reven2.preview.taint.Tainter(object) class documentationreven2.preview.taint
(View In Hierarchy)
Entry point object for tainting data.
Taints can be
created by using the simple_taint function. The
last_taint method can be used to retrieve the started
taint.
Please refer to the taint package
documentation for more information.
>>> trace = reven_server.trace >>> tainter = reven2.preview.taint.Tainter(trace)
| Method | __init__ | Undocumented |
| Method | simple_taint | Request the server to start a taint such that its parameters are the arguments to this function. |
| Method | last_taint | Get the last taint started by simple_taint |
| Method | __repr__ | Undocumented |
| Static Method | _handle_tag | Undocumented |
Request the server to start a taint such that its parameters are the arguments to this function.
As this function offers a simplified API, it starts the taint with a maximum of two different taint markers.
Each successive call to this method will cancel and discard the previously started taint if any.
tag0, tag1 tainted data is labeled by tag1.
Tainted data can be one of: string, list,
reven2.arch.register.Register,
TaintedRegisterSlice,
integer (interpreted as a ds prefixed
logical address), reven2.address.LogicalAddress,
reven2.address.LinearAddress,
reven2.address.LogicalAddressSegmentIndex,
reven2.address.PhysicalAddress
or TaintedMemories
from_context and
to_context (excluded)
>>> trace = reven_server.trace() >>> tainter = reven2.preview.taint.Tainter(trace) >>> # taint in forward on the full trace, starting at the first context, >>> # "rax" with tag0, [ds:0xffffd001ea0d6040 ; 8] with tag1 >>> taint = tainter.simple_taint(tag0="rax", tag1="[ds:0xffffd001ea0d6040 ; 8]") >>> # The same taint, with the arguments expressed differently. >>> taint = tainter.simple_taint(tag0=reven2.arch.x64.rax, tag1=0xffffd001ea0d6040) >>> # # A slightly different taint, where tag0 tags both `rax` and the memory address, and where nothing it taggued with `tag1`. >>> taint = tainter.simple_taint(tag0=[reven2.arch.x64.rax, 0xffffd001ea0d6040])
| Parameters | tag0 | Initially tainted data marked with the tag0 taint marker. The
accepted types for this parameter are the following:
|
| tag1 | Initially tainted data marked with the tag1 taint marker. The
accepted types for this parameter are the same as for tag0 | |
| from_context | reven2.trace.Context
First context in the requested taint range. | |
| to_context | reven2.trace.Context
First context not in the requested taint range. | |
| is_forward | bool, True for forward direction and
False for backward direction. | |
| Returns | A Taint
instance. | |
Get the last taint started by simple_taint
This function can only get the last taint if that taint was started by a tainter object in the same session.
| Returns | a Taint object
if the simple_taint function was used before this method call,
otherwise None. | |