about summary refs log tree commit diff stats
path: root/snapshot.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Refactor project structureTheofilos Augoustis2023-12-311-135/+0
| | | | | | | | Read concrete state on demand during concolic exec During concolic tracing, don't record full program snapshots at each basic block, but instead read concrete values directly from the concrete target when they are needed.
* Extend error reporting systemTheofilos Augoustis2023-12-271-2/+5
| | | | | Add error severities and the ability to filter for them. Include more information in comparison error messages.
* Improve SparseMemory.write_memory performanceTheofilos Augoustis2023-12-261-6/+10
| | | | Reduce overhead of handling sparse memory
* Implement symbolic comparison and match traces via MiasmTheofilos Augoustis2023-12-141-0/+15
| | | | | Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com> Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
* Adapt symbolic compare to new transform interfaceTheofilos Augoustis2023-12-081-10/+0
| | | | | | | | | | | | Also implement a `MiasmSymbolicTransform.concat` function that concatenates two transformations. Some minor adaptions to the eval_expr code was necessary to remove some assumptions that don't work if the resolver state returns symbols instead of concrete values. Remove obsolete utilities that were used for angr. Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com> Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
* Add memory storage capabilities to `ProgramState`Theofilos Augoustis2023-11-271-2/+76
| | | | | | | | | | The `SparseMemory` class represents a program's memory. While the user can read from and write to arbitrary memory addresses, it manages its memory in pages/chunks internally. This is a tradeoff between space consumption (this solution might have a memory overhead) and lookup speed of individual memory addresses. Add two small unit tests for `SparseMemory`.
* Implement symbolic state comparison algorithmTheofilos Augoustis2023-11-271-0/+9
| | | | | | | | | This is the first draft of a `compare` algorithm that uses recorded symbolic transformations. Is currently based on angr, so it's probably going to be reworked to work with states generated by Miasm. Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com> Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
* Standardize X86 register namesTheofilos Augoustis2023-11-261-23/+25
| | | | | | | | | | | | | | | | | | | | | | | Add some infrastructure for flexible register name matching (i.e. using 'PC' to look up RIP): - `Arch.to_regname` tries to look up a register's standard name from an arbitrary string. - `ArchX86` overrides `to_regname` to resolve alias names for registers. Currently just 'PC' for 'RIP'. - `ProgramState.read` and `ProgramState.write` use `to_regname` to make register access more convenient. Add all flags with their standard abbreviations to `x86.regnames`. Implement a full RFLAGS decomposition into its individual flags in `x86`. Replace the hacks in `run.py` and `miasm_test.py` with this more complete solution. Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com> Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>
* Refactor file structureTheofilos Augoustis2023-10-111-0/+38
- main.py: focaccia user-interface - snapshot.py: state trace snapshots handling - compare.py: snapshot comparison algorithms - run.py: native execution tracer - arancini.py: Arancini log handling - arch/: per-architecture abstractions Co-authored-by: Theofilos Augoustis <theofilos.augoustis@gmail.com> Co-authored-by: Nicola Crivellin <nicola.crivellin98@gmail.com>