libTriton  version 0.9 build 1502
Python bindings of the Pintool tracer

[python api] All information about the tracer's Python API.

Python API - Methods and namespaces of the Pintool tracer


This project is shipped with a Pintool tracer which can be compile with the cmake flag -DPINTOOL=on. Then, the pintool must be used like this:

$ ./triton <your_script.py> <your_targeted_binary>

Your script must contains the pintool and triton imports.

>>> from triton import *
>>> from pintool import *

Methods

  • bool checkReadAccess(integer addr)
    Checks whether the memory page which contains this address has a read access protection.
  • bool checkWriteAccess(integer addr)
    Checks whether the memory page which contains this address has a write access protection.
  • void detachProcess(void)
    Detachs the pintool from the targeted process. The control flow is returned to the original uninstrumented code and the application is natively executed.
  • void disableSnapshot(void)
    Disables the snapshot engine. When you have done with the tracer::pintool::Snapshot::restoreSnapshot() function, you may use this function to improve performance. Then, the snapshot engine will be enable at the next tracer::pintool::Snapshot::takeSnapshot() call.
  • integer getCurrentMemoryValue(MemoryAccess mem)
    Returns the memory value from a MemoryAccess.
  • integer getCurrentMemoryValue(integer addr)
    Returns the memory value from the address.
  • integer getCurrentMemoryValue(integer addr, integer readSize)
    Returns the memory value according to the readSize from the address.
  • integer getCurrentRegisterValue(Register reg)
    Returns the register value from a Register.
  • string getImageName(integer addr)
    Returns the image name from a given address. Returns an empty string if not found.
  • string getRoutineName(integer addr)
    Returns the routine name from a given address. Returns an empty string if not found.
  • integer getSyscallArgument(STANDARD std, integer argNum)
    Returns the argument value of the system call which is executed in the current context. It is a user's responsibility to make sure that the current instruction is a syscall. This function must be used in a SYSCALL_ENTRY INSERT_POINT.
  • integer getSyscallNumber(STANDARD std)
    Returns the syscall number of the system call which is executed in the current context. It is a user's responsibility to make sure that the current instruction is a syscall. This function must be used in a SYSCALL_ENTRY INSERT_POINT.
  • integer getSyscallReturn(STANDARD std)
    Returns the result of the syscall. It is a user's responsibility to make sure that the current context represents the state of a system call after its execution. This function must be used in a SYSCALL_EXIT INSERT_POINT.
  • TritonContext getTritonContext()
    Pintools use a global triton context to do its simulation. You can acces it using this function.
  • void insertCall(function, INSERT_POINT type)
    Inserts a call before and after several cases. All code executed into a callback function are executed during the instrumentation.
  • bool isSnapshotEnabled(void)
    Returns true if the snapshot engine is enabled.
  • void restoreSnapshot(void)
    Restores the last snpahost taken. Check the tracer::pintool::Snapshot::takeSnapshot() function. Note that this function have to execute a new context registers, so RIP will be modified and your callback stopped (checkout the Pin API).
  • void runProgram(void)
    Starts the binary instrumentation over Pin.
  • void setCurrentMemoryValue(MemoryAccess mem, integer value)
    Sets the current memory value from a MemoryAccess.
  • void setCurrentMemoryValue(integer addr, integer value)
    Sets the current memory value from an address.
  • void setCurrentRegisterValue(Register reg, integer value)
    Sets the current register value from a Register. This method can only be called into a BEFORE_SYMPROC and AFTER callback. This method also synchronizes the Triton's register.
  • void setupImageBlacklist([string, ...])
    Setups a blacklist of image names, it means that these images will not be instrumented and executed natively.
  • void setupImageWhitelist([string, ...])
    Setups a whitelist of image names, it means that these images will be instrumented and all other images will be executed natively.
  • void startAnalysisFromAddress(integer addr)
    Starts the instrumentation at a specific address.
  • void startAnalysisFromEntry(void)
    Starts the instrumentation at the entry point.
  • void startAnalysisFromOffset(integer offset)
    Starts the instrumentation at a specific offset in the binary
  • void startAnalysisFromSymbol(string symbol)
    Starts the instrumentation at a specific symbol.
  • void stopAnalysisFromAddress(integer addr)
    Stops the instrumentation at a specific address.
  • void stopAnalysisFromOffset(integer offset)
    Stops the instrumentation at a specific offset.
  • void takeSnapshot(void)
    Creates a snaphost at this program point.

Namespaces