class Tainter(object):
Entry point object for tainting data.
Taints can be created by using the simple_taint function. The last_taint method can be used to retrieve the started taint.
Please refer to the taint package documentation for more information.
>>> trace = reven_server.trace >>> tainter = reven2.preview.taint.Tainter(trace)
| Method | __init__ |
Undocumented |
| Method | simple_taint |
Request the server to start a taint such that its parameters are the arguments to this function. |
| Method | last_taint |
Get the last taint started by simple_taint |
| Method | __repr__ |
Undocumented |
| Instance Variable | _trace |
Undocumented |
| Instance Variable | _taint_data |
Undocumented |
| Static Method | _handle_tag |
Undocumented |
Request the server to start a taint such that its parameters are the arguments to this function.
As this function offers a simplified API, it starts the taint with a maximum of two different taint markers.
Each successive call to this method will cancel and discard the previously started taint if any.
tag0, tag1 tainted data is labeled by tag1. Tainted data can be one of: string, list, reven2.arch.register.Register, TaintedRegisterSlice, integer (interpreted as a ds prefixed logical address), reven2.address.LogicalAddress, reven2.address.LinearAddress, reven2.address.LogicalAddressSegmentIndex, reven2.address.PhysicalAddress or TaintedMemoriesTransitions between from_context and to_context>>> trace = reven_server.trace() >>> tainter = reven2.preview.taint.Tainter(trace) >>> # taint in forward on the full trace, starting at the first context, >>> # "rax" with tag0, [ds:0xffffd001ea0d6040 ; 8] with tag1 >>> taint = tainter.simple_taint(tag0="rax", tag1="[ds:0xffffd001ea0d6040 ; 8]") >>> # The same taint, with the arguments expressed differently. >>> taint = tainter.simple_taint(tag0=reven2.arch.x64.rax, tag1=0xffffd001ea0d6040) >>> # # A slightly different taint, where tag0 tags both `rax` and the memory address, and where nothing it taggued with `tag1`. >>> taint = tainter.simple_taint(tag0=[reven2.arch.x64.rax, 0xffffd001ea0d6040])
| Parameters | tag0 | Initially tainted data marked with the tag0 taint marker. The accepted types for this parameter are the following:
|
| tag1 | Initially tainted data marked with the tag1 taint marker. The accepted types for this parameter are the same as for tag0 | |
| from_context | reven2.trace.Context Context before the first transition in the requested taint range. | |
| to_context | reven2.trace.Context Context after the last transition in the requested taint range. | |
| is_forward | bool, True for forward direction and False for backward direction. | |
| Returns | A Taint instance. | |
Get the last taint started by simple_taint
This function can only get the last taint if that taint was started by a tainter object in the same session.
| Returns | a Taint object if the simple_taint function was used before this method call, otherwise None. | |