reven2.preview.taint.TaintChange(object)
class documentationreven2.preview.taint
(View In Hierarchy)
A change between two taint states, containing information about which data became tainted or lost the taint.
A taint change contains:
reven2.trace.Transition
that caused the change
TaintedRegisterSlice
or TaintedMemories
to ChangeMarkers
indicating the change
This object is not meant to be constructed directly. It is created by
TaintChangeView
>>> changes = taint.changes() >>> for change in changes.all(): >>> # change is an instance of TaintChange >>> print(change) Taint change at #7 mov qword ptr [rbp - 0x50], rax Tainted memories: [phy:0x46b5ff0; 8] : gained[tag0,]
Taint change at #20 movaps xmmword ptr [rbp], xmm1 Tainted memories: [phy:0x1bdb4040; 1] : lost[tag1,]
Taint change at #27 lea rax, [rip + 0x3120] Tainted registers: rax : lost[tag0,]
Taint change at #14733764 mov rax, qword ptr [rbp - 0x50] Tainted registers: rax : gained[tag0,]
Taint change at #14733789 mov rax, qword ptr [rsp + 0x90] Tainted registers: rax : lost[tag0,]
Taint change at #14746690 mov qword ptr [rsp + 0x30], r13 Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
state at 10 Taint state at Context before #11 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : lost[tag0,] [phy:0x1bdb4040; 1] : lost[tag1,]
Method | __init__ | Undocumented |
Method | transition | Property: the transition that caused the change |
Method | tainted_registers | Iterates over each TaintedRegisterSlice
in this change and yields a pair of TaintedRegisterSlice
and ChangeMarkers |
Method | tainted_memories | Iterates over each TaintedMemories
in this change and yields a pair of TaintedMemories
and ChangeMarkers |
Method | state_before | Get the TaintState
before this change relatively to the taint direction. |
Method | state_after | Get the TaintState
after this change relatively to the taint direction. |
Method | __str__ | Undocumented |
Method | __repr__ | Undocumented |
Property: the transition that caused the change
>>> changes = taint.changes() >>> for change in changes.all(): >>> # change is an instance of TaintChange >>> print(change.transition) 5 9 13 33 95
Returns | A reven2.trace.Transition . |
Iterates over each TaintedRegisterSlice
in this change and yields a pair of TaintedRegisterSlice
and ChangeMarkers
>>> changes = taint.changes() >>> for change in changes.all(): >>> # change is an instance of TaintChange >>> for reg, change_markers in change.tainted_registers(): >>> print(reg) >>> for handle, name in change_markers.gained: >>> print(name) >>> for handle, name in change_markers.lost: >>> print(name) rax tag0 rax tag0 rax tag0
Returns | A generator of (TaintedRegisterSlice ,
ChangeMarkers ). |
Iterates over each TaintedMemories
in this change and yields a pair of TaintedMemories
and ChangeMarkers
>>> changes = taint.changes() >>> for change in changes.all(): >>> # change is an instance of TaintChange >>> for mem, change_markers in change.tainted_memories(): >>> print(mem) >>> for handle, name in change_markers.gained: >>> print(name) >>> for handle, name in change_markers.lost: >>> print(name) phy:0x46b5ff0; 8] tag0 [phy:0x1bdb4040; 1] tag1 [phy:0x46b5ff0; 8] tag0
Returns | A generator of (TaintedMemories ,
ChangeMarkers ). |
Get the TaintState
before this change relatively to the taint direction.
If the taint is a Forward
taint, then the state before is
taint.state_at(change.transition.context_before())
If the taint is a Backward
taint, then the state before is
taint.state_at(change.transition.context_after())
>>> changes = taint.changes() >>> for change in changes.all(): >>> print (change.state_before()) Taint state at Context before #7 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x1bdb4040; 1] : [tag1,]
Taint state at Context before #20 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,] [phy:0x1bdb4040; 1] : [tag1,]
Taint state at Context before #27 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14733764 Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14733789 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14746690 Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Returns | A TaintState . |
Get the TaintState
after this change relatively to the taint direction.
If the taint is a Forward
taint, then the state after is
taint.state_at(change.transition.context_after())
If the taint is a Backward
taint, then the state after is
taint.state_at(change.transition.context_before())
>>> changes = taint.changes() >>> for change in changes.all(): >>> print (change.state_after()) Taint state at Context before #8 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,] [phy:0x1bdb4040; 1] : [tag1,]
Taint state at Context before #21 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #28 Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14733765 Tainted registers: rax : [tag0,] Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14733790 Tainted memories: [phy:0x46b5ff0; 8] : [tag0,]
Taint state at Context before #14746691
Returns | A TaintState . |