Misc. Utilities

cle.gdb.convert_info_sharedlibrary(fname)[source]

Convert a dump from gdb’s info sharedlibrary command to a set of options that can be passed to CLE to replicate the address space from the gdb session

Parameters:

fname – The name of a file containing the dump

Returns:

A dict appropriate to be passed as **kwargs for angr.Project or cle.Loader

cle.gdb.convert_info_proc_maps(fname)[source]

Convert a dump from gdb’s info proc maps command to a set of options that can be passed to CLE to replicate the address space from the gdb session

Parameters:

fname – The name of a file containing the dump

Returns:

A dict appropriate to be passed as **kwargs for angr.Project or cle.Loader

class cle.memory.ClemoryBase[source]

Bases: object

__init__(arch)[source]
load(addr, n)[source]
store(addr, data)[source]
backers(addr=0)[source]
find(data, search_min=None, search_max=None)[source]
unpack(addr, fmt)[source]

Use the struct module to unpack the data at address addr with the format fmt.

unpack_word(addr, size=None, signed=False, endness=None)[source]

Use the struct module to unpack a single integer from the address addr.

You may override any of the attributes of the word being extracted:

Parameters:
  • size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)

  • signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned

  • endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

load_null_terminated_bytes(addr, max_size=4096) bytes[source]

Load a null-terminated string from memory at address addr with a maximum size of max_size. Useful

Return type:

bytes

pack(addr, fmt, *data)[source]

Use the struct module to pack data into memory at address addr with the format fmt.

pack_word(addr, data, size=None, signed=False, endness=None)[source]

Use the struct module to pack a single integer data into memory at the address addr.

You may override any of the attributes of the word being packed:

Parameters:
  • size (int) – The size in bytes to pack/unpack. Defaults to wordsize (e.g. 4 bytes on a 32 bit architecture)

  • signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned

  • endness (archinfo.Endness) – The endian to use in packing/unpacking. Defaults to memory endness

read(nbytes)[source]

The stream-like function that reads up to a number of bytes starting from the current position and updates the current position. Use with seek().

Up to nbytes bytes will be read, halting at the beginning of the first unmapped region encountered.

seek(value)[source]

The stream-like function that sets the “file’s” current position. Use with read().

Parameters:

value – The position to seek to.

tell()[source]
close()[source]
class cle.memory.Clemory[source]

Bases: ClemoryBase

An object representing a memory space.

Accesses can be made with [index] notation.

__init__(arch, root=False)[source]
consecutive
min_addr
max_addr
add_backer(start, data, overwrite=False)[source]

Adds a backer to the memory.

Parameters:
  • start – The address where the backer should be loaded.

  • data – The backer itself. Can be either a bytestring or another Clemory.

  • overwrite – If True and the range overlaps any existing backer, the existing backer will be split up and the overlapping part will be replaced with the new backer.

split_backer(addr)[source]

Ensures that addr is the start of a backer, if it is backed.

update_backer(start, data)[source]
remove_backer(start)[source]
backers(addr=0)[source]

Iterate through each backer for this clemory and all its children, yielding tuples of (start_addr, backer) where each backer is a bytearray.

Parameters:

addr – An optional starting address - all backers before and not including this address will be skipped.

load(addr, n)[source]

Read up to n bytes at address addr in memory and return a bytes object.

Reading will stop at the beginning of the first unallocated region found, or when n bytes have been read.

store(addr, data)[source]

Write bytes from data at address addr.

Note: If the store runs off the end of a backer and into unbacked space, this function will update the backer but also raise KeyError.

find(data, search_min=None, search_max=None)[source]

Find all occurances of a bytestring in memory.

Parameters:
  • data (bytes) – The bytestring to search for

  • search_min (int) – Optional: The first address to include as valid

  • search_max (int) – Optional: The last address to include as valid

Return Iterator[int]:

Iterates over addresses at which the bytestring occurs

class cle.memory.ClemoryView[source]

Bases: ClemoryBase

__init__(backer, start, end, offset=0)[source]

A Clemory which presents a subset of another Clemory as an address space

Parameters:
  • backer – The parent clemory to use

  • start – The address in the parent to start at

  • end – The address in the parent to end at (exclusive)

  • offset – Where the address space should start in this Clemory. Default 0.

backers(addr=0)[source]
load(addr, n)[source]
store(addr, data)[source]
find(data, search_min=None, search_max=None)[source]
class cle.memory.ClemoryTranslator[source]

Bases: ClemoryBase

Uses a function to translate between address spaces when accessing a child clemory. Intended to be used only as a stream object.

__init__(backer: ClemoryBase, func)[source]
Parameters:

backer (ClemoryBase)

load(addr, n)[source]
store(addr, data)[source]
backers(addr=0)[source]
find(data, search_min=None, search_max=None)[source]
class cle.memory.UninitializedClemory[source]

Bases: Clemory

A special kind of Clemory that acts as a placeholder for uninitialized and invalid memory. This is needed for the PAGEZERO segment for MachO binaries, which is 4GB worth of memory This does _not_ handle data being written to it, this is only for uninitialized memory that is technically occupied but should never be accessed

__init__(arch, size)[source]
max_addr
add_backer(start, data, overwrite=False)[source]

Adds a backer to the memory.

Parameters:
  • start – The address where the backer should be loaded.

  • data – The backer itself. Can be either a bytestring or another Clemory.

  • overwrite – If True and the range overlaps any existing backer, the existing backer will be split up and the overlapping part will be replaced with the new backer.

split_backer(addr)[source]

Ensures that addr is the start of a backer, if it is backed.

update_backer(start, data)[source]
remove_backer(start)[source]
backers(addr=0)[source]

Technically this object has no real backer We could create a fake backer on demand, but that would be a waste of memory, and code like the function prolog discovery for MachO binaries would search 4GB worth of nullbytes for a prolog, which is a waste of time Instead we just return an empty byte array, which seems to pass the test cases :type addr: :param addr: :return:

load(addr, n)[source]

Read up to n bytes at address addr in memory and return a bytes object.

Reading will stop at the beginning of the first unallocated region found, or when n bytes have been read.

store(addr, data)[source]

Write bytes from data at address addr.

Note: If the store runs off the end of a backer and into unbacked space, this function will update the backer but also raise KeyError.

find(data, search_min=None, search_max=None)[source]

The memory has no value, so matter what is searched for, it won’t be found. :type data: :param data: :type search_min: :param search_min: :type search_max: :param search_max: :return:

consecutive
min_addr
class cle.patched_stream.PatchedStream[source]

Bases: object

An object that wraps a readable stream, performing passthroughs on seek and read operations, except to make it seem like the data has actually been patched by the given patches.

__init__(stream, patches)[source]
Parameters:
  • stream – The stream to patch

  • patches – A list of tuples of (addr, patch data)

read(*args, **kwargs)[source]
seek(*args, **kwargs)[source]
tell()[source]
close()[source]
class cle.address_translator.AddressTranslator[source]

Bases: object

__init__(rva, owner)[source]
Parameters:
  • rva (int) – virtual address relative to owner’s object image base

  • owner (cle.Backend) – The object owner address relates to

classmethod from_lva(lva, owner)[source]

Loads address translator with LVA

classmethod from_mva(mva, owner)[source]

Loads address translator with MVA

classmethod from_rva(rva, owner)[source]

Loads address translator with RVA

classmethod from_raw(raw, owner)[source]

Loads address translator with RAW address

classmethod from_linked_va(lva, owner)

Loads address translator with LVA

classmethod from_va(mva, owner)

Loads address translator with MVA

classmethod from_mapped_va(mva, owner)

Loads address translator with MVA

classmethod from_relative_va(rva, owner)

Loads address translator with RVA

to_lva()[source]

VA -> LVA :rtype: int

to_mva()[source]

RVA -> MVA :rtype: int

to_rva()[source]

RVA -> RVA :rtype: int

to_raw()[source]

RVA -> RAW :rtype: int

to_linked_va()

VA -> LVA :rtype: int

to_va()

RVA -> MVA :rtype: int

to_mapped_va()

RVA -> MVA :rtype: int

to_relative_va()

RVA -> RVA :rtype: int

cle.address_translator.AT

alias of AddressTranslator

cle.utils.ALIGN_DOWN(base, size)[source]
cle.utils.ALIGN_UP(base, size)[source]
cle.utils.get_mmaped_data(stream, offset, length, page_size)[source]
cle.utils.stream_or_path(obj, perms='rb')[source]
cle.utils.key_bisect_floor_key(lst, key, lo=0, hi=None, keyfunc=<function <lambda>>)[source]
cle.utils.key_bisect_find(lst, item, lo=0, hi=None, keyfunc=<function <lambda>>)[source]
cle.utils.key_bisect_insort_left(lst, item, lo=0, hi=None, keyfunc=<function <lambda>>)[source]
cle.utils.key_bisect_insort_right(lst, item, lo=0, hi=None, keyfunc=<function <lambda>>)[source]
cle.utils.get_text_offset(path)[source]

Offset of text section in the binary.