reven2.trace._find

module documentation

Undocumented

Function	`find_inverse`	Undocumented
Function	`_context_asid`	Return the ASID (Address Space IDentifier) for the context.
Function	`_context_pc`	Return the Program Counter (PC) value for the context.
Function	`_handle_exception`	Returns the iret transition matching the given exception or None.
Function	`_handle_iretq`	Returns the exception transition matching the given iret or None.
Function	`_handle_syscall`	Returns the sysret transition matching the given syscall or None.
Function	`_handle_sysenter`	Returns the sysexit transition matching the given sysenter or None.
Function	`_handle_sysexit`	Returns the sysenter transition matching the given sysexit or None.
Function	`_handle_sysret`	Returns the syscall transition matching the given sysret or None.
Function	`_is_any_instruction_in`	Undocumented
Function	`_is_exception`	Undocumented
Function	`_is_instruction`	Undocumented
Function	`_next_read_accesses`	Undocumented
Function	`_previous_write_accesses`	Undocumented
Function	`_syscall_return_pc`	Return the return PC stored by the syscall instruction.
Function	`_transition_find_memory_access`	Undocumented
Function	`_transition_find_memory_read`	find last memory access reading given value at tr
Function	`_transition_find_memory_write`	find last memory access writting given value at tr

def find_inverse(transition):

Undocumented

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _context_asid(context):

Return the ASID (Address Space IDentifier) for the context.

Parameters
context:`_trace.Context`	Undocumented
Returns
`int`	Undocumented

def _context_pc(context):

Return the Program Counter (PC) value for the context.

RIP for 64bit or EIP for 32bit.

Parameters
context:`_trace.Context`	Undocumented
Returns
`int`	Undocumented

def _handle_exception(transition):

Returns the iret transition matching the given exception or None.

Find the memory access used by the exception to write the return pc. Search for the matching read access, where the iret would get the return pc. Ensure the matching transition is an iret-like.

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _handle_iretq(transition):

Returns the exception transition matching the given iret or None.

Find the memory access used by iret to read the return pc. Search for the matching write access, where the exception would write the return pc. Ensure the matching transition is an exception.

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _handle_syscall(transition):

Returns the sysret transition matching the given syscall or None.

The syscall instruction stores the return pc (used by sysret) in rcx. Search for the executions of the return pc in the trace, and check the matches against the syscall ASID (cr3) and by mnemonic.

Would be very slow without the pc ranges fast search.

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _handle_sysenter(transition):

Returns the sysexit transition matching the given sysenter or None.

Iterates over `cs` changes to find the next matching sysexit. Currently only the mnemonic and the ASID (cr3) are checked.

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _handle_sysexit(transition):

Returns the sysenter transition matching the given sysexit or None.

Assumes `transition` is a sysexit instruction.

Iterates over `cs` changes to find the previous matching sysenter. Currently only the mnemonic and the ASID (cr3) are checked.

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`_Optional[_trace.Transition]`	Undocumented

def _handle_sysret(transition):

Returns the syscall transition matching the given sysret or None.

Iterate over `cs` changes to find the previous matching syscall. Currently checks the mnemonic, the ASID (cr3) and the return pc (rip) stored (in rcx) by the syscall instruction.

def _is_any_instruction_in(transition, mnemonic_list):

Undocumented

Parameters
transition:`_trace.Transition`	Undocumented
mnemonic_list:`_Iterable[str]`	Undocumented
Returns
`bool`	Undocumented

def _is_exception(transition):

Undocumented

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`bool`	Undocumented

def _is_instruction(transition):

Undocumented

Parameters
transition:`_trace.Transition`	Undocumented
Returns
`bool`	Undocumented

def _next_read_accesses(trace, mem_access):

Undocumented

Parameters
trace:`_trace.Trace`	Undocumented
mem_access:`_memhist.MemoryAccess`	Undocumented
Returns
`_Iterator[_memhist.MemoryAccess]`	Undocumented

def _previous_write_accesses(trace, mem_access):

Undocumented

Parameters
trace:`_trace.Trace`	Undocumented
mem_access:`_memhist.MemoryAccess`	Undocumented
Returns
`_Iterator[_memhist.MemoryAccess]`	Undocumented

def _syscall_return_pc(context):

Return the return PC stored by the syscall instruction.

The syscall instruction stores the return PC in RCX or ECX.

Parameters
context:`_trace.Context`	Undocumented
Returns
`int`	Undocumented

def _transition_find_memory_access(transition, value, operation=None):

Undocumented

Parameters
transition:`_trace.Transition`	Undocumented
value:`int`	Undocumented
operation:`_memhist.MemoryAccessOperation`	Undocumented
Returns
`_Optional[_memhist.MemoryAccess]`	Undocumented

def _transition_find_memory_read(transition, value):

find last memory access reading given value at tr

Parameters
transition:`_trace.Transition`	Undocumented
value:`int`	Undocumented
Returns
`_Optional[_memhist.MemoryAccess]`	Undocumented

def _transition_find_memory_write(transition, value):

find last memory access writting given value at tr

Parameters
transition:`_trace.Transition`	Undocumented
value:`int`	Undocumented
Returns
`_Optional[_memhist.MemoryAccess]`	Undocumented

reven2.trace._find_inverse

`reven2.trace._find_inverse`