Part of reven
The REVEN python API.
Provide a pythonic way to interact with a Reven project. This mainly provides an object oriented wrapper on the low level api, plus a few helper functions to make REVEN scripting more straightforward. A minimal caching mechanism is also implemented under the hood but it should be completely transparent for the interface users.
To use it, the first step is to connect to a running Reven project, for example on port 13370 of the host localhost:
>>> import reven >>> p = reven.Project('localhost', 13370)
A few low-level objects are not exposed yet:
Use the reven_api module to use those objects.
Every notable changes to this api will be documented in this file.
RegisterAccessPointIterator
and MemoryAccessPointIterator
to iterate over Points accessing a
register or a memory.
MemoryAccess:
prefixed boolean properties with `is_`, added content
and is_read properties.
ExecutionProgress:
fixed last_point_index, added is_done and
is_awaiting_configuration
Project
start_execution implementation.
Project
errors method was renamed into logs.
Project
logs method returns a list of tuple instead of a dict
of list of tuple.
Report: add
point, binary_name, type and
remove misleading cwe_*. Bind Severity
and Type.
search_memory_access trace independent and
move it out of Trace and into Project.
Trace
taint method, it now returns the new type Taint and support
propagation count limit.
search_symbol
that allow to filter on renamed symbol.
BinaryCriterion
and SymbolCriterion
have changed from regexp to pattern,
accuracy and case_sensitive.
mapping by mappings in Binary.
mappings returns a FileAddressSpace
by process where the binary is mapped.
Binary's
symbol from vector of string to vector of Symbol.
Chunk by Segment
in AddressSpace
that represent a named contiguous part of memory.
Chunks by segments in AddressSpace
and child.
Symbol.
map_memory_segment_into_process and
add_symbols_to_binary of Project.
base from AddressSpace.
__contains__ to contains in AddressSpace.
base_address, vma_to_rva and
vma_from_rva to FileAddressSpace.
file_address_spaces to ProcessAddressSpace.
cr3 to Process.
closest_symbol to Binary.
read_string and read_wstring to Memory
name property to SymbolicPhysicalMemory
| Class | TaintDiff | A taint propagation diff. It stores which elements either gain or loss the taint. |
| Class | Taint | The result of a taint propagation on a trace. |
| Class | Criterion | Criterion base class. Shouldn't be instanciated. |
| Class | AddressCriterion | Criterion object to select addresses. |
| Class | BinaryCriterion | Criterion object to select binaries. |
| Class | SymbolCriterion | Criterion object to select symbols. |
| Class | DeviceCriterion | Criterion object to select devices. |
| Class | Report | Inspector report about an execution. Can signal: - potential bugs detected in the trace (such as use after free). - execute after writes |
| Class | FrameBuffer | Video framebuffer information. |
| Class | AddressSpace | Abstract representation of non contiguous memory region. |
| Class | FileAddressSpace | An address space representing memory mapped files. |
| Class | ProcessAddressSpace | An address space representing a process memory. |
| Class | DeviceAddressSpace | An address space representing a device physical memory. |
| Class | Binary | Executable file information. |
| Class | Process | A running process. |
| Class | ProcessSwitch | A process switch during an execution. |
| Class | Device | A hardware device with port and memory ranges. |
| Class | DeviceAccess | An harware device access. Represent either a read or write access to a port or physical memory. |
| Class | Symbolic | Base class for symbolic objects. |
| Class | SymbolicRegister | A Cpu register symbolic representation. |
| Class | SymbolicPhysicalMemory | No class docstring; 2/5 methods documented |
| Class | Symbol | A symbol inside a binary. |
| Class | Instruction | A basic block instruction. |
| Class | BasicBlock | A block of uninterrupted instructions. |
| Class | Memory | This object represents the state of memory at a specified trace point. |
| Class | MemoryAccess | Represents memory access triggered by either by a the cpu or a device (mmio). |
| Class | Cpu | Cpu state on some trace point. |
| Class | Point | A point in a trace. |
| Class | RegisterAccessPointIterator | Iterator on points accessing given register (read or write) from a Point. |
| Class | MemoryAccessPointIterator | Iterator on points accessing given memory (read or write) from a Point. |
| Class | Sequence | Wrapper for reven_api.sequence_in_run. This class is an
implementation detail of the api and may not be used directly. |
| Class | Trace | Wrapper for reven_api.execution_run. |
| Class | Save | A saved project. |
| Class | ExecutionProgress | Execution progress. |
| Class | InspectorMemoryHistory | This inspector tracks the history of all memory accesses. Activating it is highly recommended. |
| Class | InspectorExecutionsAfterWrite | This inspector will to track executions after memory write like self modifying code. It requires inspector memory_range_history. |
| Class | InspectorAlterExecution | This inspector will alter the program's execution. Its alteration string is created through the rerun widget in Axion. |
| Class | InspectorStopExecution | This inspector will stop the execution when configured: either at a specific sequence, when a symbol is reached (if we know about the symbol early enough), or simply once the function we started the scenario in exits: |
| Class | InspectorStringHistory | This inspector will collect information about string that have been manipulated during the execution. |
| Class | Project | A reven project. This is the root api object. |