class TaintResultView(object):
Known subclasses: reven2.preview.taint.TaintAccessView
, reven2.preview.taint.TaintStateView
, reven2.preview.taint.TaintWarningView
The abstract class from which any result view is derived.
It contains implementation of all functionalities used by TaintAccessView
, TaintStateView
and TaintWarningView
Method | __init__ |
Undocumented |
Method | filter_by_context_range |
Filter the result view such that the results are between from_context and to_context . |
Method | take_n |
Filter the result view such as to get at most take_n results |
Property | status |
Property: the current status of this view instance, with regards to whether results are available to fetch. |
Method | all |
Yields all results in the view |
Method | available |
Yields the results that are currently available in the view. |
Method | __repr__ |
Undocumented |
Instance Variable | _remaining_result |
Undocumented |
Instance Variable | _rvn_taint_query |
Undocumented |
Instance Variable | _trace |
Undocumented |
Instance Variable | _taint_data |
Undocumented |
Instance Variable | _status |
Undocumented |
Method | _context_from_id |
Undocumented |
Method | _compare_context |
Undocumented |
reven2.preview.taint.TaintAccessView
, reven2.preview.taint.TaintStateView
, reven2.preview.taint.TaintWarningView
Undocumented
Filter the result view such that the results are between from_context
and to_context
.
If to_context
is None then results will be only for from_context
>>> # taint rax in all the trace >>> taint = tainter.simple_taint("rax") >>> # create a change view and filter result between context(100) and context(1000) >>> changes = taint.accesses(changes_only=True).filter_by_context_range(trace.context_after(100), >>> trace.context_after(1000)) >>> # create a state view and filter result for context(100) only >>> states = taint.states().filter_by_context_range(trace.context_after(100)) >>> next(states.all()) TaintState(context=Context before #101)
Do not call this method on view instances where you already called all
or available
Parameters | from_context | reven2.trace.Context the beginning context |
to_context | reven2.trace.Context the ending context | |
Returns | self . |
Filter the result view such as to get at most take_n
results
Do not call this method on view instances where you already called all
or available
>>> # taint rax in all the trace >>> taint = tainter.simple_taint("rax") >>> # create a change view of all results and take only 3 results from them >>> changes = taint.accesses(changes_only=True).take_n(3) >>> for change in changes: >>> print(change.transition) #7 mov qword ptr [rbp - 0x50], rax #20 movaps xmmword ptr [rbp], xmm1 #27 lea rax, [rip + 0x3120]
Parameters | take_n | integer number of requested results |
Returns | self . |
Property: the current status of this view instance, with regards to whether results are available to fetch.
>>> # taint rax in all the trace >>> taint = tainter.simple_taint("rax") >>> # create a change view of all results >>> changes = taint.accesses(changes_only=True) >>> changes.status TaintResultStatus.Waiting >>> for change in changes.all() >>> pass >>> changes.status TaintResultStatus.Exhausted
Yields all results in the view
This method is a blocking method, it blocks until all results are available.
If this method is called multiple times on the same view instance, the first call will return all the results, and later calls will not return any result.
Calling this method after calling the available
method on the same view instance will only yield the results that were not produced by the previous call to the available
method.
>>> # taint [ds:0xffffd001ea0d6040; 8] in all the trace >>> taint = tainter.simple_taint("[0xffffd001ea0d6040; 8]") >>> changes = taint.accesses(changes_only=True) >>> for change in changes.all(): >>> print(change) Taint change at #20 movaps xmmword ptr [rbp], xmm1 Tainted memories: [phy:0x1bdb4040; 8] : [tag0,]
Returns | A generator of taint results. |
Yields the results that are currently available in the view.
This method won't block even if all results were not produced yet by the taint: it will simply yield the results available to the taint at the time of the call, and then return.
Note that each successive call to this method on the same instance will only yield the results that were produced since the last call.
>>> # taint [ds:0xfffff658987; 8] in all the trace >>> taint = tainter.simple_taint("[0xfffff658987; 8]") >>> changes = taint.accesses(changes_only=True) >>> for change in changes.available(): >>> print(change.transition.id) 21 27 52 >>> for change in changes.available(): >>> print(change.transition.id) 87 101 >>> # Note that you can restart iteration by constructing a news changes view >>> changes = taint.accesses(changes_only=True) >>> for change in changes.available(): >>> print(change.transition.id) 21 27 52 87 101
Returns | A generator of available taint results. |
reven2.preview.taint.TaintAccessView
, reven2.preview.taint.TaintStateView
, reven2.preview.taint.TaintWarningView
Undocumented