[docs]classSimStateScratch(SimStatePlugin):""" Implements the scratch state plugin. """
[docs]def__init__(self,scratch=None):super().__init__()# info on the current runself.irsb=Noneself.bbl_addr=Noneself.stmt_idx=Noneself.last_ins_addr=Noneself.ins_addr=Noneself.sim_procedure=Noneself.bbl_addr_list=Noneself.stack_pointer_list=Noneself.executed_pages_set=None# information on exits *from* this stateself.jumpkind=Noneself.guard=claripy.trueself.target=Noneself.source=Noneself.exit_stmt_idx=Noneself.exit_ins_addr=Noneself.executed_block_count=0# the number of blocks that was executed hereself.executed_syscall_count=0# the number of system calls that was executed hereself.executed_instruction_count=-1# the number of instructions that was executedself.avoidable=True# information on VEX temps of this IRSBself.temps=[]self.tyenv=None# dirtied addresses, for dealing with self-modifying codeself.dirty_addrs=set()self.num_insns=0# pcode IR-relative jumpsself.statement_offset=0ifscratchisnotNone:self.temps=list(scratch.temps)self.tyenv=scratch.tyenvself.jumpkind=scratch.jumpkindself.guard=scratch.guardself.target=scratch.targetself.source=scratch.sourceself.exit_stmt_idx=scratch.exit_stmt_idxself.exit_ins_addr=scratch.exit_ins_addrself.executed_block_count=scratch.executed_block_countself.executed_syscall_count=scratch.executed_syscall_countself.executed_instruction_count=scratch.executed_instruction_countself.executed_pages_set=scratch.executed_pages_setself.irsb=scratch.irsbself.bbl_addr=scratch.bbl_addrself.stmt_idx=scratch.stmt_idxself.last_ins_addr=scratch.last_ins_addrself.ins_addr=scratch.ins_addrself.sim_procedure=scratch.sim_procedureself.bbl_addr_list=scratch.bbl_addr_listself.stack_pointer_list=scratch.stack_pointer_listself.statement_offset=scratch.statement_offset# privelegesself._priv_stack=[False]
[docs]deftmp_expr(self,tmp):""" Returns the Claripy expression of a VEX temp value. :param tmp: the number of the tmp :param simplify: simplify the tmp before returning it :returns: a Claripy expression of the tmp """self.state._inspect("tmp_read",BP_BEFORE,tmp_read_num=tmp)try:v=self.temps[tmp]ifvisNone:raiseSimMissingTempError("VEX temp variable %d does not exist. This is usually the result of an incorrect slicing."%tmp)exceptIndexError:raiseSimMissingTempError("Accessing a temp that is illegal in this tyenv")self.state._inspect("tmp_read",BP_AFTER,tmp_read_expr=v)returnv
# pylint:disable=unused-argument
[docs]defstore_tmp(self,tmp,content,reg_deps=None,tmp_deps=None,deps=None,**kwargs):""" Stores a Claripy expression in a VEX temp value. If in symbolic mode, this involves adding a constraint for the tmp's symbolic variable. :param tmp: the number of the tmp :param content: a Claripy expression of the content :param reg_deps: the register dependencies of the content :param tmp_deps: the temporary value dependencies of the content """self.state._inspect("tmp_write",BP_BEFORE,tmp_write_num=tmp,tmp_write_expr=content)tmp=self.state._inspect_getattr("tmp_write_num",tmp)content=self.state._inspect_getattr("tmp_write_expr",content)ifo.SYMBOLIC_TEMPSnotinself.state.options:# Non-symbolicself.temps[tmp]=contentelse:# Symbolicself.state.add_constraints(self.temps[tmp]==content)# get the size, and record the writeifo.TRACK_TMP_ACTIONSinself.state.options:data_ao=SimActionObject(content,reg_deps=reg_deps,tmp_deps=tmp_deps,deps=deps,state=self.state)r=SimActionData(self.state,SimActionData.TMP,SimActionData.WRITE,tmp=tmp,data=data_ao,size=content.length)self.state.history.add_action(r)self.state._inspect("tmp_write",BP_AFTER)
[docs]defclear(self):s=self.statej=self.jumpkindself.__init__()self.state=sself.jumpkind=j# preserve jumpkind - "what is the previous jumpkind" is an important question sometimes