret_cast<const triton::engines::solver::Z3Solver*>(this->getSolverInstance())->evaluate(node);
1023  }
1024  #endif
1025  throw triton::exceptions::API("API::evaluateAstViaZ3(): Solver instance must be a SOLVER_Z3.");
1026  }
1027 
1028 
1030  this->checkSolver();
1031  #ifdef Z3_INTERFACE
1033  return reinterpret_cast<const triton::engines::solver::Z3Solver*>(this->getSolverInstance())->simplify(node);
1034  }
1035  #endif
1036  throw triton::exceptions::API("API::processZ3Simplification(): Solver instance must be a SOLVER_Z3.");
1037  }
1038 
1039 
1040 
1041  /* Taint engine API ============================================================================== */
1042 
1043  void API::checkTaint(void) const {
1044  if (!this->taint)
1045  throw triton::exceptions::API("API::checkTaint(): Taint engine is undefined, you should define an architecture first.");
1046  }
1047 
1048 
1050  this->checkTaint();
1051  return this->taint;
1052  }
1053 
1054 
1055  const std::set<triton::uint64>& API::getTaintedMemory(void) const {
1056  this->checkTaint();
1057  return this->taint->getTaintedMemory();
1058  }
1059 
1060 
1061  std::set<const triton::arch::Register*> API::getTaintedRegisters(void) const {
1062  this->checkTaint();
1063  return this->taint->getTaintedRegisters();
1064  }
1065 
1066 
1067  void API::enableTaintEngine(bool flag) {
1068  this->checkTaint();
1069  this->taint->enable(flag);
1070  }
1071 
1072 
1073  bool API::isTaintEngineEnabled(void) const {
1074  this->checkTaint();
1075  return this->taint->isEnabled();
1076  }
1077 
1078 
1080  this->checkTaint();
1081  return this->taint->isTainted(op);
1082  }
1083 
1084 
1085  bool API::isMemoryTainted(triton::uint64 addr, uint32 size) const {
1086  this->checkTaint();
1087  return this->taint->isMemoryTainted(addr, size);
1088  }
1089 
1090 
1092  this->checkTaint();
1093  return this->taint->isMemoryTainted(mem);
1094  }
1095 
1096 
1098  this->checkTaint();
1099  return this->taint->isRegisterTainted(reg);
1100  }
1101 
1102 
1103  bool API::setTaint(const triton::arch::OperandWrapper& op, bool flag) {
1104  this->checkTaint();
1105  return this->taint->setTaint(op, flag);
1106  }
1107 
1108 
1109  bool API::setTaintMemory(const triton::arch::MemoryAccess& mem, bool flag) {
1110  this->checkTaint();
1111  this->taint->setTaintMemory(mem, flag);
1112  return flag;
1113  }
1114 
1115 
1116  bool API::setTaintRegister(const triton::arch::Register& reg, bool flag) {
1117  this->checkTaint();
1118  this->taint->setTaintRegister(reg, flag);
1119  return flag;
1120  }
1121 
1122 
1124  this->checkTaint();
1125  return this->taint->taintMemory(addr);
1126  }
1127 
1128 
1130  this->checkTaint();
1131  return this->taint->taintMemory(mem);
1132  }
1133 
1134 
1136  this->checkTaint();
1137  return this->taint->taintRegister(reg);
1138  }
1139 
1140 
1142  this->checkTaint();
1143  return this->taint->untaintMemory(addr);
1144  }
1145 
1146 
1148  this->checkTaint();
1149  return this->taint->untaintMemory(mem);
1150  }
1151 
1152 
1154  this->checkTaint();
1155  return this->taint->untaintRegister(reg);
1156  }
1157 
1158 
1160  this->checkTaint();
1161  return this->taint->taintUnion(op1, op2);
1162  }
1163 
1164 
1166  this->checkTaint();
1167  return this->taint->taintAssignment(op1, op2);
1168  }
1169 
1170 
1172  this->checkTaint();
1173  return this->taint->taintUnionMemoryImmediate(memDst);
1174  }
1175 
1176 
1178  this->checkTaint();
1179  return this->taint->taintUnionMemoryMemory(memDst, memSrc);
1180  }
1181 
1182 
1184  this->checkTaint();
1185  return this->taint->taintUnionMemoryRegister(memDst, regSrc);
1186  }
1187 
1188 
1190  this->checkTaint();
1191  return this->taint->taintUnionRegisterImmediate(regDst);
1192  }
1193 
1194 
1196  this->checkTaint();
1197  return this->taint->taintUnionRegisterMemory(regDst, memSrc);
1198  }
1199 
1200 
1202  this->checkTaint();
1203  return this->taint->taintUnionRegisterRegister(regDst, regSrc);
1204  }
1205 
1206 
1208  this->checkTaint();
1209  return this->taint->taintAssignmentMemoryImmediate(memDst);
1210  }
1211 
1212 
1214  this->checkTaint();
1215  return this->taint->taintAssignmentMemoryMemory(memDst, memSrc);
1216  }
1217 
1218 
1220  this->checkTaint();
1221  return this->taint->taintAssignmentMemoryRegister(memDst, regSrc);
1222  }
1223 
1224 
1226  this->checkTaint();
1227  return this->taint->taintAssignmentRegisterImmediate(regDst);
1228  }
1229 
1230 
1232  this->checkTaint();
1233  return this->taint->taintAssignmentRegisterMemory(regDst, memSrc);
1234  }
1235 
1236 
1238  this->checkTaint();
1239  return this->taint->taintAssignmentRegisterRegister(regDst, regSrc);
1240  }
1241 
1242 }; /* triton namespace */
TRITON_EXPORT bool taintUnionRegisterImmediate(const triton::arch::Register &regDst)
Taints RegisterImmediate with union. Returns true if the regDst is TAINTED.
TRITON_EXPORT triton::arch::architecture_e getArchitecture(void) const
Returns the kind of architecture as triton::arch::architecture_e.
TRITON_EXPORT const SharedSymbolicVariable & newSymbolicVariable(triton::engines::symbolic::variable_e type, triton::uint64 source, triton::uint32 size, const std::string &comment="")
Adds a symbolic variable.
TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
[taint api] - Abstract union tainting.
Definition: api.cpp:1159
This class is used to interface with solvers.
TRITON_EXPORT triton::ast::SharedAbstractNode getImmediateAst(const triton::arch::Immediate &imm)
Returns the AST corresponding to the immediate.
TRITON_EXPORT bool isValid(void) const
Returns true if the solver is valid.
TRITON_EXPORT const triton::arch::Register & getRegister(triton::arch::register_e id) const
Returns register from id.
TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess &mem, bool flag)
Sets the flag (taint or untaint) to a memory.
TRITON_EXPORT bool isArchitectureValid(void) const
[Architecture api] - Returns true if the architecture is valid.
Definition: api.cpp:239
TRITON_EXPORT std::unordered_map< triton::usize, SharedSymbolicExpression > getSymbolicExpressions(void) const
Returns all symbolic expressions.
TRITON_EXPORT bool isRegisterValid(triton::arch::register_e regId) const
[architecture api] - Returns true if the regId is a register or a flag.
Definition: api.cpp:318
TRITON_EXPORT triton::engines::solver::solver_e getSolver(void) const
Returns the kind of solver as triton::engines::solver::solver_e.
Definition: api.cpp:970
TRITON_EXPORT bool isTaintEngineEnabled(void) const
[taint api] - Returns true if the taint engine is enabled.
Definition: api.cpp:1073
TRITON_EXPORT triton::uint32 getGprSize(void) const
[architecture api] - Returns the size in byte of the General Purpose Registers.
Definition: api.cpp:333
TRITON_EXPORT void setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector< triton::uint8 > &values)
[architecture api] - Sets the concrete value of a memory area.
Definition: api.cpp:391
TRITON_EXPORT bool untaintMemory(triton::uint64 addr)
Untaints an address. Returns !TAINTED if the address has been untainted correctly. Otherwise it returns the last defined state.
triton::arch::Architecture arch
The architecture entry.
Definition: api.hpp:47
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicVolatileExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const std::string &comment="")
Returns the new shared symbolic volatile expression expression and links this expression to the instr...
TRITON_EXPORT triton::arch::CpuInterface * getCpuInstance(void)
Returns the instance of the current CPU used.
TRITON_EXPORT triton::uint32 gprSize(void) const
Returns the bit in byte of the General Purpose Registers.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & getSymbolicVariableFromName(const std::string &symVarName) const
[symbolic api] - Returns the symbolic variable corresponding to the symbolic variable name...
Definition: api.cpp:841
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::OperandWrapper &dst, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic abstract expression and links this expression to the...
Definition: api.cpp:717
This class is used when to represent an instruction.
Definition: instruction.hpp:47
TRITON_EXPORT const std::vector< triton::engines::symbolic::PathConstraint > & getPathConstraints(void) const
Returns the logical conjunction vector of path constraints.
Definition: pathManager.cpp:41
TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess &mem, bool flag)
[taint api] - Sets the flag (taint or untaint) to a memory.
Definition: api.cpp:1109
TRITON_EXPORT triton::uint512 getSymbolicRegisterValue(const triton::arch::Register &reg)
Returns the symbolic register value.
TRITON_EXPORT bool taintUnionRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints RegisterMemory with union. Returns true if the regDst or memSrc are TAINTED...
Definition: api.cpp:1195
TRITON_EXPORT bool taintAssignmentMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints MemoryMemory with assignment. Returns true if the memDst is tainted.
Definition: api.cpp:1213
TRITON_EXPORT void setCustomSolver(triton::engines::solver::SolverInterface *customSolver)
Initializes a custom solver.
Definition: api.cpp:988
triton::arch::ShortcutRegister registers
A shortcut to access to a Register class from a register name.
Definition: api.hpp:70
TRITON_EXPORT bool isMemoryMapped(triton::uint64 baseAddr, triton::usize size=1)
[architecture api] - Returns true if the range [baseAddr:size] is mapped into the internal memory rep...
Definition: api.cpp:409
TRITON_EXPORT bool isEnabled(void) const
Returns true if the symbolic execution engine is enabled.
TRITON_EXPORT bool isSat(const triton::ast::SharedAbstractNode &node) const
Returns true if an expression is satisfiable.
Definition: api.cpp:1012
TRITON_EXPORT void addPathConstraint(const triton::arch::Instruction &inst, const triton::engines::symbolic::SharedSymbolicExpression &expr)
[symbolic api] - Adds a path constraint.
Definition: api.cpp:859
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicMemoryExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::MemoryAccess &mem, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic memory expression and links this expression to the i...
Definition: api.cpp:723
TRITON_EXPORT void assignSymbolicExpressionToRegister(const SharedSymbolicExpression &se, const triton::arch::Register &reg)
Assigns a symbolic expression to a register.
TRITON_EXPORT bool isFlag(triton::arch::register_e regId) const
Returns true if the register ID is a flag.
TRITON_EXPORT bool taintUnionMemoryImmediate(const triton::arch::MemoryAccess &memDst)
[taint api] - Taints MemoryImmediate with union. Returns true if the memDst is TAINTED.
Definition: api.cpp:1171
register_e
Types of register.
Definition: archEnums.hpp:54
TRITON_EXPORT triton::ast::SharedAbstractNode getPathConstraintsAst(void)
[symbolic api] - Returns the logical conjunction AST of path constraints.
Definition: api.cpp:853
TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
[taint api] - Abstract assignment tainting.
Definition: api.cpp:1165
TRITON_EXPORT const triton::uint512 & getConcreteVariableValue(const SharedSymbolicVariable &symVar) const
Gets the concrete value of a symbolic variable.
TRITON_EXPORT bool isRegister(triton::arch::register_e regId) const
[architecture api] - Returns true if the regId is a register.
Definition: api.cpp:293
TRITON_EXPORT void setRepresentationMode(triton::uint32 mode)
Sets the representation mode for this astContext.
Definition: astContext.cpp:787
TRITON_EXPORT const SharedSymbolicVariable & convertRegisterToSymbolicVariable(const triton::arch::Register &reg, const std::string &symVarComment="")
Converts a symbolic register expression to a symbolic variable.
mode_e
Enumerates all kinds of mode.
Definition: modesEnums.hpp:29
TRITON_EXPORT bool processing(triton::arch::Instruction &inst)
[proccesing api] - Processes an instruction and updates engines according to the instruction semantic...
Definition: api.cpp:488
TRITON_EXPORT void initEngines(void)
[proccesing api] - Initializes everything.
Definition: api.cpp:430
TRITON_EXPORT bool isEnabled(void) const
Returns true if the taint engine is enabled.
Definition: taintEngine.cpp:49
TRITON_EXPORT triton::arch::endianness_e getEndianness(void) const
Returns the kind of endianness as triton::arch::endianness_e.
TRITON_EXPORT void reset(void)
[proccesing api] - Resets everything.
Definition: api.cpp:478
TRITON_EXPORT const SharedSymbolicVariable & getSymbolicVariableFromName(const std::string &symVarName) const
Returns the symbolic variable corresponding to the symbolic variable name.
TRITON_EXPORT const triton::engines::solver::SolverInterface * getSolverInstance(void) const
Returns the instance of the initialized solver.
TRITON_EXPORT triton::ast::SharedAbstractNode getMemoryAst(const triton::arch::MemoryAccess &mem)
[symbolic api] - Returns the AST corresponding to the memory.
Definition: api.cpp:675
TRITON_EXPORT bool taintAssignmentMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
[taint api] - Taints MemoryRegister with assignment. Returns true if the memDst is tainted...
Definition: api.cpp:1219
TRITON_EXPORT triton::uint512 getConcreteRegisterValue(const triton::arch::Register &reg, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a register.
Definition: api.cpp:373
TRITON_EXPORT const std::vector< triton::engines::symbolic::PathConstraint > & getPathConstraints(void) const
[symbolic api] - Returns the logical conjunction vector of path constraints.
Definition: api.cpp:847
TRITON_EXPORT triton::ast::SharedAbstractNode processCallbacks(triton::callbacks::callback_e kind, triton::ast::SharedAbstractNode node) const
[callbacks api] - Processes callbacks according to the kind and the C++ polymorphism.
Definition: api.cpp:586
TRITON_EXPORT const triton::arch::Register & getRegister(triton::arch::register_e id) const
[architecture api] - Returns Register from regId.
Definition: api.cpp:303
TRITON_EXPORT triton::uint512 evaluateAstViaZ3(const triton::ast::SharedAbstractNode &node) const
[solver api] - Evaluates a Triton&#39;s AST via Z3 and returns a concrete value.
Definition: api.cpp:1018
TRITON_EXPORT SharedSymbolicExpression getSymbolicExpressionFromId(triton::usize symExprId) const
Returns the symbolic expression corresponding to an id.
TRITON_EXPORT void setConcreteMemoryValue(triton::uint64 addr, triton::uint8 value)
[architecture api] - Sets the concrete value of a memory cell.
TRITON_EXPORT triton::arch::architecture_e getArchitecture(void) const
[architecture api] - Returns the architecture as triton::arch::architecture_e.
Definition: api.cpp:250
TRITON_EXPORT bool isRegisterSymbolized(const triton::arch::Register &reg) const
[symbolic api] - Returns true if the register expression contains a symbolic variable.
Definition: api.cpp:901
TRITON_EXPORT bool taintUnionMemoryImmediate(const triton::arch::MemoryAccess &memDst)
Taints MemoryImmediate with union. Returns true if the memDst is TAINTED.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertMemoryToSymbolicVariable(const triton::arch::MemoryAccess &mem, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic memory expression to a symbolic variable.
Definition: api.cpp:639
triton::engines::symbolic::SymbolicEngine * symbolic
The symbolic engine.
Definition: api.hpp:56
TRITON_EXPORT bool taintAssignmentMemoryImmediate(const triton::arch::MemoryAccess &memDst)
Taints MemoryImmediate with assignment. Returns always false.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicMemoryExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::MemoryAccess &mem, const std::string &comment="")
Returns the new shared symbolic memory expression expression and links this expression to the instruc...
TRITON_EXPORT std::vector< triton::uint8 > getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size)
[symbolic api] - Returns the symbolic values of a memory area.
Definition: api.cpp:795
TRITON_EXPORT void concretizeMemory(const triton::arch::MemoryAccess &mem)
[symbolic api] - Concretizes a specific symbolic memory reference.
Definition: api.cpp:919
TRITON_EXPORT void setConcreteVariableValue(const triton::engines::symbolic::SharedSymbolicVariable &symVar, const triton::uint512 &value)
[symbolic api] - Sets the concrete value of a symbolic variable.
Definition: api.cpp:829
TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract assignment tainting.
TRITON_EXPORT triton::ast::SharedAbstractNode getImmediateAst(const triton::arch::Immediate &imm)
[symbolic api] - Returns the AST corresponding to the immediate.
Definition: api.cpp:663
AST Context - Used as AST builder.
Definition: astContext.hpp:50
TRITON_EXPORT bool taintRegister(const triton::arch::Register &reg)
Taints a register. Returns TAINTED if the register has been tainted correctly. Otherwise it returns t...
TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register &reg) const
[taint api] - Returns true if the register is tainted.
Definition: api.cpp:1097
TRITON_EXPORT triton::ast::AstContext & getAstContext(void)
[IR builder api] - Returns the AST context. Used as AST builder.
Definition: api.cpp:510
TRITON_EXPORT bool taintAssignmentRegisterImmediate(const triton::arch::Register &regDst)
[taint api] - Taints RegisterImmediate with assignment. Returns always false.
Definition: api.cpp:1225
TRITON_EXPORT bool isValid(void) const
Returns true if the architecture is valid.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::OperandWrapper &dst, const std::string &comment="")
Returns the new shared symbolic abstract expression and links this expression to the instruction...
The Triton namespace.
Definition: api.cpp:225
TRITON_EXPORT triton::engines::symbolic::SymbolicEngine * getSymbolicEngine(void)
[symbolic api] - Returns the instance of the symbolic engine.
Definition: api.cpp:627
TRITON_EXPORT void enableSymbolicEngine(bool flag)
[symbolic api] - Enables or disables the symbolic execution engine.
Definition: api.cpp:871
TRITON_EXPORT const std::unordered_map< triton::arch::register_e, const triton::arch::Register > & getAllRegisters(void) const
Returns all registers.
TRITON_EXPORT void addCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
Adds a GET_CONCRETE_MEMORY_VALUE callback.
Definition: callbacks.cpp:22
TRITON_EXPORT void clearPathConstraints(void)
[symbolic api] - Clears the logical conjunction vector of path constraints.
Definition: api.cpp:865
TRITON_EXPORT triton::ast::SharedAbstractNode getOperandAst(const triton::arch::OperandWrapper &op)
Returns the AST corresponding to the operand.
triton::callbacks::Callbacks callbacks
The Callbacks interface.
Definition: api.hpp:44
TRITON_EXPORT void concretizeRegister(const triton::arch::Register &reg)
[symbolic api] - Concretizes a specific symbolic register reference.
Definition: api.cpp:931
TRITON_EXPORT void checkSolver(void) const
[solver api] - Raises an exception if the solver engine is not initialized.
Definition: api.cpp:964
TRITON_EXPORT const std::set< triton::uint64 > & getTaintedMemory(void) const
[taint api] - Returns the tainted addresses.
Definition: api.cpp:1055
TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const
Returns true if the addr is tainted.
triton::ast::AstContext astCtxt
The AST Context interface.
Definition: api.hpp:62
This class is used as operand wrapper.
TRITON_EXPORT bool taintUnionRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
Taints RegisterRegister with union. Returns true if the regDst or regSrc are TAINTED.
TRITON_EXPORT bool taintAssignmentMemoryImmediate(const triton::arch::MemoryAccess &memDst)
[taint api] - Taints MemoryImmediate with assignment. Returns always false.
Definition: api.cpp:1207
TRITON_EXPORT bool untaintRegister(const triton::arch::Register &reg)
[taint api] - Untaints a register. Returns !TAINTED if the register has been untainted correctly...
Definition: api.cpp:1153
std::shared_ptr< triton::ast::AbstractNode > SharedAbstractNode
Shared Abstract Node.
Definition: ast.hpp:58
TRITON_EXPORT std::list< SharedSymbolicExpression > getTaintedSymbolicExpressions(void) const
Returns the list of the tainted symbolic expressions.
TRITON_EXPORT std::map< triton::usize, triton::engines::symbolic::SharedSymbolicExpression > sliceExpressions(const triton::engines::symbolic::SharedSymbolicExpression &expr)
[symbolic api] - Slices all expressions from a given one.
Definition: api.cpp:937
TRITON_EXPORT SharedSymbolicExpression getSymbolicMemory(triton::uint64 addr) const
Returns the shared symbolic expression corresponding to the memory address.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & getSymbolicRegister(const triton::arch::Register &reg) const
[symbolic api] - Returns the shared symbolic expression corresponding to the parent register...
Definition: api.cpp:777
triton::arch::IrBuilder * irBuilder
The IR builder.
Definition: api.hpp:65
TRITON_EXPORT const SharedSymbolicVariable & getSymbolicVariableFromId(triton::usize symVarId) const
Returns the symbolic variable corresponding to the symbolic variable id.
TRITON_EXPORT triton::arch::CpuInterface * getCpuInstance(void)
[architecture api] - Returns the instance of the current CPU used.
Definition: api.cpp:260
TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper &op, bool flag)
[taint api] - Sets the flag (taint or untaint) to an abstract operand (Register or Memory)...
Definition: api.cpp:1103
TRITON_EXPORT const triton::arch::Register & getParentRegister(triton::arch::register_e id) const
Returns parent register from id.
TRITON_EXPORT void unmapMemory(triton::uint64 baseAddr, triton::usize size=1)
Removes the range [baseAddr:size] from the internal memory representation.
TRITON_EXPORT const std::unordered_map< triton::usize, SharedSymbolicVariable > & getSymbolicVariables(void) const
Returns all symbolic variables.
TRITON_EXPORT triton::arch::endianness_e getEndianness(void) const
[architecture api] - Returns the endianness as triton::arch::endianness_e.
Definition: api.cpp:255
TRITON_EXPORT std::vector< triton::uint8 > getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a memory area.
Definition: api.cpp:367
TRITON_EXPORT SharedSymbolicExpression newSymbolicExpression(const triton::ast::SharedAbstractNode &node, triton::engines::symbolic::expression_e type, const std::string &comment="")
Creates a new shared symbolic expression.
The modes class.
Definition: modes.hpp:34
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicFlagExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &flag, const std::string &comment="")
Returns the new shared symbolic flag expression expression and links this expression to the instructi...
TRITON_EXPORT bool taintUnionMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
Taints MemoryRegister with union. Returns true if the memDst or regSrc are TAINTED.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertExpressionToSymbolicVariable(triton::usize exprId, triton::uint32 symVarSize, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic expression to a symbolic variable. symVarSize must be in bits...
Definition: api.cpp:633
This class is used when an instruction has a register operand.
Definition: register.hpp:44
TRITON_EXPORT bool buildSemantics(triton::arch::Instruction &inst)
Builds the semantics of the instruction. Returns true if the instruction is supported.
Definition: irBuilder.cpp:59
TRITON_EXPORT void removeEngines(void)
[proccesing api] - Removes everything.
Definition: api.cpp:454
TRITON_EXPORT void setConcreteRegisterValue(const triton::arch::Register &reg, const triton::uint512 &value)
[architecture api] - Sets the concrete value of a register.
TRITON_EXPORT bool taintUnionMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
[taint api] - Taints MemoryRegister with union. Returns true if the memDst or regSrc are TAINTED...
Definition: api.cpp:1183
TRITON_EXPORT void removeSymbolicExpression(triton::usize symExprId)
Removes the symbolic expression corresponding to the id.
TRITON_EXPORT ~API()
Destructor of the API.
Definition: api.cpp:231
TRITON_EXPORT bool taintAssignmentMemoryRegister(const triton::arch::MemoryAccess &memDst, const triton::arch::Register &regSrc)
Taints MemoryRegister with assignment. Returns true if the memDst is tainted.
triton::engines::taint::TaintEngine * taint
The taint engine.
Definition: api.hpp:53
TRITON_EXPORT void enableMode(triton::modes::mode_e mode, bool flag)
Enables or disables a specific mode.
Definition: modes.cpp:37
TRITON_EXPORT triton::ast::SharedAbstractNode processZ3Simplification(const triton::ast::SharedAbstractNode &node) const
[solver api] - Converts a Triton&#39;s AST to a Z3&#39;s AST, perform a Z3 simplification and returns a Trito...
Definition: api.cpp:1029
TRITON_EXPORT std::map< triton::arch::register_e, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicRegisters(void) const
[symbolic api] - Returns the map of symbolic registers defined.
Definition: api.cpp:765
TRITON_EXPORT void concretizeAllRegister(void)
Concretizes all symbolic register references.
TRITON_EXPORT const SharedSymbolicExpression & createSymbolicRegisterExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &reg, const std::string &comment="")
Returns the new shared symbolic register expression expression and links this expression to the instr...
TRITON_EXPORT bool taintAssignmentMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
Taints MemoryMemory with assignment. Returns true if the memDst is tainted.
TRITON_EXPORT triton::uint8 getSymbolicMemoryValue(triton::uint64 address)
Returns the symbolic memory value.
TRITON_EXPORT const SharedSymbolicVariable & convertMemoryToSymbolicVariable(const triton::arch::MemoryAccess &mem, const std::string &symVarComment="")
Converts a symbolic memory expression to a symbolic variable.
TRITON_EXPORT bool taintMemory(triton::uint64 addr)
Taints an address. Returns TAINTED if the address has been tainted correctly. Otherwise it returns th...
TRITON_EXPORT void concretizeAllMemory(void)
[symbolic api] - Concretizes all symbolic memory references.
Definition: api.cpp:907
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & convertRegisterToSymbolicVariable(const triton::arch::Register &reg, const std::string &symVarComment="")
[symbolic api] - Converts a symbolic register expression to a symbolic variable.
Definition: api.cpp:645
TRITON_EXPORT bool taintAssignmentRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
Taints RegisterRegister with assignment. Returns true if the regDst is tainted.
TRITON_EXPORT bool taintUnionMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
Taints MemoryMemory with union. Returns true if the memDst or memSrc are TAINTED. ...
TRITON_EXPORT void setConcreteMemoryAreaValue(triton::uint64 baseAddr, const std::vector< triton::uint8 > &values)
[architecture api] - Sets the concrete value of a memory area.
TRITON_EXPORT void unmapMemory(triton::uint64 baseAddr, triton::usize size=1)
[architecture api] - Removes the range [baseAddr:size] from the internal memory representation.
Definition: api.cpp:415
Assigned to a volatile expression.
TRITON_EXPORT triton::uint32 numberOfRegisters(void) const
Returns the number of registers according to the CPU architecture.
bool isDefined
True if there is at least one callback defined.
Definition: callbacks.hpp:104
TRITON_EXPORT const std::unordered_map< triton::usize, triton::engines::symbolic::SharedSymbolicVariable > & getSymbolicVariables(void) const
[symbolic api] - Returns all symbolic variables as a map of <SymVarId : SymVar>
Definition: api.cpp:955
TRITON_EXPORT bool isModeEnabled(triton::modes::mode_e mode) const
Returns true if the mode is enabled.
Definition: modes.cpp:30
TRITON_EXPORT void concretizeMemory(const triton::arch::MemoryAccess &mem)
Concretizes a specific symbolic memory reference.
TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register &reg) const
Returns true if the register is tainted.
TRITON_EXPORT std::vector< triton::uint8 > getConcreteMemoryAreaValue(triton::uint64 baseAddr, triton::usize size, bool execCallbacks=true) const
Returns the concrete value of a memory area.
TRITON_EXPORT bool isSymbolicEngineEnabled(void) const
[symbolic api] - Returns true if the symbolic execution engine is enabled.
Definition: api.cpp:877
This class is used to represent an immediate.
Definition: immediate.hpp:37
TRITON_EXPORT void enableMode(triton::modes::mode_e mode, bool flag)
[modes api] - Enables or disables a specific mode.
Definition: api.cpp:608
TRITON_EXPORT triton::ast::SharedAbstractNode processCallbacks(triton::callbacks::callback_e kind, triton::ast::SharedAbstractNode node) const
Processes callbacks according to the kind and the C++ polymorphism.
Definition: callbacks.cpp:96
TRITON_EXPORT std::set< const triton::arch::Register * > getParentRegisters(void) const
Returns all parent registers.
TRITON_EXPORT bool isRegister(triton::arch::register_e regId) const
Returns true if the register ID is a register.
TRITON_EXPORT void addPathConstraint(const triton::arch::Instruction &inst, const triton::engines::symbolic::SharedSymbolicExpression &expr)
Adds a path constraint.
Definition: pathManager.cpp:73
TRITON_EXPORT triton::uint8 getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks=true) const
Returns the concrete value of a memory cell.
TRITON_EXPORT bool isRegisterValid(triton::arch::register_e regId) const
Returns true if the register ID is a register or a flag.
TRITON_EXPORT triton::engines::symbolic::SharedSymbolicExpression getSymbolicExpressionFromId(triton::usize symExprId) const
[symbolic api] - Returns the shared symbolic expression corresponding to an id.
Definition: api.cpp:817
TRITON_EXPORT void enableTaintEngine(bool flag)
[taint api] - Enables or disables the taint engine.
Definition: api.cpp:1067
TRITON_EXPORT triton::ast::SharedAbstractNode getMemoryAst(const triton::arch::MemoryAccess &mem)
Returns the AST corresponding to the memory.
TRITON_EXPORT void disassembly(triton::arch::Instruction &inst) const
[architecture api] - Disassembles the instruction and setup operands. You must define an architecture...
Definition: api.cpp:421
TRITON_EXPORT const std::unordered_map< triton::arch::register_e, const triton::arch::Register > & getAllRegisters(void) const
[architecture api] - Returns all registers.
Definition: api.cpp:343
TRITON_EXPORT void setConcreteRegisterValue(const triton::arch::Register &reg, const triton::uint512 &value)
[architecture api] - Sets the concrete value of a register.
Definition: api.cpp:403
TRITON_EXPORT triton::ast::SharedAbstractNode getRegisterAst(const triton::arch::Register &reg)
Returns the AST corresponding to the register.
TRITON_EXPORT std::map< triton::uint32, SolverModel > getModel(const triton::ast::SharedAbstractNode &node) const
Computes and returns a model from a symbolic constraint.
TRITON_EXPORT bool taintAssignmentRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints RegisterMemory with assignment. Returns true if the regDst is tainted...
Definition: api.cpp:1231
This class is used to represent a memory access.
TRITON_EXPORT bool buildSemantics(triton::arch::Instruction &inst)
[IR builder api] - Builds the instruction semantics. Returns true if the instruction is supported...
Definition: api.cpp:504
TRITON_EXPORT triton::uint32 getAstRepresentationMode(void) const
[AST representation api] - Returns the AST representation mode as triton::ast::representations::mode_...
Definition: api.cpp:518
TRITON_EXPORT std::map< triton::uint32, triton::engines::solver::SolverModel > getModel(const triton::ast::SharedAbstractNode &node) const
[solver api] - Computes and returns a model from a symbolic constraint.
Definition: api.cpp:1000
TRITON_EXPORT triton::uint32 gprBitSize(void) const
Returns the bit in bit of the General Purpose Registers.
TRITON_EXPORT triton::ast::SharedAbstractNode getOperandAst(const triton::arch::OperandWrapper &op)
[symbolic api] - Returns the AST corresponding to the operand.
Definition: api.cpp:651
TRITON_EXPORT triton::engines::taint::TaintEngine * getTaintEngine(void)
[taint api] - Returns the instance of the taint engine.
Definition: api.cpp:1049
TRITON_EXPORT void disassembly(triton::arch::Instruction &inst) const
Disassembles the instruction according to the architecture.
TRITON_EXPORT triton::uint8 getConcreteMemoryValue(triton::uint64 addr, bool execCallbacks=true) const
[architecture api] - Returns the concrete value of a memory cell.
Definition: api.cpp:355
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicFlagExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &flag, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic flag expression and links this expression to the ins...
Definition: api.cpp:735
TRITON_EXPORT void setConcreteMemoryValue(triton::uint64 addr, triton::uint8 value)
[architecture api] - Sets the concrete value of a memory cell.
Definition: api.cpp:379
TRITON_EXPORT void clearPathConstraints(void)
Clears the logical conjunction vector of path constraints.
This interface is used as abstract CPU interface. All CPU must use this interface.
TRITON_EXPORT std::unordered_map< triton::usize, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicExpressions(void) const
[symbolic api] - Returns all symbolic expressions as a map of <SymExprId : SymExpr> ...
Definition: api.cpp:949
The IR builder.
Definition: irBuilder.hpp:38
TRITON_EXPORT void removeCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
Deletes a GET_CONCRETE_MEMORY_VALUE callback.
Definition: callbacks.cpp:61
std::uint64_t uint64
unisgned 64-bits
Definition: tritonTypes.hpp:34
TRITON_EXPORT void checkArchitecture(void) const
[architecture api] - Raises an exception if the architecture is not initialized.
Definition: api.cpp:244
TRITON_EXPORT void concretizeAllMemory(void)
Concretizes all symbolic memory references.
TRITON_EXPORT triton::ast::SharedAbstractNode getRegisterAst(const triton::arch::Register &reg)
[symbolic api] - Returns the AST corresponding to the register.
Definition: api.cpp:687
TRITON_EXPORT bool isRegisterSymbolized(const triton::arch::Register &reg) const
Returns true if the register expression contains a symbolic variable.
TRITON_EXPORT bool setTaintRegister(const triton::arch::Register &reg, bool flag)
Sets the flag (taint or untaint) to a register.
TRITON_EXPORT bool taintUnionMemoryMemory(const triton::arch::MemoryAccess &memDst, const triton::arch::MemoryAccess &memSrc)
[taint api] - Taints MemoryMemory with union. Returns true if the memDst or memSrc are TAINTED...
Definition: api.cpp:1177
std::shared_ptr< triton::engines::symbolic::SymbolicExpression > SharedSymbolicExpression
Shared Symbolic Expression.
Definition: ast.hpp:39
TRITON_EXPORT bool taintMemory(triton::uint64 addr)
[taint api] - Taints an address. Returns TAINTED if the address has been tainted correctly. Otherwise it returns the last defined state.
Definition: api.cpp:1123
std::uint32_t uint32
unisgned 32-bits
Definition: tritonTypes.hpp:31
TRITON_EXPORT std::vector< triton::uint8 > getSymbolicMemoryAreaValue(triton::uint64 baseAddr, triton::usize size)
Returns the symbolic values of a memory area.
The exception class used by the Triton&#39;s API.
Definition: exceptions.hpp:185
TRITON_EXPORT bool untaintMemory(triton::uint64 addr)
[taint api] - Untaints an address. Returns !TAINTED if the address has been untainted correctly...
Definition: api.cpp:1141
TRITON_EXPORT API()
Constructor of the API.
Definition: api.cpp:227
TRITON_EXPORT std::list< std::map< triton::uint32, triton::engines::solver::SolverModel > > getModels(const triton::ast::SharedAbstractNode &node, triton::uint32 limit) const
[solver api] - Computes and returns several models from a symbolic constraint. The limit is the numbe...
Definition: api.cpp:1006
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicVolatileExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic volatile expression and links this expression to the...
Definition: api.cpp:741
TRITON_EXPORT void checkTaint(void) const
[taint api] - Raises an exception if the taint engine is not initialized.
Definition: api.cpp:1043
TRITON_EXPORT bool isMemorySymbolized(const triton::arch::MemoryAccess &mem) const
Returns true if memory cell expressions contain symbolic variables.
TRITON_EXPORT bool taintAssignmentRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
Taints RegisterMemory with assignment. Returns true if the regDst is tainted.
TRITON_EXPORT bool isModeEnabled(triton::modes::mode_e mode) const
[modes api] - Returns true if the mode is enabled.
Definition: api.cpp:613
TRITON_EXPORT void setArchitecture(triton::arch::architecture_e arch)
[architecture api] - Initializes an architecture.
Definition: api.cpp:267
TRITON_EXPORT triton::uint32 getNumberOfRegisters(void) const
[architecture api] - Returns the number of registers according to the CPU architecture.
Definition: api.cpp:338
TRITON_EXPORT const triton::engines::solver::SolverInterface * getSolverInstance(void) const
Returns the instance of the initialized solver.
Definition: api.cpp:976
TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract union tainting.
TRITON_EXPORT std::set< const triton::arch::Register * > getParentRegisters(void) const
[architecture api] - Returns all parent registers.
Definition: api.cpp:349
TRITON_EXPORT bool taintUnionRegisterMemory(const triton::arch::Register &regDst, const triton::arch::MemoryAccess &memSrc)
Taints RegisterMemory with union. Returns true if the regDst or memSrc are TAINTED.
TRITON_EXPORT const SharedSymbolicExpression & getSymbolicRegister(const triton::arch::Register &reg) const
Returns the shared symbolic expression corresponding to the parent register.
TRITON_EXPORT triton::uint32 getGprBitSize(void) const
[architecture api] - Returns the bit in byte of the General Purpose Registers.
Definition: api.cpp:328
TRITON_EXPORT void setCustomSolver(triton::engines::solver::SolverInterface *customSolver)
Initializes a custom solver.
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicExpression & createSymbolicRegisterExpression(triton::arch::Instruction &inst, const triton::ast::SharedAbstractNode &node, const triton::arch::Register &reg, const std::string &comment="")
[symbolic api] - Returns the new shared symbolic register expression and links this expression to the...
Definition: api.cpp:729
TRITON_EXPORT triton::uint32 getRepresentationMode(void) const
Gets the representations mode of this astContext.
Definition: astContext.cpp:792
TRITON_EXPORT const triton::uint512 & getConcreteVariableValue(const triton::engines::symbolic::SharedSymbolicVariable &symVar) const
[symbolic api] - Gets the concrete value of a symbolic variable.
Definition: api.cpp:823
TRITON_EXPORT bool isSymbolicExpressionIdExists(triton::usize symExprId) const
[symbolic api] - Returns true if the symbolic expression ID exists.
Definition: api.cpp:883
TRITON_EXPORT bool isSat(const triton::ast::SharedAbstractNode &node) const
Returns true if an expression is satisfiable.
TRITON_EXPORT void setSolver(triton::engines::solver::solver_e kind)
Initializes a predefined solver.
Definition: api.cpp:982
TRITON_EXPORT std::map< triton::uint64, triton::engines::symbolic::SharedSymbolicExpression > getSymbolicMemory(void) const
[symbolic api] - Returns the map (<Addr : SymExpr>) of symbolic memory defined.
Definition: api.cpp:771
void init(triton::arch::architecture_e arch)
TRITON_EXPORT bool taintUnionRegisterImmediate(const triton::arch::Register &regDst)
[taint api] - Taints RegisterImmediate with union. Returns true if the regDst is TAINTED.
Definition: api.cpp:1189
std::shared_ptr< triton::engines::symbolic::SymbolicVariable > SharedSymbolicVariable
Shared Symbolic variable.
Definition: ast.hpp:42
This interface is used to interface with solvers.
TRITON_EXPORT void addCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
[callbacks api] - Adds a GET_CONCRETE_MEMORY_VALUE callback (LOAD).
Definition: api.cpp:531
TRITON_EXPORT void assignSymbolicExpressionToRegister(const triton::engines::symbolic::SharedSymbolicExpression &se, const triton::arch::Register &reg)
[symbolic api] - Assigns a symbolic expression to a register.
Definition: api.cpp:753
TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper &op) const
[taint api] - Abstract taint verification. Returns true if the operand is tainted.
Definition: api.cpp:1079
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & getSymbolicVariableFromId(triton::usize symVarId) const
[symbolic api] - Returns the symbolic variable corresponding to the symbolic variable id...
Definition: api.cpp:835
TRITON_EXPORT std::map< triton::arch::register_e, SharedSymbolicExpression > getSymbolicRegisters(void) const
Returns the map of symbolic registers defined.
Solver engine using z3.
Definition: z3Solver.hpp:46
TRITON_EXPORT triton::engines::solver::solver_e getSolver(void) const
Returns the kind of solver as triton::engines::solver::solver_e.
std::uint8_t uint8
unisgned 8-bits
Definition: tritonTypes.hpp:25
TRITON_EXPORT void enable(bool flag)
Enables or disables the symbolic execution engine.
TRITON_EXPORT void concretizeAllRegister(void)
[symbolic api] - Concretizes all symbolic register references.
Definition: api.cpp:913
TRITON_EXPORT bool isMemoryMapped(triton::uint64 baseAddr, triton::usize size=1)
Returns true if the range [baseAddr:size] is mapped into the internal memory representation.
TRITON_EXPORT bool taintAssignmentRegisterImmediate(const triton::arch::Register &regDst)
Taints RegisterImmediate with assignment. Returns always false.
The taint engine class.
Definition: taintEngine.hpp:53
TRITON_EXPORT void setConcreteVariableValue(const SharedSymbolicVariable &symVar, const triton::uint512 &value)
Sets the concrete value of a symbolic variable.
TRITON_EXPORT void assignSymbolicExpressionToMemory(const SharedSymbolicExpression &se, const triton::arch::MemoryAccess &mem)
Assigns a symbolic expression to a memory.
TRITON_EXPORT void checkIrBuilder(void) const
[IR builder api] - Raises an exception if the IR builder is not initialized.
Definition: api.cpp:498
triton::modes::Modes modes
The modes.
Definition: api.hpp:50
TRITON_EXPORT bool isFlag(triton::arch::register_e regId) const
[architecture api] - Returns true if the register id is a flag.
Definition: api.cpp:283
TRITON_EXPORT void checkSymbolic(void) const
[symbolic api] - Raises an exception if the symbolic engine is not initialized.
Definition: api.cpp:621
TRITON_EXPORT std::list< std::map< triton::uint32, SolverModel > > getModels(const triton::ast::SharedAbstractNode &node, triton::uint32 limit) const
Computes and returns several models from a symbolic constraint. The limit is the max number of models...
TRITON_EXPORT void removeAllCallbacks(void)
[callbacks api] - Removes all recorded callbacks.
Definition: api.cpp:556
TRITON_EXPORT bool taintUnionRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
[taint api] - Taints RegisterRegister with union. Returns true if the regDst or regSrc are TAINTED...
Definition: api.cpp:1201
TRITON_EXPORT const triton::arch::Register & getParentRegister(const triton::arch::Register &reg) const
[architecture api] - Returns parent Register from a register.
Definition: api.cpp:308
TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper &op, bool flag)
Sets the flag (taint or untaint) to an abstract operand (Register or Memory).
TRITON_EXPORT const triton::engines::symbolic::SharedSymbolicVariable & newSymbolicVariable(triton::uint32 varSize, const std::string &comment="")
[symbolic api] - Returns a new symbolic variable.
Definition: api.cpp:705
TRITON_EXPORT std::set< const triton::arch::Register * > getTaintedRegisters(void) const
Returns the tainted registers.
Definition: taintEngine.cpp:66
boost::multiprecision::uint512_t uint512
unsigned 512-bits
Definition: tritonTypes.hpp:43
TRITON_EXPORT bool isMemorySymbolized(const triton::arch::MemoryAccess &mem) const
[symbolic api] - Returns true if memory cell expressions contain symbolic variables.
Definition: api.cpp:889
TRITON_EXPORT std::list< triton::engines::symbolic::SharedSymbolicExpression > getTaintedSymbolicExpressions(void) const
[symbolic api] - Returns the list of the tainted symbolic expressions.
Definition: api.cpp:943
TRITON_EXPORT triton::ast::SharedAbstractNode processSimplification(const triton::ast::SharedAbstractNode &node) const
Processes all recorded simplifications. Returns the simplified node.
TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const
[taint api] - Returns true if the address:size is tainted.
Definition: api.cpp:1085
TRITON_EXPORT void assignSymbolicExpressionToMemory(const triton::engines::symbolic::SharedSymbolicExpression &se, const triton::arch::MemoryAccess &mem)
[symbolic api] - Assigns a symbolic expression to a memory.
Definition: api.cpp:747
TRITON_EXPORT bool taintRegister(const triton::arch::Register &reg)
[taint api] - Taints a register. Returns TAINTED if the register has been tainted correctly...
Definition: api.cpp:1135
TRITON_EXPORT std::map< triton::usize, SharedSymbolicExpression > sliceExpressions(const SharedSymbolicExpression &expr)
Slices all expressions from a given one.
TRITON_EXPORT triton::uint8 getSymbolicMemoryValue(triton::uint64 address)
[symbolic api] - Returns the symbolic memory value.
Definition: api.cpp:783
TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper &op) const
Abstract taint verification. Returns true if the operand is tainted.
TRITON_EXPORT std::set< const triton::arch::Register * > getTaintedRegisters(void) const
[taint api] - Returns the tainted registers.
Definition: api.cpp:1061
TRITON_EXPORT void concretizeRegister(const triton::arch::Register &reg)
Concretizes a specific symbolic register reference.
TRITON_EXPORT const std::set< triton::uint64 > & getTaintedMemory(void) const
Returns the tainted addresses.
Definition: taintEngine.cpp:60
std::size_t usize
unsigned MAX_INT 32 or 64 bits according to the CPU.
Definition: tritonTypes.hpp:67
TRITON_EXPORT void setAstRepresentationMode(triton::uint32 mode)
[AST representation api] - Sets the AST representation mode.
Definition: api.cpp:523
TRITON_EXPORT void clearArchitecture(void)
[architecture api] - Clears the architecture states (registers and memory).
Definition: api.cpp:277
TRITON_EXPORT bool isSymbolicExpressionIdExists(triton::usize symExprId) const
Returns true if the symbolic expression ID exists.
TRITON_EXPORT void clearArchitecture(void)
Clears the architecture states (registers and memory).
TRITON_EXPORT bool taintAssignmentRegisterRegister(const triton::arch::Register &regDst, const triton::arch::Register &regSrc)
[taint api] - Taints RegisterRegister with assignment. Returns true if the regDst is tainted...
Definition: api.cpp:1237
TRITON_EXPORT void setSolver(triton::engines::solver::solver_e kind)
Initializes a predefined solver.
TRITON_EXPORT void removeCallback(triton::callbacks::getConcreteMemoryValueCallback cb)
[callbacks api] - Deletes a GET_CONCRETE_MEMORY_VALUE callback (LOAD).
Definition: api.cpp:561
TRITON_EXPORT bool isSolverValid(void) const
Returns true if the solver is valid.
Definition: api.cpp:994
TRITON_EXPORT triton::uint512 getSymbolicRegisterValue(const triton::arch::Register &reg)
[symbolic api] - Returns the symbolic register value.
Definition: api.cpp:801
TRITON_EXPORT void removeSymbolicExpression(triton::usize symExprId)
[symbolic api] - Removes the symbolic expression corresponding to the id.
Definition: api.cpp:711
TRITON_EXPORT bool untaintRegister(const triton::arch::Register &reg)
Untaints a register. Returns !TAINTED if the register has been untainted correctly. Otherwise it returns the last defined state.
TRITON_EXPORT triton::ast::SharedAbstractNode processSimplification(const triton::ast::SharedAbstractNode &node, bool z3=false) const
[symbolic api] - Processes all recorded simplifications. Returns the simplified node.
Definition: api.cpp:807
TRITON_EXPORT triton::ast::SharedAbstractNode getPathConstraintsAst(void) const
Returns the logical conjunction AST of path constraints.
Definition: pathManager.cpp:47
triton::engines::solver::SolverEngine * solver
The solver engine.
Definition: api.hpp:59
TRITON_EXPORT bool setTaintRegister(const triton::arch::Register &reg, bool flag)
[taint api] - Sets the flag (taint or untaint) to a register.
Definition: api.cpp:1116
TRITON_EXPORT const SharedSymbolicVariable & convertExpressionToSymbolicVariable(triton::usize exprId, triton::uint32 symVarSize, const std::string &symVarComment="")
Converts a symbolic expression to a symbolic variable. symVarSize must be in bits.
TRITON_EXPORT void enable(bool flag)
Enables or disables the taint engine.
Definition: taintEngine.cpp:54
TRITON_EXPORT void removeAllCallbacks(void)
Removes all recorded callbacks.
Definition: callbacks.cpp:52
TRITON_EXPORT triton::engines::symbolic::SharedSymbolicExpression newSymbolicExpression(const triton::ast::SharedAbstractNode &node, const std::string &comment="")
[symbolic api] - Returns a new shared symbolic expression. Note that if there are simplification pass...
Definition: api.cpp:699
TRITON_EXPORT triton::uint512 getConcreteRegisterValue(const triton::arch::Register &reg, bool execCallbacks=true) const
Returns the concrete value of a register.