documentation/doxygen/taintEngine_8hpp_source.html

/*

**  Copyright (C) - Triton

**

**  This program is under the terms of the Apache License 2.0.

*/


#ifndef TRITON_TAINTENGINE_H

#define TRITON_TAINTENGINE_H


#include <unordered_set>


#include <triton/dllexport.hpp>

#include <triton/memoryAccess.hpp>

#include <triton/modes.hpp>

#include <triton/register.hpp>

#include <triton/symbolicEngine.hpp>

#include <triton/tritonTypes.hpp>


namespace triton {

  namespace engines {

    namespace taint {

      const bool TAINTED = true;


      const bool UNTAINTED = !TAINTED;


      class TaintEngine {

        private:

          triton::modes::SharedModes modes;


          triton::engines::symbolic::SymbolicEngine* symbolicEngine;


          triton::arch::CpuInterface& cpu;


        protected:

          std::unordered_set<triton::uint64> taintedMemory;


          std::unordered_set<triton::arch::register_e> taintedRegisters;


        public:

          TRITON_EXPORT TaintEngine(const triton::modes::SharedModes& modes, triton::engines::symbolic::SymbolicEngine* symbolicEngine, triton::arch::CpuInterface& cpu);


          TRITON_EXPORT TaintEngine(const TaintEngine& other);


          TRITON_EXPORT TaintEngine& operator=(const TaintEngine& other);


          TRITON_EXPORT const std::unordered_set<triton::uint64>& getTaintedMemory(void) const;


          TRITON_EXPORT std::unordered_set<const triton::arch::Register*> getTaintedRegisters(void) const;


          TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const;


          TRITON_EXPORT bool isMemoryTainted(const triton::arch::MemoryAccess& mem, bool mode=true) const;


          TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register& reg) const;


          TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper& op) const;


          TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper& op, bool flag);


          TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess& mem, bool flag);


          TRITON_EXPORT bool setTaintRegister(const triton::arch::Register& reg, bool flag);


          TRITON_EXPORT bool taintMemory(triton::uint64 addr);


          TRITON_EXPORT bool taintMemory(const triton::arch::MemoryAccess& mem);


          TRITON_EXPORT bool taintRegister(const triton::arch::Register& reg);


          TRITON_EXPORT bool untaintMemory(triton::uint64 addr);


          TRITON_EXPORT bool untaintMemory(const triton::arch::MemoryAccess& mem);


          TRITON_EXPORT bool untaintRegister(const triton::arch::Register& reg);


          TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper& op1, const triton::arch::OperandWrapper& op2);


          TRITON_EXPORT bool taintUnion(const triton::arch::MemoryAccess& memDst, const triton::arch::Immediate& imm);


          TRITON_EXPORT bool taintUnion(const triton::arch::MemoryAccess& memDst, const triton::arch::MemoryAccess& memSrc);


          TRITON_EXPORT bool taintUnion(const triton::arch::MemoryAccess& memDst, const triton::arch::Register& regSrc);


          TRITON_EXPORT bool taintUnion(const triton::arch::Register& regDst, const triton::arch::Immediate& imm);


          TRITON_EXPORT bool taintUnion(const triton::arch::Register& regDst, const triton::arch::MemoryAccess& memSrc);


          TRITON_EXPORT bool taintUnion(const triton::arch::Register& regDst, const triton::arch::Register& regSrc);


          TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper& op1, const triton::arch::OperandWrapper& op2);


          TRITON_EXPORT bool taintAssignment(const triton::arch::MemoryAccess& memDst,  const triton::arch::Immediate& imm);


          TRITON_EXPORT bool taintAssignment(const triton::arch::MemoryAccess& memDst, const triton::arch::MemoryAccess& memSrc);


          TRITON_EXPORT bool taintAssignment(const triton::arch::MemoryAccess& memDst, const triton::arch::Register& regSrc);


          TRITON_EXPORT bool taintAssignment(const triton::arch::Register& regDst,  const triton::arch::Immediate& imm);


          TRITON_EXPORT bool taintAssignment(const triton::arch::Register& regDst, const triton::arch::MemoryAccess& memSrc);


          TRITON_EXPORT bool taintAssignment(const triton::arch::Register& regDst, const triton::arch::Register& regSrc);


        private:

          bool unionMemoryImmediate(const triton::arch::MemoryAccess& memDst);


          bool unionMemoryMemory(const triton::arch::MemoryAccess& memDst, const triton::arch::MemoryAccess& memSrc);


          bool unionMemoryRegister(const triton::arch::MemoryAccess& memDst, const triton::arch::Register& regSrc);


          bool unionRegisterImmediate(const triton::arch::Register& regDst);


          bool unionRegisterMemory(const triton::arch::Register& regDst, const triton::arch::MemoryAccess& memSrc);


          bool unionRegisterRegister(const triton::arch::Register& regDst, const triton::arch::Register& regSrc);


          bool assignmentMemoryImmediate(const triton::arch::MemoryAccess& memDst);


          bool assignmentMemoryMemory(const triton::arch::MemoryAccess& memDst, const triton::arch::MemoryAccess& memSrc);


          bool assignmentMemoryRegister(const triton::arch::MemoryAccess& memDst, const triton::arch::Register& regSrc);


          bool assignmentRegisterImmediate(const triton::arch::Register& regDst);


          bool assignmentRegisterMemory(const triton::arch::Register& regDst, const triton::arch::MemoryAccess& memSrc);


          bool assignmentRegisterRegister(const triton::arch::Register& regDst, const triton::arch::Register& regSrc);

      };


    };

  };

};


#endif /* !__TRITON_TAINTENGINE_H__ */

triton::arch::CpuInterface
This interface is used as abstract CPU interface. All CPU must use this interface.
Definition cpuInterface.hpp:42

triton::arch::Immediate
This class is used to represent an immediate.
Definition immediate.hpp:37

triton::arch::MemoryAccess
This class is used to represent a memory access.
Definition memoryAccess.hpp:40

triton::arch::OperandWrapper
This class is used as operand wrapper.
Definition operandWrapper.hpp:38

triton::arch::Register
This class is used when an instruction has a register operand.
Definition register.hpp:44

triton::engines::symbolic::SymbolicEngine
The symbolic engine class.
Definition symbolicEngine.hpp:62

triton::engines::taint::TaintEngine
The taint engine class.
Definition taintEngine.hpp:53

triton::engines::taint::TaintEngine::taintedRegisters
std::unordered_set< triton::arch::register_e > taintedRegisters
The set of tainted registers. Currently it is an over approximation of the taint.
Definition taintEngine.hpp:69

triton::engines::taint::TaintEngine::taintRegister
TRITON_EXPORT bool taintRegister(const triton::arch::Register &reg)
Taints a register. Returns TAINTED if the register has been tainted correctly. Otherwise it returns t...
Definition taintEngine.cpp:119

triton::engines::taint::TaintEngine::setTaint
TRITON_EXPORT bool setTaint(const triton::arch::OperandWrapper &op, bool flag)
Sets the flag (taint or untaint) to an abstract operand (Register or Memory).
Definition taintEngine.cpp:133

triton::engines::taint::TaintEngine::setTaintMemory
TRITON_EXPORT bool setTaintMemory(const triton::arch::MemoryAccess &mem, bool flag)
Sets the flag (taint or untaint) to a memory.
Definition taintEngine.cpp:145

triton::engines::taint::TaintEngine::untaintMemory
TRITON_EXPORT bool untaintMemory(triton::uint64 addr)
Untaints an address. Returns !TAINTED if the address has been untainted correctly....
Definition taintEngine.cpp:200

triton::engines::taint::TaintEngine::isTainted
TRITON_EXPORT bool isTainted(const triton::arch::OperandWrapper &op) const
Abstract taint verification. Returns true if the operand is tainted.
Definition taintEngine.cpp:107

triton::engines::taint::TaintEngine::getTaintedRegisters
TRITON_EXPORT std::unordered_set< const triton::arch::Register * > getTaintedRegisters(void) const
Returns the tainted registers.
Definition taintEngine.cpp:52

triton::engines::taint::TaintEngine::isMemoryTainted
TRITON_EXPORT bool isMemoryTainted(triton::uint64 addr, triton::uint32 size=1) const
Returns true if the addr is tainted.
Definition taintEngine.cpp:87

triton::engines::taint::TaintEngine::taintedMemory
std::unordered_set< triton::uint64 > taintedMemory
The set of tainted addresses.
Definition taintEngine.hpp:66

triton::engines::taint::TaintEngine::taintUnion
TRITON_EXPORT bool taintUnion(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract union tainting.
Definition taintEngine.cpp:207

triton::engines::taint::TaintEngine::setTaintRegister
TRITON_EXPORT bool setTaintRegister(const triton::arch::Register &reg, bool flag)
Sets the flag (taint or untaint) to a register.
Definition taintEngine.cpp:157

triton::engines::taint::TaintEngine::taintAssignment
TRITON_EXPORT bool taintAssignment(const triton::arch::OperandWrapper &op1, const triton::arch::OperandWrapper &op2)
Abstract assignment tainting.
Definition taintEngine.cpp:234

triton::engines::taint::TaintEngine::TaintEngine
TRITON_EXPORT TaintEngine(const triton::modes::SharedModes &modes, triton::engines::symbolic::SymbolicEngine *symbolicEngine, triton::arch::CpuInterface &cpu)
Constructor.
Definition taintEngine.cpp:17

triton::engines::taint::TaintEngine::untaintRegister
TRITON_EXPORT bool untaintRegister(const triton::arch::Register &reg)
Untaints a register. Returns !TAINTED if the register has been untainted correctly....
Definition taintEngine.cpp:126

triton::engines::taint::TaintEngine::taintMemory
TRITON_EXPORT bool taintMemory(triton::uint64 addr)
Taints an address. Returns TAINTED if the address has been tainted correctly. Otherwise it returns th...
Definition taintEngine.cpp:181

triton::engines::taint::TaintEngine::isRegisterTainted
TRITON_EXPORT bool isRegisterTainted(const triton::arch::Register &reg) const
Returns true if the register is tainted.
Definition taintEngine.cpp:98

triton::engines::taint::TaintEngine::getTaintedMemory
TRITON_EXPORT const std::unordered_set< triton::uint64 > & getTaintedMemory(void) const
Returns the tainted addresses.
Definition taintEngine.cpp:46

triton::engines::taint::TaintEngine::operator=
TRITON_EXPORT TaintEngine & operator=(const TaintEngine &other)
Copies a TaintEngine.
Definition taintEngine.cpp:35

dllexport.hpp

triton::modes::SharedModes
std::shared_ptr< triton::modes::Modes > SharedModes
Shared Modes.
Definition modes.hpp:66

triton::engines::taint::TAINTED
const bool TAINTED
Defines a tainted item.
Definition taintEngine.hpp:46

triton::engines::taint::UNTAINTED
const bool UNTAINTED
Defines an untainted item.
Definition taintEngine.hpp:49

triton::uint64
std::uint64_t uint64
unisgned 64-bits
Definition tritonTypes.hpp:42

triton::uint32
std::uint32_t uint32
unisgned 32-bits
Definition tritonTypes.hpp:39

memoryAccess.hpp

modes.hpp

triton
The Triton namespace.
Definition architecture.cpp:27

register.hpp

symbolicEngine.hpp

tritonTypes.hpp