Entry point object for tainting data.

Taints can be created by using the simple_taint function. The last_taint method can be used to retrieve the started taint.

Please refer to the taint package documentation for more information.

Examples

>>> trace = reven_server.trace
>>> tainter = reven2.preview.taint.Tainter(trace)
Method __init__ Undocumented
Method simple_taint Request the server to start a taint such that its parameters are the arguments to this function.
Method last_taint Get the last taint started by simple_taint
Method __repr__ Undocumented
Static Method _handle_tag Undocumented
def __init__(self, trace):
Undocumented
def simple_taint(self, tag0, tag1=None, from_context=None, to_context=None, is_forward=True):

Request the server to start a taint such that its parameters are the arguments to this function.

As this function offers a simplified API, it starts the taint with a maximum of two different taint markers.

Warnings

Each successive call to this method will cancel and discard the previously started taint if any.

Taint parameters:

Examples

>>> trace = reven_server.trace()
>>> tainter = reven2.preview.taint.Tainter(trace)
>>> # taint in forward on the full trace, starting at the first context,
>>> # "rax" with tag0, [ds:0xffffd001ea0d6040 ; 8] with tag1
>>> taint = tainter.simple_taint(tag0="rax", tag1="[ds:0xffffd001ea0d6040 ; 8]")
>>> # The same taint, with the arguments expressed differently.
>>> taint = tainter.simple_taint(tag0=reven2.arch.x64.rax, tag1=0xffffd001ea0d6040)
>>> # # A slightly different taint, where tag0 tags both `rax` and the memory address,
and where nothing it taggued with `tag1`.
>>> taint = tainter.simple_taint(tag0=[reven2.arch.x64.rax, 0xffffd001ea0d6040])

Information

Parameterstag0Initially tainted data marked with the tag0 taint marker. The accepted types for this parameter are the following:
  • a string, this string will be parsed by the tag parser, the string must be a comma separated list of registers and memory ranges, such as: "rax, rbx[1:5], [0xffffd001ea0d6040], [ds:0xffffd001ea0d6040; 8], [phy:0x44554454; 16]"
  • an integer representing a memory range (0xffffd001ea0d6040 is [ds:0xffffd001ea0d6040; 1]).
  • a class from the reven2.address module
  • a reven2.arch.Register.
  • a reven2.preview.taint.TaintedRegisterSlice.
  • a list mixing any of the previous possibilities, excepted string
tag1Initially tainted data marked with the tag1 taint marker. The accepted types for this parameter are the same as for tag0
from_contextreven2.trace.Context First context in the requested taint range.
to_contextreven2.trace.Context First context not in the requested taint range.
is_forwardbool, True for forward direction and False for backward direction.
ReturnsA Taint instance.
@staticmethod
def _handle_tag(tagname, tag):
Undocumented
def last_taint(self):

Get the last taint started by simple_taint

Warnings

This function can only get the last taint if that taint was started by a tainter object in the same session.

Information

Returnsa Taint object if the simple_taint function was used before this method call, otherwise None.
def __repr__(self):
Undocumented
API Documentation for reven2, generated by pydoctor at 2019-09-11 11:57:21.