Python claripy.Concat() Examples
The following are 30
code examples of claripy.Concat().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
claripy
, or try the search function
.
.
Example #1
| Source File: x86_setregister.py From rex with BSD 2-Clause "Simplified" License | 6 votes |
|
def raw(self, arch=None):
register = self.register
value = self.value
ip = self.pc
if isinstance(value, int):
value = claripy.BVV(value, 32)
if isinstance(ip, int):
ip = claripy.BVV(ip, 32)
try:
code_row = [claripy.BVV(x) for x in self.codes[register]]
except KeyError:
raise ValueError("register '%s' does not exist" % register)
return claripy.Concat(code_row[0], value.reversed, code_row[1], ip.reversed, code_row[2])
Example #2
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _auto_vectorize(self, f, args, rm=None, rm_passed=False):
if rm is not None:
rm = self._translate_rm(rm)
if rm_passed:
f = partial(f, rm)
if self._vector_size is None:
return f(args)
if self._vector_zero:
chopped = [arg[(self._vector_size - 1):0].raw_to_fp() for arg in args]
result = f(*chopped).raw_to_bv()
return claripy.Concat(args[0][(args[0].length - 1):self._vector_size], result)
else:
# I'm changing this behavior because I think this branch was never used otherwise
# before it only chopped the first argument but I'm going to make it chop all of them
result = []
for lane_args in self.vector_args(args):
if self._float:
# HACK HACK HACK
# this is such a weird divergence. why do the fp generics take several args and the int generics take a list?
result.append(f(*lane_args))
else:
result.append(f(lane_args))
return claripy.Concat(*result)
Example #3
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_divmod(self, args):
if self.is_signed:
quotient = (args[0].SDiv(claripy.SignExt(self._from_size - self._to_size, args[1])))
remainder = (args[0].SMod(claripy.SignExt(self._from_size - self._to_size, args[1])))
quotient_size = self._to_size
remainder_size = self._to_size
return claripy.Concat(
claripy.Extract(remainder_size - 1, 0, remainder),
claripy.Extract(quotient_size - 1, 0, quotient)
)
else:
quotient = (args[0] // claripy.ZeroExt(self._from_size - self._to_size, args[1]))
remainder = (args[0] % claripy.ZeroExt(self._from_size - self._to_size, args[1]))
quotient_size = self._to_size
remainder_size = self._to_size
return claripy.Concat(
claripy.Extract(remainder_size - 1, 0, remainder),
claripy.Extract(quotient_size - 1, 0, quotient)
)
#pylint:enable=no-self-use,unused-argument
# FP!
Example #4
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_generic_QSub(self, args):
"""
Saturating subtract.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a - b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((top_a ^ top_b) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(0, self._vector_size)
cap_cond = claripy.UGT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components)
Example #5
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_generic_QAdd(self, args):
"""
Saturating add.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a + b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((~(top_a ^ top_b)) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(-1, self._vector_size)
cap_cond = claripy.ULT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components)
Example #6
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def generic_compare(self, args, comparison):
if self._vector_size is not None:
res_comps = []
for i in reversed(range(self._vector_count)):
a_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[0])
b_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[1])
res_comps.append(claripy.If(comparison(a_comp, b_comp),
claripy.BVV(-1, self._vector_size),
claripy.BVV(0, self._vector_size)))
return claripy.Concat(*res_comps)
else:
return claripy.If(comparison(args[0], args[1]), claripy.BVV(1, 1), claripy.BVV(0, 1))
Example #7
| Source File: test_regression_memcmp_definite_size.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def regression_test_memcmp_strlen_simprocedure_interaction():
# import logging
# logging.getLogger('angr.manager').setLevel(logging.DEBUG)
bin_path = os.path.join(test_location, 'i386', 'cpp_regression_test_ch25')
p = angr.Project(bin_path, auto_load_libs=True) # this binary requires the loading of libstdc++.so.6
argv1 = cp.Concat(*[cp.BVS('argv%d' % i, 8) for i in range(48)])
state = p.factory.full_init_state(args=[bin_path, argv1],
add_options=angr.sim_options.unicorn
)
sm = p.factory.simulation_manager(state)
x = sm.explore(find=0x8048b9b, num_find=3)
nose.tools.assert_equal(len(x.found), 1)
for state in x.found:
solution = state.solver.eval_one(argv1, cast_to=bytes).strip(b"\x00")
nose.tools.assert_equal(solution, b"Here_you_have_to_understand_a_little_C++_stuffs")
Example #8
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def x86g_dirtyhelper_storeF80le(state, addr, qword):
sign = qword[63]
exponent = qword[62:52]
mantissa = qword[51:0]
normalized_exponent = exponent.zero_extend(4) - 1023 + 16383
zero_exponent = state.solver.BVV(0, 15)
inf_exponent = state.solver.BVV(-1, 15)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = claripy.Concat(claripy.BVV(1, 1), mantissa, claripy.BVV(0, 11))
zero_mantissa = claripy.BVV(0, 64)
inf_mantissa = claripy.BVV(-1, 64)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
tbyte = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(tbyte) == 80
state.memory.store(addr, tbyte, endness='Iend_LE')
return None, []
Example #9
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def x86g_dirtyhelper_loadF80le(state, addr):
tbyte = state.memory.load(addr, size=10, endness='Iend_LE')
sign = tbyte[79]
exponent = tbyte[78:64]
mantissa = tbyte[62:0]
normalized_exponent = exponent[10:0] - 16383 + 1023
zero_exponent = state.solver.BVV(0, 11)
inf_exponent = state.solver.BVV(-1, 11)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = tbyte[62:11]
zero_mantissa = claripy.BVV(0, 52)
inf_mantissa = claripy.BVV(-1, 52)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
qword = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(qword) == 64
return qword, []
Example #10
| Source File: test_vsa.py From claripy with BSD 2-Clause "Simplified" License | 6 votes |
|
def test_reversed_concat():
a = claripy.SI('a', 32, lower_bound=10, upper_bound=0x80, stride=10)
b = claripy.SI('b', 32, lower_bound=1, upper_bound=0xff, stride=1)
reversed_a = claripy.Reverse(a)
reversed_b = claripy.Reverse(b)
# First let's check if the reversing makes sense
nose.tools.assert_equal(claripy.backends.vsa.min(reversed_a), 0xa000000)
nose.tools.assert_equal(claripy.backends.vsa.max(reversed_a), 0x80000000)
nose.tools.assert_equal(claripy.backends.vsa.min(reversed_b), 0x1000000)
nose.tools.assert_equal(claripy.backends.vsa.max(reversed_b), 0xff000000)
a_concat_b = claripy.Concat(a, b)
nose.tools.assert_equal(a_concat_b._model_vsa._reversed, False)
ra_concat_b = claripy.Concat(reversed_a, b)
nose.tools.assert_equal(ra_concat_b._model_vsa._reversed, False)
a_concat_rb = claripy.Concat(a, reversed_b)
nose.tools.assert_equal(a_concat_rb._model_vsa._reversed, False)
ra_concat_rb = claripy.Concat(reversed_a, reversed_b)
nose.tools.assert_equal(ra_concat_rb._model_vsa._reversed, False)
Example #11
| Source File: cgc_type1_circumstantial_exploit.py From rex with BSD 2-Clause "Simplified" License | 6 votes |
|
def __init__(self, crash, register, reg_bitmask, ip_bitmask, reg_mem, value_var, ip_var):
'''
:param crash: a crash object which has been modified to exploit a vulnerability
:param register: the register set by the exploit
:param reg_bitmask: the bitmask indicating the bits of the register can be controlled
:param ip_bitmask: the bitmask indicating the bits of the ip can be controlled
:param reg_mem: memory containing the register setting content
:param value_var: claripy variable representing the value to set the register to
:param ip_var: claripy variable representing the value to set ip to
'''
super(CGCType1CircumstantialExploit, self).__init__(crash, register, bypasses_nx=True, bypasses_aslr=True,
reg_bitmask=reg_bitmask, ip_bitmask=ip_bitmask)
self.method_name = 'circumstantial'
self._arg_vars = [value_var, ip_var]
self._mem = claripy.Concat(reg_mem[0], reg_mem[1])
self._generate_formula()
Example #12
| Source File: test_simplify.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def test_reverse_concat_reverse_simplification():
# Reverse(Concat(Reverse(a), Reverse(b))) = Concat(b, a)
a = claripy.BVS('a', 32)
b = claripy.BVS('b', 32)
x = claripy.Reverse(claripy.Concat(claripy.Reverse(a), claripy.Reverse(b)))
nose.tools.assert_equal(x.op, 'Concat')
nose.tools.assert_is(x.args[0], b)
nose.tools.assert_is(x.args[1], a)
Example #13
| Source File: test_simplify.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def test_simplification():
def assert_correct(a, b):
nose.tools.assert_true(claripy.backends.z3.identical(a, b))
x, y, z = (claripy.BVS(name, 32) for name in ('x', 'y', 'z'))
# test extraction of concatted values
concatted = claripy.Concat(x, y, z)
assert_correct(concatted[95:64], x)
assert_correct(concatted[63:32], y)
assert_correct(concatted[31:0], z)
assert_correct(concatted[95:32], claripy.Concat(x, y))
assert_correct(concatted[63:0], claripy.Concat(y, z))
assert_correct(concatted[95:0], concatted)
assert_correct(concatted[47:0], claripy.Concat(y, z)[47:0])
assert_correct(concatted[70:0], concatted[70:0])
assert_correct(concatted[70:15], concatted[70:15])
assert_correct(concatted[70:35], claripy.Concat(x, y)[38:3])
# make sure the division simplification works
assert_correct(2+x, claripy.backends.z3.simplify(1+x+1))
assert_correct(x/y, claripy.backends.z3.simplify(x/y))
assert_correct(x%y, claripy.backends.z3.simplify(x%y))
Example #14
| Source File: test_memory.py From pakala with GNU General Public License v3.0 | 5 votes |
|
def test_overwrite_0(self):
self.mem.write(0, 64, claripy.BVV(1, 512))
self.assertBEqual(self.mem.read(0, 64), 1)
self.mem.write(64, 32, claripy.BVV(1, 256))
self.assertBEqual(self.mem.read(0, 64), 1)
self.mem.write(32, 32, claripy.BVV(1, 256))
self.assertBEqual(self.mem.read(0, 64), claripy.BVV(1, 512))
self.mem.write(0, 32, claripy.BVV(1, 256))
self.assertBEqual(
self.mem.read(0, 64),
claripy.Concat(claripy.BVV(1, 256), claripy.BVV(1, 256)),
)
Example #15
| Source File: test_memory.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def test_hex_dump():
s = SimState(arch='AMD64')
addr = s.heap.allocate(0x20)
s.memory.store(
addr,
claripy.Concat(
claripy.BVV('ABCDEFGH'),
claripy.BVS('symbolic_part', 24 * s.arch.bits)
)
)
dump = s.memory.hex_dump(addr, 0x20)
nose.tools.assert_equal(
dump,
'c0000000: 41424344 45464748 ???????? ???????? ABCDEFGH????????\n'
'c0000010: ???????? ???????? ???????? ???????? ????????????????\n'
)
dump = s.memory.hex_dump(
addr,
0x20,
extra_constraints=(s.memory.load(addr+0x10, 4) == 0xdeadbeef,),
solve=True,
endianness='Iend_LE'
)
nose.tools.assert_equal(
dump,
'c0000000: 44434241 48474645 ???????? ???????? ABCDEFGH????????\n'
'c0000010: efbeadde ???????? ???????? ???????? ....????????????\n'
)
Example #16
| Source File: test_memory.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def test_underconstrained():
state = SimState(arch='AMD64', add_options={o.UNDER_CONSTRAINED_SYMEXEC})
# test that under-constrained load is constrained
ptr1 = state.memory.load(0x4141414141414000, size=8, endness='Iend_LE')
assert ptr1.uc_alloc_depth == 0
assert ptr1.uninitialized
state.memory.load(ptr1, size=1)
# ptr1 should have been constrained
assert state.solver.min_int(ptr1) == state.solver.max_int(ptr1)
# test that under-constrained store is constrained
ptr2 = state.memory.load(0x4141414141414008, size=8, endness='Iend_LE')
assert ptr2.uc_alloc_depth == 0
assert ptr2.uninitialized
state.memory.store(ptr2, b"\x41", size=1)
# ptr2 should have been constrained
assert state.solver.min_int(ptr2) == state.solver.max_int(ptr2)
# ptr1 and ptr2 should not point to the same region
assert state.solver.eval(ptr1) != state.solver.eval(ptr2)
# uninitialized load and stores w/o uc_alloc_depth should not crash
ptr3 = claripy.Concat(
state.memory.load(0x4141414141414010, size=4, endness='Iend_LE'),
state.memory.load(0x4141414141414014, size=4, endness='Iend_LE'))
assert ptr3.uninitialized
assert ptr3.uc_alloc_depth is None # because uc_alloc_depth doesn't carry across Concat
# we don't care what these do, as long as they don't crash
state.memory.store(ptr3, b"\x41", size=1)
state.memory.load(ptr3, size=1)
Example #17
| Source File: test_vsa.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def test_fucked_extract():
not_fucked = claripy.Reverse(claripy.Concat(claripy.BVS('file_/dev/stdin_6_0_16_8', 8, explicit_name=True), claripy.BVS('file_/dev/stdin_6_1_17_8', 8, explicit_name=True)))
m = claripy.backends.vsa.max(not_fucked)
assert m > 0
zx = claripy.ZeroExt(16, not_fucked)
pre_fucked = claripy.Reverse(zx)
m = claripy.backends.vsa.max(pre_fucked)
assert m > 0
#print(zx, claripy.backends.vsa.convert(zx))
#print(pre_fucked, claripy.backends.vsa.convert(pre_fucked))
fucked = pre_fucked[31:16]
m = claripy.backends.vsa.max(fucked)
assert m > 0
# here's another case
wtf = (
(
claripy.Reverse(
claripy.Concat(
claripy.BVS('w', 8), claripy.BVS('x', 8), claripy.BVS('y', 8), claripy.BVS('z', 8)
)
) & claripy.BVV(15, 32)
) + claripy.BVV(48, 32)
)[7:0]
m = claripy.backends.vsa.max(wtf)
assert m > 0
Example #18
| Source File: calling_conventions.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_value(self, state, endness=None, **kwargs): # pylint:disable=arguments-differ
if endness is None: endness = state.arch.memory_endness
vals = []
for loc in reversed(self.locations):
vals.append(loc.get_value(state, endness, **kwargs))
return state.solver.Concat(*vals)
Example #19
| Source File: symbolizer.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _resymbolize_data(self, data, prefix=b"", base=0, skip=()):
ws = self.state.arch.bytes
suffix = data[len(data)-(len(data)%ws):]
data = data[:len(data)-(len(data)%ws)]
num_words = len(data) // ws
unpacked_le = struct.unpack(self._LE_FMT[0] + str(num_words) + self._LE_FMT[1], data)
unpacked_be = struct.unpack(self._BE_FMT[0] + str(num_words) + self._BE_FMT[1], data)
values_squashed = [ prefix ]
last_idx = 0
for i,(be,le) in enumerate(zip(unpacked_be, unpacked_le)):
#assert len(claripy.Concat(*values_squashed)) == i*8
s = self._resymbolize_int(be, le, base, i*ws, skip)
if s is None:
return None
if last_idx != i:
values_squashed.append(data[last_idx*ws:i*ws])
last_idx = i + 1
values_squashed.append(s)
if len(values_squashed) == 1:
return None
if last_idx != num_words:
values_squashed.append(data[last_idx*ws:])
values_squashed.append(suffix)
new_data = claripy.Concat(*values_squashed)
#assert len(new_data)/8 == len(data) + len(prefix)
#assert self.state.solver.eval_one(new_data) == self.state.solver.eval_one(claripy.BVV(data))
return new_data
Example #20
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_generic_CatOddLanes(self, args):
vec_0 = args[0].chop(self._vector_size)
vec_1 = args[1].chop(self._vector_size)
return claripy.Concat(*(vec_0[::2] + vec_1[::2]))
#def _op_Iop_Yl2xF64(self, args):
# rm = self._translate_rm(args[0])
# arg2_bv = args[2].raw_to_bv()
# # IEEE754 double looks like this:
# # SEEEEEEEEEEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# # thus, we extract the exponent bits, re-bias them, then
# # (signed) convert them back into an FP value for the integer
# # part of the log. then we make the approximation that log2(x)
# # = x - 1 for 1.0 <= x < 2.0 to account for the mantissa.
# # the bias for doubles is 1023
# arg2_exp = (arg2_bv[62:52] - 1023).val_to_fp(claripy.fp.FSORT_DOUBLE, signed=True, rm=rm)
# arg2_mantissa = claripy.Concat(claripy.BVV(int('001111111111', 2), 12), arg2_bv[51:0]).raw_to_fp()
# # this is the hacky approximation:
# log2_arg2_mantissa = claripy.fpSub(rm, arg2_mantissa, claripy.FPV(1.0, claripy.fp.FSORT_DOUBLE))
# return claripy.fpMul(rm, args[1].raw_to_fp(), claripy.fpAdd(rm, arg2_exp, log2_arg2_mantissa))
#def _op_Iop_Yl2xp1F64(self, args):
# rm_raw, arg1, arg2 = args
# rm = self._translate_rm(rm_raw)
# arg2_p1 = claripy.fpAdd(rm, arg2.raw_to_fp(), claripy.FPV(1.0, claripy.fp.FSORT_DOUBLE))
# return self._op_Iop_Yl2xF64((rm_raw, arg1, arg2_p1))
Example #21
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_generic_CatEvenLanes(self, args):
vec_0 = args[0].chop(self._vector_size)
vec_1 = args[1].chop(self._vector_size)
return claripy.Concat(*(vec_0[1::2] + vec_1[1::2]))
Example #22
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_generic_Perm(self, args):
ordered_0 = list(reversed(args[0].chop(self._vector_size)))
ordered_1 = list(reversed(args[1].chop(self._vector_size)))
res = []
nbits = int(math.log2(self._vector_size))
for pword in ordered_1:
switch = pword[nbits-1:0]
kill = pword[self._vector_size - 1]
switched = claripy.ite_cases([(switch == i, v) for i, v in enumerate(ordered_0[:-1])], ordered_0[-1])
killed = claripy.If(kill == 1, 0, switched)
res.append(killed)
return claripy.Concat(*reversed(res))
Example #23
| Source File: x86_leakaddress.py From rex with BSD 2-Clause "Simplified" License | 5 votes |
|
def raw(self, arch=None):
address, length = self.address, self.length
if isinstance(self.address, int):
address = claripy.BVV(address, 32)
if isinstance(length, int):
length = claripy.BVV(length, 32)
bv_codes = [claripy.BVV(x) for x in self.code]
return claripy.Concat(bv_codes[0], address.reversed, bv_codes[1], length.reversed, bv_codes[2])
Example #24
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_generic_HSub(self, args):
"""
Halving subtract, for some ARM NEON instructions.
"""
components = []
for a, b in self.vector_args(args):
if self.is_signed:
a = a.sign_extend(self._vector_size)
b = b.sign_extend(self._vector_size)
else:
a = a.zero_extend(self._vector_size)
b = b.zero_extend(self._vector_size)
components.append((a - b)[self._vector_size:1])
return claripy.Concat(*components)
Example #25
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def x86g_dirtyhelper_LGDT_LIDT(state, addr, op):
if not op.concrete:
# resolved failed
return None, [ ]
limit = state.memory.load(addr, 2, endness='Iend_LE')
base = state.memory.load(addr + 2, 4, endness='Iend_LE')
if op._model_concrete.value == 2:
state.regs.gdt = state.solver.Concat(base, limit).zero_extend(16)
elif op._model_concrete.value == 3:
# LIDT is a nop
pass
return None, [ ]
Example #26
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def pc_calculate_rdata_c(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=None):
cc_op = op_concretize(cc_op)
if cc_op == data[platform]['OpTypes']['G_CC_OP_COPY']:
return claripy.LShR(cc_dep1, data[platform]['CondBitOffsets']['G_CC_SHIFT_C']) & 1 # TODO: actual constraints
elif cc_op in ( data[platform]['OpTypes']['G_CC_OP_LOGICQ'], data[platform]['OpTypes']['G_CC_OP_LOGICL'], data[platform]['OpTypes']['G_CC_OP_LOGICW'], data[platform]['OpTypes']['G_CC_OP_LOGICB'] ):
return claripy.BVV(0, data[platform]['size']) # TODO: actual constraints
rdata_all = pc_calculate_rdata_all_WRK(state, cc_op,cc_dep1,cc_dep2,cc_ndep, platform=platform)
if isinstance(rdata_all, tuple):
cf, pf, af, zf, sf, of = rdata_all
return claripy.Concat(claripy.BVV(0, data[platform]['size']-1), cf & 1)
else:
return claripy.LShR(rdata_all, data[platform]['CondBitOffsets']['G_CC_SHIFT_C']) & 1
Example #27
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_segdescr_base(state, descriptor):
lo = descriptor[31:16]
mid = descriptor[39:32]
hi = descriptor[63:56]
return claripy.Concat(hi, mid, lo)
Example #28
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_segdescr_limit(state, descriptor):
granularity = descriptor[55]
lo = descriptor[15:0]
hi = descriptor[51:48]
limit = claripy.Concat(hi, lo).zero_extend(12)
if (granularity == 0).is_true():
return limit
else:
return (limit << 12) | 0xfff
Example #29
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_vector_mapped(self, args):
chopped_args = ([claripy.Extract((i + 1) * self._vector_size - 1, i * self._vector_size, a) for a in args]
for i in reversed(range(self._vector_count)))
return claripy.Concat(*(self._op_mapped(ca) for ca in chopped_args))
Example #30
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_vector_float_mapped(self, args):
rm_part = [] if self._generic_name in self.NO_RM else [args[0]]
chopped_args = (
[
claripy.Extract((i + 1) * self._vector_size - 1, i * self._vector_size, a).raw_to_fp()
for a in (args if self._generic_name in self.NO_RM else args[1:])
] for i in reversed(range(self._vector_count))
)
return claripy.Concat(*(self._op_float_mapped(rm_part + ca).raw_to_bv() for ca in chopped_args))
