Entry point object for tainting data.
Taints can be created by using the
simple_taint function. The
last_taint method can be used to retrieve the started taint.
Please refer to the
taint package documentation for more information.
>>> trace = reven_server.trace >>> tainter = reven2.preview.taint.Tainter(trace)
||Request the server to start a taint such that its parameters are the arguments to this function.|
||Get the last taint started by
Request the server to start a taint such that its parameters are the arguments to this function.
As this function offers a simplified API, it starts the taint with a maximum of two different taint markers.
Each successive call to this method will cancel and discard the previously started taint if any.
tag0, tag1 tainted data is labeled by
tag1. Tainted data can be one of:
integer(interpreted as a
dsprefixed logical address),
>>> trace = reven_server.trace() >>> tainter = reven2.preview.taint.Tainter(trace) >>> # taint in forward on the full trace, starting at the first context, >>> # "rax" with tag0, [ds:0xffffd001ea0d6040 ; 8] with tag1 >>> taint = tainter.simple_taint(tag0="rax", tag1="[ds:0xffffd001ea0d6040 ; 8]") >>> # The same taint, with the arguments expressed differently. >>> taint = tainter.simple_taint(tag0=reven2.arch.x64.rax, tag1=0xffffd001ea0d6040) >>> # # A slightly different taint, where tag0 tags both `rax` and the memory address, and where nothing it taggued with `tag1`. >>> taint = tainter.simple_taint(tag0=[reven2.arch.x64.rax, 0xffffd001ea0d6040])
|Parameters||tag0||Initially tainted data marked with the |
|tag1||Initially tainted data marked with the |
Get the last taint started by
This function can only get the last taint if that taint was started by a tainter object in the same session.